This new version gets rid of the limitation that prevented KASAN kernels
to use the newly introduced parameters.
While looking into KASLR, I fell onto commit aacd149b6238 ("arm64: head:
avoid relocating the kernel twice for KASLR"): it allows to use the fdt
functions very early in the boot process with KASAN enabled by simply
compiling a new version of those functions without instrumentation.
I had to change the handling of the command line parsing to make the
code self-contained in kernel/pi/cmd_early.c to avoid calling too many
__pi prefixed functions from outside this file.
I'll use this approach like arm64 to handle the extraction of the random
seedi from the device tree for KASLR.
This patchset is rebased on top:
Introduce 64b relocatable kernel
(https://patchwork.kernel.org/project/linux-riscv/list/?series=734847)
base-commit-tag: v6.3-rc1
v9:
- Fix medlow builds by marking pi/ medany, as reported by Palmer
v8:
- Fix LLVM ld warning by moving the section .init.sdata from
kernel/pi/string.c into the newly created section .init.pidata
v7:
- Rebased on top of for-next which introduces lots of errors (thanks to
the patchwork CI)
- Add __NO_FORTIFY to avoid undefined __pi_fortify_panic
- Add an alias to our newly introduced strlen
- Remove __init as sections are already prefixed in the Makefile
- Introduce new section for kernel/pi/string.c to quiet the following
warnings (once we have all the string functions, we'll be able to get
rid of this):
warning: orphan section `.init__bug_table' from `arch/riscv/kernel/pi/string.pi.o' being placed in section `.init__bug_table'
warning: orphan section `.init.srodata.cst8' from `arch/riscv/kernel/pi/string.pi.o' being placed in section `.init.srodata.cst8'
v6:
- Fix llvm warning by forward declaring set_satp_mode_from_cmdline
v5:
- Handle null command line, Thanks Björn!
- Add RB/TB from Björn
v4:
- Introduce pi/ for KASAN to work
v3:
- Massage commit log to make no4lvl clearer, as asked by Conor
- Add a note to kernel-parameters.txt regarding the impossibility to use
those parameters when KASAN is enabled, as suggested by Conor
- Add RB from Björn
v2:
- Honor CMDLINE_EXTEND and CMDLINE_FORCE as noticed by Björn
Alexandre Ghiti (1):
riscv: Allow to downgrade paging mode from the command line
.../admin-guide/kernel-parameters.txt | 5 +-
arch/riscv/kernel/Makefile | 2 +
arch/riscv/kernel/pi/Makefile | 39 ++++++++++++
arch/riscv/kernel/pi/cmdline_early.c | 62 +++++++++++++++++++
arch/riscv/kernel/vmlinux.lds.S | 8 +++
arch/riscv/lib/memcpy.S | 2 +
arch/riscv/lib/memmove.S | 2 +
arch/riscv/lib/strlen.S | 1 +
arch/riscv/mm/init.c | 36 +++++++++--
9 files changed, 150 insertions(+), 7 deletions(-)
create mode 100644 arch/riscv/kernel/pi/Makefile
create mode 100644 arch/riscv/kernel/pi/cmdline_early.c
--
2.37.2
Add 2 early command line parameters that allow to downgrade satp mode
(using the same naming as x86):
- "no5lvl": use a 4-level page table (down from sv57 to sv48)
- "no4lvl": use a 3-level page table (down from sv57/sv48 to sv39)
Note that going through the device tree to get the kernel command line
works with ACPI too since the efi stub creates a device tree anyway with
the command line.
In KASAN kernels, we can't use the libfdt that early in the boot process
since we are not ready to execute instrumented functions. So instead of
using the "generic" libfdt, we compile our own versions of those functions
that are not instrumented and that are prefixed so that they do not
conflict with the generic ones. We also need the non-instrumented versions
of the string functions and the prefixed versions of memcpy/memmove.
This is largely inspired by commit aacd149b6238 ("arm64: head: avoid
relocating the kernel twice for KASLR") from which I removed compilation
flags that were not relevant to RISC-V at the moment (LTO, SCS, pie).
Signed-off-by: Alexandre Ghiti <[email protected]>
Tested-by: Björn Töpel <[email protected]>
Reviewed-by: Björn Töpel <[email protected]>
---
.../admin-guide/kernel-parameters.txt | 5 +-
arch/riscv/kernel/Makefile | 2 +
arch/riscv/kernel/pi/Makefile | 39 ++++++++++++
arch/riscv/kernel/pi/cmdline_early.c | 62 +++++++++++++++++++
arch/riscv/kernel/vmlinux.lds.S | 8 +++
arch/riscv/lib/memcpy.S | 2 +
arch/riscv/lib/memmove.S | 2 +
arch/riscv/lib/strlen.S | 1 +
arch/riscv/mm/init.c | 36 +++++++++--
9 files changed, 150 insertions(+), 7 deletions(-)
create mode 100644 arch/riscv/kernel/pi/Makefile
create mode 100644 arch/riscv/kernel/pi/cmdline_early.c
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 6221a1d057dd..accc400b43f1 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3576,7 +3576,10 @@
emulation library even if a 387 maths coprocessor
is present.
- no5lvl [X86-64] Disable 5-level paging mode. Forces
+ no4lvl [RISCV] Disable 4-level and 5-level paging modes. Forces
+ kernel to use 3-level paging instead.
+
+ no5lvl [X86-64,RISCV] Disable 5-level paging mode. Forces
kernel to use 4-level paging instead.
nofsgsbase [X86] Disables FSGSBASE instructions.
diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
index 4cf303a779ab..aa22f87faeae 100644
--- a/arch/riscv/kernel/Makefile
+++ b/arch/riscv/kernel/Makefile
@@ -89,3 +89,5 @@ obj-$(CONFIG_EFI) += efi.o
obj-$(CONFIG_COMPAT) += compat_syscall_table.o
obj-$(CONFIG_COMPAT) += compat_signal.o
obj-$(CONFIG_COMPAT) += compat_vdso/
+
+obj-$(CONFIG_64BIT) += pi/
diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
new file mode 100644
index 000000000000..42c58f4ab53b
--- /dev/null
+++ b/arch/riscv/kernel/pi/Makefile
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: GPL-2.0
+# This file was copied from arm64/kernel/pi/Makefile.
+
+KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
+ -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
+ $(call cc-option,-mbranch-protection=none) \
+ -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
+ -D__DISABLE_EXPORTS -ffreestanding \
+ -fno-asynchronous-unwind-tables -fno-unwind-tables \
+ $(call cc-option,-fno-addrsig)
+
+KBUILD_CFLAGS += -mcmodel=medany
+
+CFLAGS_cmdline_early.o += -D__NO_FORTIFY
+CFLAGS_lib-fdt_ro.o += -D__NO_FORTIFY
+
+GCOV_PROFILE := n
+KASAN_SANITIZE := n
+KCSAN_SANITIZE := n
+UBSAN_SANITIZE := n
+KCOV_INSTRUMENT := n
+
+$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ \
+ --remove-section=.note.gnu.property \
+ --prefix-alloc-sections=.init
+$(obj)/%.pi.o: $(obj)/%.o FORCE
+ $(call if_changed,objcopy)
+
+$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
+ $(call if_changed_rule,cc_o_c)
+
+$(obj)/string.o: $(srctree)/lib/string.c FORCE
+ $(call if_changed_rule,cc_o_c)
+
+$(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE
+ $(call if_changed_rule,cc_o_c)
+
+obj-y := cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt_ro.pi.o
+extra-y := $(patsubst %.pi.o,%.o,$(obj-y))
diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
new file mode 100644
index 000000000000..05652d13c746
--- /dev/null
+++ b/arch/riscv/kernel/pi/cmdline_early.c
@@ -0,0 +1,62 @@
+// SPDX-License-Identifier: GPL-2.0-only
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/libfdt.h>
+#include <linux/string.h>
+#include <asm/pgtable.h>
+#include <asm/setup.h>
+
+static char early_cmdline[COMMAND_LINE_SIZE];
+
+/*
+ * Declare the functions that are exported (but prefixed) here so that LLVM
+ * does not complain it lacks the 'static' keyword (which, if added, makes
+ * LLVM complain because the function is actually unused in this file).
+ */
+u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa);
+
+static char *get_early_cmdline(uintptr_t dtb_pa)
+{
+ const char *fdt_cmdline = NULL;
+ unsigned int fdt_cmdline_size = 0;
+ int chosen_node;
+
+ if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
+ chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen");
+ if (chosen_node >= 0) {
+ fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node,
+ "bootargs", NULL);
+ if (fdt_cmdline) {
+ fdt_cmdline_size = strlen(fdt_cmdline);
+ strscpy(early_cmdline, fdt_cmdline,
+ COMMAND_LINE_SIZE);
+ }
+ }
+ }
+
+ if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
+ IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
+ fdt_cmdline_size == 0 /* CONFIG_CMDLINE_FALLBACK */) {
+ strncat(early_cmdline, CONFIG_CMDLINE,
+ COMMAND_LINE_SIZE - fdt_cmdline_size);
+ }
+
+ return early_cmdline;
+}
+
+static u64 match_noXlvl(char *cmdline)
+{
+ if (strstr(cmdline, "no4lvl"))
+ return SATP_MODE_48;
+ else if (strstr(cmdline, "no5lvl"))
+ return SATP_MODE_57;
+
+ return 0;
+}
+
+u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa)
+{
+ char *cmdline = get_early_cmdline(dtb_pa);
+
+ return match_noXlvl(cmdline);
+}
diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
index 615ff5842690..b12a843ad426 100644
--- a/arch/riscv/kernel/vmlinux.lds.S
+++ b/arch/riscv/kernel/vmlinux.lds.S
@@ -83,6 +83,14 @@ SECTIONS
/* Start of init data section */
__init_data_begin = .;
INIT_DATA_SECTION(16)
+
+ /* Those sections result from the compilation of kernel/pi/string.c */
+ .init.pidata : {
+ *(.init.srodata.cst8*)
+ *(.init__bug_table*)
+ *(.init.sdata*)
+ }
+
.init.bss : {
*(.init.bss) /* from the EFI stub */
}
diff --git a/arch/riscv/lib/memcpy.S b/arch/riscv/lib/memcpy.S
index 51ab716253fa..1a40d01a9543 100644
--- a/arch/riscv/lib/memcpy.S
+++ b/arch/riscv/lib/memcpy.S
@@ -106,3 +106,5 @@ WEAK(memcpy)
6:
ret
END(__memcpy)
+SYM_FUNC_ALIAS(__pi_memcpy, __memcpy)
+SYM_FUNC_ALIAS(__pi___memcpy, __memcpy)
diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S
index e0609e1f0864..838ff2022fe3 100644
--- a/arch/riscv/lib/memmove.S
+++ b/arch/riscv/lib/memmove.S
@@ -314,3 +314,5 @@ return_from_memmove:
SYM_FUNC_END(memmove)
SYM_FUNC_END(__memmove)
+SYM_FUNC_ALIAS(__pi_memmove, __memmove)
+SYM_FUNC_ALIAS(__pi___memmove, __memmove)
diff --git a/arch/riscv/lib/strlen.S b/arch/riscv/lib/strlen.S
index 15bb8f3aa959..9d0055616f7b 100644
--- a/arch/riscv/lib/strlen.S
+++ b/arch/riscv/lib/strlen.S
@@ -131,3 +131,4 @@ strlen_zbb:
.option pop
#endif
SYM_FUNC_END(strlen)
+SYM_FUNC_ALIAS(__pi_strlen, strlen)
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
index bce899b180cd..3ad771571c2d 100644
--- a/arch/riscv/mm/init.c
+++ b/arch/riscv/mm/init.c
@@ -746,6 +746,8 @@ static __init pgprot_t pgprot_from_va(uintptr_t va)
#endif /* CONFIG_STRICT_KERNEL_RWX */
#if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
+u64 __pi_set_satp_mode_from_cmdline(uintptr_t dtb_pa);
+
static void __init disable_pgtable_l5(void)
{
pgtable_l5_enabled = false;
@@ -760,17 +762,39 @@ static void __init disable_pgtable_l4(void)
satp_mode = SATP_MODE_39;
}
+static int __init print_no4lvl(char *p)
+{
+ pr_info("Disabled 4-level and 5-level paging");
+ return 0;
+}
+early_param("no4lvl", print_no4lvl);
+
+static int __init print_no5lvl(char *p)
+{
+ pr_info("Disabled 5-level paging");
+ return 0;
+}
+early_param("no5lvl", print_no5lvl);
+
/*
* There is a simple way to determine if 4-level is supported by the
* underlying hardware: establish 1:1 mapping in 4-level page table mode
* then read SATP to see if the configuration was taken into account
* meaning sv48 is supported.
*/
-static __init void set_satp_mode(void)
+static __init void set_satp_mode(uintptr_t dtb_pa)
{
u64 identity_satp, hw_satp;
uintptr_t set_satp_mode_pmd = ((unsigned long)set_satp_mode) & PMD_MASK;
- bool check_l4 = false;
+ u64 satp_mode_cmdline = __pi_set_satp_mode_from_cmdline(dtb_pa);
+
+ if (satp_mode_cmdline == SATP_MODE_57) {
+ disable_pgtable_l5();
+ } else if (satp_mode_cmdline == SATP_MODE_48) {
+ disable_pgtable_l5();
+ disable_pgtable_l4();
+ return;
+ }
create_p4d_mapping(early_p4d,
set_satp_mode_pmd, (uintptr_t)early_pud,
@@ -789,7 +813,8 @@ static __init void set_satp_mode(void)
retry:
create_pgd_mapping(early_pg_dir,
set_satp_mode_pmd,
- check_l4 ? (uintptr_t)early_pud : (uintptr_t)early_p4d,
+ pgtable_l5_enabled ?
+ (uintptr_t)early_p4d : (uintptr_t)early_pud,
PGDIR_SIZE, PAGE_TABLE);
identity_satp = PFN_DOWN((uintptr_t)&early_pg_dir) | satp_mode;
@@ -800,9 +825,8 @@ static __init void set_satp_mode(void)
local_flush_tlb_all();
if (hw_satp != identity_satp) {
- if (!check_l4) {
+ if (pgtable_l5_enabled) {
disable_pgtable_l5();
- check_l4 = true;
memset(early_pg_dir, 0, PAGE_SIZE);
goto retry;
}
@@ -1031,7 +1055,7 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa)
#endif
#if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
- set_satp_mode();
+ set_satp_mode(dtb_pa);
#endif
/*
--
2.37.2
On Tue, 28 Mar 2023 22:09:51 PDT (-0700), [email protected] wrote:
> Add 2 early command line parameters that allow to downgrade satp mode
> (using the same naming as x86):
> - "no5lvl": use a 4-level page table (down from sv57 to sv48)
> - "no4lvl": use a 3-level page table (down from sv57/sv48 to sv39)
>
> Note that going through the device tree to get the kernel command line
> works with ACPI too since the efi stub creates a device tree anyway with
> the command line.
>
> In KASAN kernels, we can't use the libfdt that early in the boot process
> since we are not ready to execute instrumented functions. So instead of
> using the "generic" libfdt, we compile our own versions of those functions
> that are not instrumented and that are prefixed so that they do not
> conflict with the generic ones. We also need the non-instrumented versions
> of the string functions and the prefixed versions of memcpy/memmove.
>
> This is largely inspired by commit aacd149b6238 ("arm64: head: avoid
> relocating the kernel twice for KASLR") from which I removed compilation
> flags that were not relevant to RISC-V at the moment (LTO, SCS, pie).
>
> Signed-off-by: Alexandre Ghiti <[email protected]>
> Tested-by: Björn Töpel <[email protected]>
> Reviewed-by: Björn Töpel <[email protected]>
> ---
> .../admin-guide/kernel-parameters.txt | 5 +-
> arch/riscv/kernel/Makefile | 2 +
> arch/riscv/kernel/pi/Makefile | 39 ++++++++++++
> arch/riscv/kernel/pi/cmdline_early.c | 62 +++++++++++++++++++
> arch/riscv/kernel/vmlinux.lds.S | 8 +++
> arch/riscv/lib/memcpy.S | 2 +
> arch/riscv/lib/memmove.S | 2 +
> arch/riscv/lib/strlen.S | 1 +
> arch/riscv/mm/init.c | 36 +++++++++--
> 9 files changed, 150 insertions(+), 7 deletions(-)
> create mode 100644 arch/riscv/kernel/pi/Makefile
> create mode 100644 arch/riscv/kernel/pi/cmdline_early.c
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 6221a1d057dd..accc400b43f1 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -3576,7 +3576,10 @@
> emulation library even if a 387 maths coprocessor
> is present.
>
> - no5lvl [X86-64] Disable 5-level paging mode. Forces
> + no4lvl [RISCV] Disable 4-level and 5-level paging modes. Forces
> + kernel to use 3-level paging instead.
> +
> + no5lvl [X86-64,RISCV] Disable 5-level paging mode. Forces
> kernel to use 4-level paging instead.
>
> nofsgsbase [X86] Disables FSGSBASE instructions.
> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
> index 4cf303a779ab..aa22f87faeae 100644
> --- a/arch/riscv/kernel/Makefile
> +++ b/arch/riscv/kernel/Makefile
> @@ -89,3 +89,5 @@ obj-$(CONFIG_EFI) += efi.o
> obj-$(CONFIG_COMPAT) += compat_syscall_table.o
> obj-$(CONFIG_COMPAT) += compat_signal.o
> obj-$(CONFIG_COMPAT) += compat_vdso/
> +
> +obj-$(CONFIG_64BIT) += pi/
> diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
> new file mode 100644
> index 000000000000..42c58f4ab53b
> --- /dev/null
> +++ b/arch/riscv/kernel/pi/Makefile
> @@ -0,0 +1,39 @@
> +# SPDX-License-Identifier: GPL-2.0
> +# This file was copied from arm64/kernel/pi/Makefile.
> +
> +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> + -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
> + $(call cc-option,-mbranch-protection=none) \
> + -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
> + -D__DISABLE_EXPORTS -ffreestanding \
> + -fno-asynchronous-unwind-tables -fno-unwind-tables \
> + $(call cc-option,-fno-addrsig)
> +
> +KBUILD_CFLAGS += -mcmodel=medany
> +
> +CFLAGS_cmdline_early.o += -D__NO_FORTIFY
> +CFLAGS_lib-fdt_ro.o += -D__NO_FORTIFY
> +
> +GCOV_PROFILE := n
> +KASAN_SANITIZE := n
> +KCSAN_SANITIZE := n
> +UBSAN_SANITIZE := n
> +KCOV_INSTRUMENT := n
> +
> +$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ \
> + --remove-section=.note.gnu.property \
> + --prefix-alloc-sections=.init
> +$(obj)/%.pi.o: $(obj)/%.o FORCE
> + $(call if_changed,objcopy)
> +
> +$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +$(obj)/string.o: $(srctree)/lib/string.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +$(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +obj-y := cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt_ro.pi.o
> +extra-y := $(patsubst %.pi.o,%.o,$(obj-y))
> diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
> new file mode 100644
> index 000000000000..05652d13c746
> --- /dev/null
> +++ b/arch/riscv/kernel/pi/cmdline_early.c
> @@ -0,0 +1,62 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +#include <linux/types.h>
> +#include <linux/init.h>
> +#include <linux/libfdt.h>
> +#include <linux/string.h>
> +#include <asm/pgtable.h>
> +#include <asm/setup.h>
> +
> +static char early_cmdline[COMMAND_LINE_SIZE];
> +
> +/*
> + * Declare the functions that are exported (but prefixed) here so that LLVM
> + * does not complain it lacks the 'static' keyword (which, if added, makes
> + * LLVM complain because the function is actually unused in this file).
> + */
> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa);
> +
> +static char *get_early_cmdline(uintptr_t dtb_pa)
> +{
> + const char *fdt_cmdline = NULL;
> + unsigned int fdt_cmdline_size = 0;
> + int chosen_node;
> +
> + if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
> + chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen");
> + if (chosen_node >= 0) {
> + fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node,
> + "bootargs", NULL);
> + if (fdt_cmdline) {
> + fdt_cmdline_size = strlen(fdt_cmdline);
> + strscpy(early_cmdline, fdt_cmdline,
> + COMMAND_LINE_SIZE);
> + }
> + }
> + }
> +
> + if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
> + IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
> + fdt_cmdline_size == 0 /* CONFIG_CMDLINE_FALLBACK */) {
> + strncat(early_cmdline, CONFIG_CMDLINE,
> + COMMAND_LINE_SIZE - fdt_cmdline_size);
> + }
> +
> + return early_cmdline;
> +}
> +
> +static u64 match_noXlvl(char *cmdline)
> +{
> + if (strstr(cmdline, "no4lvl"))
> + return SATP_MODE_48;
> + else if (strstr(cmdline, "no5lvl"))
> + return SATP_MODE_57;
> +
> + return 0;
> +}
> +
> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa)
> +{
> + char *cmdline = get_early_cmdline(dtb_pa);
> +
> + return match_noXlvl(cmdline);
> +}
> diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
> index 615ff5842690..b12a843ad426 100644
> --- a/arch/riscv/kernel/vmlinux.lds.S
> +++ b/arch/riscv/kernel/vmlinux.lds.S
> @@ -83,6 +83,14 @@ SECTIONS
> /* Start of init data section */
> __init_data_begin = .;
> INIT_DATA_SECTION(16)
> +
> + /* Those sections result from the compilation of kernel/pi/string.c */
> + .init.pidata : {
> + *(.init.srodata.cst8*)
> + *(.init__bug_table*)
> + *(.init.sdata*)
> + }
> +
> .init.bss : {
> *(.init.bss) /* from the EFI stub */
> }
> diff --git a/arch/riscv/lib/memcpy.S b/arch/riscv/lib/memcpy.S
> index 51ab716253fa..1a40d01a9543 100644
> --- a/arch/riscv/lib/memcpy.S
> +++ b/arch/riscv/lib/memcpy.S
> @@ -106,3 +106,5 @@ WEAK(memcpy)
> 6:
> ret
> END(__memcpy)
> +SYM_FUNC_ALIAS(__pi_memcpy, __memcpy)
> +SYM_FUNC_ALIAS(__pi___memcpy, __memcpy)
> diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S
> index e0609e1f0864..838ff2022fe3 100644
> --- a/arch/riscv/lib/memmove.S
> +++ b/arch/riscv/lib/memmove.S
> @@ -314,3 +314,5 @@ return_from_memmove:
>
> SYM_FUNC_END(memmove)
> SYM_FUNC_END(__memmove)
> +SYM_FUNC_ALIAS(__pi_memmove, __memmove)
> +SYM_FUNC_ALIAS(__pi___memmove, __memmove)
> diff --git a/arch/riscv/lib/strlen.S b/arch/riscv/lib/strlen.S
> index 15bb8f3aa959..9d0055616f7b 100644
> --- a/arch/riscv/lib/strlen.S
> +++ b/arch/riscv/lib/strlen.S
> @@ -131,3 +131,4 @@ strlen_zbb:
> .option pop
> #endif
> SYM_FUNC_END(strlen)
> +SYM_FUNC_ALIAS(__pi_strlen, strlen)
> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
> index bce899b180cd..3ad771571c2d 100644
> --- a/arch/riscv/mm/init.c
> +++ b/arch/riscv/mm/init.c
> @@ -746,6 +746,8 @@ static __init pgprot_t pgprot_from_va(uintptr_t va)
> #endif /* CONFIG_STRICT_KERNEL_RWX */
>
> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
> +u64 __pi_set_satp_mode_from_cmdline(uintptr_t dtb_pa);
> +
> static void __init disable_pgtable_l5(void)
> {
> pgtable_l5_enabled = false;
> @@ -760,17 +762,39 @@ static void __init disable_pgtable_l4(void)
> satp_mode = SATP_MODE_39;
> }
>
> +static int __init print_no4lvl(char *p)
> +{
> + pr_info("Disabled 4-level and 5-level paging");
> + return 0;
> +}
> +early_param("no4lvl", print_no4lvl);
> +
> +static int __init print_no5lvl(char *p)
> +{
> + pr_info("Disabled 5-level paging");
> + return 0;
> +}
> +early_param("no5lvl", print_no5lvl);
> +
> /*
> * There is a simple way to determine if 4-level is supported by the
> * underlying hardware: establish 1:1 mapping in 4-level page table mode
> * then read SATP to see if the configuration was taken into account
> * meaning sv48 is supported.
> */
> -static __init void set_satp_mode(void)
> +static __init void set_satp_mode(uintptr_t dtb_pa)
> {
> u64 identity_satp, hw_satp;
> uintptr_t set_satp_mode_pmd = ((unsigned long)set_satp_mode) & PMD_MASK;
> - bool check_l4 = false;
> + u64 satp_mode_cmdline = __pi_set_satp_mode_from_cmdline(dtb_pa);
> +
> + if (satp_mode_cmdline == SATP_MODE_57) {
> + disable_pgtable_l5();
> + } else if (satp_mode_cmdline == SATP_MODE_48) {
> + disable_pgtable_l5();
> + disable_pgtable_l4();
> + return;
> + }
>
> create_p4d_mapping(early_p4d,
> set_satp_mode_pmd, (uintptr_t)early_pud,
> @@ -789,7 +813,8 @@ static __init void set_satp_mode(void)
> retry:
> create_pgd_mapping(early_pg_dir,
> set_satp_mode_pmd,
> - check_l4 ? (uintptr_t)early_pud : (uintptr_t)early_p4d,
> + pgtable_l5_enabled ?
> + (uintptr_t)early_p4d : (uintptr_t)early_pud,
> PGDIR_SIZE, PAGE_TABLE);
>
> identity_satp = PFN_DOWN((uintptr_t)&early_pg_dir) | satp_mode;
> @@ -800,9 +825,8 @@ static __init void set_satp_mode(void)
> local_flush_tlb_all();
>
> if (hw_satp != identity_satp) {
> - if (!check_l4) {
> + if (pgtable_l5_enabled) {
> disable_pgtable_l5();
> - check_l4 = true;
> memset(early_pg_dir, 0, PAGE_SIZE);
> goto retry;
> }
> @@ -1031,7 +1055,7 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa)
> #endif
>
> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
> - set_satp_mode();
> + set_satp_mode(dtb_pa);
> #endif
>
> /*
Alex found that we're missing -fpie, which was causing the LLVM boot
failures. I'm just going to squash in
diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
index 42c58f4ab53b..5d7cb991f2b8 100644
--- a/arch/riscv/kernel/pi/Makefile
+++ b/arch/riscv/kernel/pi/Makefile
@@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
# This file was copied from arm64/kernel/pi/Makefile.
-KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
+KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) -fpie \
-Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
$(call cc-option,-mbranch-protection=none) \
-I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
Hello:
This patch was applied to riscv/linux.git (for-next)
by Palmer Dabbelt <[email protected]>:
On Wed, 29 Mar 2023 07:09:50 +0200 you wrote:
> This new version gets rid of the limitation that prevented KASAN kernels
> to use the newly introduced parameters.
>
> While looking into KASLR, I fell onto commit aacd149b6238 ("arm64: head:
> avoid relocating the kernel twice for KASLR"): it allows to use the fdt
> functions very early in the boot process with KASAN enabled by simply
> compiling a new version of those functions without instrumentation.
>
> [...]
Here is the summary with links:
- [v9,1/1] riscv: Allow to downgrade paging mode from the command line
https://git.kernel.org/riscv/c/c070bcfdb2fa
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
On Thu, 20 Apr 2023 10:36:43 PDT (-0700), Palmer Dabbelt wrote:
> On Tue, 28 Mar 2023 22:09:51 PDT (-0700), [email protected] wrote:
>> Add 2 early command line parameters that allow to downgrade satp mode
>> (using the same naming as x86):
>> - "no5lvl": use a 4-level page table (down from sv57 to sv48)
>> - "no4lvl": use a 3-level page table (down from sv57/sv48 to sv39)
>>
>> Note that going through the device tree to get the kernel command line
>> works with ACPI too since the efi stub creates a device tree anyway with
>> the command line.
>>
>> In KASAN kernels, we can't use the libfdt that early in the boot process
>> since we are not ready to execute instrumented functions. So instead of
>> using the "generic" libfdt, we compile our own versions of those functions
>> that are not instrumented and that are prefixed so that they do not
>> conflict with the generic ones. We also need the non-instrumented versions
>> of the string functions and the prefixed versions of memcpy/memmove.
>>
>> This is largely inspired by commit aacd149b6238 ("arm64: head: avoid
>> relocating the kernel twice for KASLR") from which I removed compilation
>> flags that were not relevant to RISC-V at the moment (LTO, SCS, pie).
>>
>> Signed-off-by: Alexandre Ghiti <[email protected]>
>> Tested-by: Björn Töpel <[email protected]>
>> Reviewed-by: Björn Töpel <[email protected]>
>> ---
>> .../admin-guide/kernel-parameters.txt | 5 +-
>> arch/riscv/kernel/Makefile | 2 +
>> arch/riscv/kernel/pi/Makefile | 39 ++++++++++++
>> arch/riscv/kernel/pi/cmdline_early.c | 62 +++++++++++++++++++
>> arch/riscv/kernel/vmlinux.lds.S | 8 +++
>> arch/riscv/lib/memcpy.S | 2 +
>> arch/riscv/lib/memmove.S | 2 +
>> arch/riscv/lib/strlen.S | 1 +
>> arch/riscv/mm/init.c | 36 +++++++++--
>> 9 files changed, 150 insertions(+), 7 deletions(-)
>> create mode 100644 arch/riscv/kernel/pi/Makefile
>> create mode 100644 arch/riscv/kernel/pi/cmdline_early.c
>>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index 6221a1d057dd..accc400b43f1 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -3576,7 +3576,10 @@
>> emulation library even if a 387 maths coprocessor
>> is present.
>>
>> - no5lvl [X86-64] Disable 5-level paging mode. Forces
>> + no4lvl [RISCV] Disable 4-level and 5-level paging modes. Forces
>> + kernel to use 3-level paging instead.
>> +
>> + no5lvl [X86-64,RISCV] Disable 5-level paging mode. Forces
>> kernel to use 4-level paging instead.
>>
>> nofsgsbase [X86] Disables FSGSBASE instructions.
>> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
>> index 4cf303a779ab..aa22f87faeae 100644
>> --- a/arch/riscv/kernel/Makefile
>> +++ b/arch/riscv/kernel/Makefile
>> @@ -89,3 +89,5 @@ obj-$(CONFIG_EFI) += efi.o
>> obj-$(CONFIG_COMPAT) += compat_syscall_table.o
>> obj-$(CONFIG_COMPAT) += compat_signal.o
>> obj-$(CONFIG_COMPAT) += compat_vdso/
>> +
>> +obj-$(CONFIG_64BIT) += pi/
>> diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
>> new file mode 100644
>> index 000000000000..42c58f4ab53b
>> --- /dev/null
>> +++ b/arch/riscv/kernel/pi/Makefile
>> @@ -0,0 +1,39 @@
>> +# SPDX-License-Identifier: GPL-2.0
>> +# This file was copied from arm64/kernel/pi/Makefile.
>> +
>> +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>> + -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
>> + $(call cc-option,-mbranch-protection=none) \
>> + -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
>> + -D__DISABLE_EXPORTS -ffreestanding \
>> + -fno-asynchronous-unwind-tables -fno-unwind-tables \
>> + $(call cc-option,-fno-addrsig)
>> +
>> +KBUILD_CFLAGS += -mcmodel=medany
>> +
>> +CFLAGS_cmdline_early.o += -D__NO_FORTIFY
>> +CFLAGS_lib-fdt_ro.o += -D__NO_FORTIFY
>> +
>> +GCOV_PROFILE := n
>> +KASAN_SANITIZE := n
>> +KCSAN_SANITIZE := n
>> +UBSAN_SANITIZE := n
>> +KCOV_INSTRUMENT := n
>> +
>> +$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ \
>> + --remove-section=.note.gnu.property \
>> + --prefix-alloc-sections=.init
>> +$(obj)/%.pi.o: $(obj)/%.o FORCE
>> + $(call if_changed,objcopy)
>> +
>> +$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
>> + $(call if_changed_rule,cc_o_c)
>> +
>> +$(obj)/string.o: $(srctree)/lib/string.c FORCE
>> + $(call if_changed_rule,cc_o_c)
>> +
>> +$(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE
>> + $(call if_changed_rule,cc_o_c)
>> +
>> +obj-y := cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt_ro.pi.o
>> +extra-y := $(patsubst %.pi.o,%.o,$(obj-y))
>> diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
>> new file mode 100644
>> index 000000000000..05652d13c746
>> --- /dev/null
>> +++ b/arch/riscv/kernel/pi/cmdline_early.c
>> @@ -0,0 +1,62 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +#include <linux/types.h>
>> +#include <linux/init.h>
>> +#include <linux/libfdt.h>
>> +#include <linux/string.h>
>> +#include <asm/pgtable.h>
>> +#include <asm/setup.h>
>> +
>> +static char early_cmdline[COMMAND_LINE_SIZE];
>> +
>> +/*
>> + * Declare the functions that are exported (but prefixed) here so that LLVM
>> + * does not complain it lacks the 'static' keyword (which, if added, makes
>> + * LLVM complain because the function is actually unused in this file).
>> + */
>> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa);
>> +
>> +static char *get_early_cmdline(uintptr_t dtb_pa)
>> +{
>> + const char *fdt_cmdline = NULL;
>> + unsigned int fdt_cmdline_size = 0;
>> + int chosen_node;
>> +
>> + if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
>> + chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen");
>> + if (chosen_node >= 0) {
>> + fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node,
>> + "bootargs", NULL);
>> + if (fdt_cmdline) {
>> + fdt_cmdline_size = strlen(fdt_cmdline);
>> + strscpy(early_cmdline, fdt_cmdline,
>> + COMMAND_LINE_SIZE);
>> + }
>> + }
>> + }
>> +
>> + if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
>> + IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
>> + fdt_cmdline_size == 0 /* CONFIG_CMDLINE_FALLBACK */) {
>> + strncat(early_cmdline, CONFIG_CMDLINE,
>> + COMMAND_LINE_SIZE - fdt_cmdline_size);
>> + }
>> +
>> + return early_cmdline;
>> +}
>> +
>> +static u64 match_noXlvl(char *cmdline)
>> +{
>> + if (strstr(cmdline, "no4lvl"))
>> + return SATP_MODE_48;
>> + else if (strstr(cmdline, "no5lvl"))
>> + return SATP_MODE_57;
>> +
>> + return 0;
>> +}
>> +
>> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa)
>> +{
>> + char *cmdline = get_early_cmdline(dtb_pa);
>> +
>> + return match_noXlvl(cmdline);
>> +}
>> diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S
>> index 615ff5842690..b12a843ad426 100644
>> --- a/arch/riscv/kernel/vmlinux.lds.S
>> +++ b/arch/riscv/kernel/vmlinux.lds.S
>> @@ -83,6 +83,14 @@ SECTIONS
>> /* Start of init data section */
>> __init_data_begin = .;
>> INIT_DATA_SECTION(16)
>> +
>> + /* Those sections result from the compilation of kernel/pi/string.c */
>> + .init.pidata : {
>> + *(.init.srodata.cst8*)
>> + *(.init__bug_table*)
>> + *(.init.sdata*)
>> + }
>> +
>> .init.bss : {
>> *(.init.bss) /* from the EFI stub */
>> }
>> diff --git a/arch/riscv/lib/memcpy.S b/arch/riscv/lib/memcpy.S
>> index 51ab716253fa..1a40d01a9543 100644
>> --- a/arch/riscv/lib/memcpy.S
>> +++ b/arch/riscv/lib/memcpy.S
>> @@ -106,3 +106,5 @@ WEAK(memcpy)
>> 6:
>> ret
>> END(__memcpy)
>> +SYM_FUNC_ALIAS(__pi_memcpy, __memcpy)
>> +SYM_FUNC_ALIAS(__pi___memcpy, __memcpy)
>> diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S
>> index e0609e1f0864..838ff2022fe3 100644
>> --- a/arch/riscv/lib/memmove.S
>> +++ b/arch/riscv/lib/memmove.S
>> @@ -314,3 +314,5 @@ return_from_memmove:
>>
>> SYM_FUNC_END(memmove)
>> SYM_FUNC_END(__memmove)
>> +SYM_FUNC_ALIAS(__pi_memmove, __memmove)
>> +SYM_FUNC_ALIAS(__pi___memmove, __memmove)
>> diff --git a/arch/riscv/lib/strlen.S b/arch/riscv/lib/strlen.S
>> index 15bb8f3aa959..9d0055616f7b 100644
>> --- a/arch/riscv/lib/strlen.S
>> +++ b/arch/riscv/lib/strlen.S
>> @@ -131,3 +131,4 @@ strlen_zbb:
>> .option pop
>> #endif
>> SYM_FUNC_END(strlen)
>> +SYM_FUNC_ALIAS(__pi_strlen, strlen)
>> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
>> index bce899b180cd..3ad771571c2d 100644
>> --- a/arch/riscv/mm/init.c
>> +++ b/arch/riscv/mm/init.c
>> @@ -746,6 +746,8 @@ static __init pgprot_t pgprot_from_va(uintptr_t va)
>> #endif /* CONFIG_STRICT_KERNEL_RWX */
>>
>> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
>> +u64 __pi_set_satp_mode_from_cmdline(uintptr_t dtb_pa);
>> +
>> static void __init disable_pgtable_l5(void)
>> {
>> pgtable_l5_enabled = false;
>> @@ -760,17 +762,39 @@ static void __init disable_pgtable_l4(void)
>> satp_mode = SATP_MODE_39;
>> }
>>
>> +static int __init print_no4lvl(char *p)
>> +{
>> + pr_info("Disabled 4-level and 5-level paging");
>> + return 0;
>> +}
>> +early_param("no4lvl", print_no4lvl);
>> +
>> +static int __init print_no5lvl(char *p)
>> +{
>> + pr_info("Disabled 5-level paging");
>> + return 0;
>> +}
>> +early_param("no5lvl", print_no5lvl);
>> +
>> /*
>> * There is a simple way to determine if 4-level is supported by the
>> * underlying hardware: establish 1:1 mapping in 4-level page table mode
>> * then read SATP to see if the configuration was taken into account
>> * meaning sv48 is supported.
>> */
>> -static __init void set_satp_mode(void)
>> +static __init void set_satp_mode(uintptr_t dtb_pa)
>> {
>> u64 identity_satp, hw_satp;
>> uintptr_t set_satp_mode_pmd = ((unsigned long)set_satp_mode) & PMD_MASK;
>> - bool check_l4 = false;
>> + u64 satp_mode_cmdline = __pi_set_satp_mode_from_cmdline(dtb_pa);
>> +
>> + if (satp_mode_cmdline == SATP_MODE_57) {
>> + disable_pgtable_l5();
>> + } else if (satp_mode_cmdline == SATP_MODE_48) {
>> + disable_pgtable_l5();
>> + disable_pgtable_l4();
>> + return;
>> + }
>>
>> create_p4d_mapping(early_p4d,
>> set_satp_mode_pmd, (uintptr_t)early_pud,
>> @@ -789,7 +813,8 @@ static __init void set_satp_mode(void)
>> retry:
>> create_pgd_mapping(early_pg_dir,
>> set_satp_mode_pmd,
>> - check_l4 ? (uintptr_t)early_pud : (uintptr_t)early_p4d,
>> + pgtable_l5_enabled ?
>> + (uintptr_t)early_p4d : (uintptr_t)early_pud,
>> PGDIR_SIZE, PAGE_TABLE);
>>
>> identity_satp = PFN_DOWN((uintptr_t)&early_pg_dir) | satp_mode;
>> @@ -800,9 +825,8 @@ static __init void set_satp_mode(void)
>> local_flush_tlb_all();
>>
>> if (hw_satp != identity_satp) {
>> - if (!check_l4) {
>> + if (pgtable_l5_enabled) {
>> disable_pgtable_l5();
>> - check_l4 = true;
>> memset(early_pg_dir, 0, PAGE_SIZE);
>> goto retry;
>> }
>> @@ -1031,7 +1055,7 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa)
>> #endif
>>
>> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL)
>> - set_satp_mode();
>> + set_satp_mode(dtb_pa);
>> #endif
>>
>> /*
>
> Alex found that we're missing -fpie, which was causing the LLVM boot
> failures. I'm just going to squash in
>
> diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
> index 42c58f4ab53b..5d7cb991f2b8 100644
> --- a/arch/riscv/kernel/pi/Makefile
> +++ b/arch/riscv/kernel/pi/Makefile
> @@ -1,7 +1,7 @@
> # SPDX-License-Identifier: GPL-2.0
> # This file was copied from arm64/kernel/pi/Makefile.
>
> -KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) -fpie \
> -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
> $(call cc-option,-mbranch-protection=none) \
> -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
Looks like we got a bit ahead of ourselves, this trips up some warnings
like
riscv64-unknown-linux-gnu-ld: warning: orphan section `.got' from `init/main.o' being placed in section `.got'
riscv64-unknown-linux-gnu-ld: warning: orphan section `.got.plt' from `init/main.o' being placed in section `.got.plt'
I'm going to drop this for now, Alex is looking at a better fix. Sorry
for the churn!