Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4220245pxb; Mon, 8 Feb 2021 10:41:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJyWv9coeBgZ3OeMuLZiQ/zL1UnaIRGpER+qfrA7RZunoLbyDZbNzsiAex2fTPRCnOYCzJyJ X-Received: by 2002:a17:906:c010:: with SMTP id e16mr17853062ejz.91.1612809675258; Mon, 08 Feb 2021 10:41:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612809675; cv=none; d=google.com; s=arc-20160816; b=gSHthv9/0OELYzZxKDvlWHZOafHfGe8WSMBgC1dFESEXKvGnSXImJa9V6fR3Ua/YnQ nnuwDVSwWu8pLAsIvsflZQrm5PYL1Rqh3YioDhaDuQIWGkyrL96n99gnZNXtp6labFce qr9bcQrK1o73e4plHlJMeBKWmubVoaOo3KmH4og+PKKJbpmR0SFJzRVgPxREMcc6hSKa rGiESKu3Bhfxckm1TD0Y7q9K2gxa330x85dEyFGZGfcTmwAMoCxhn39KOXm7lV/jSCUC SmXxNG/pHOGcULCQsKDUdMUBm9GdJhr5Ls1ztPWeQxw5ZnMwyHUQxi66Kq/0wvVOcj4B nvNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:user-agent:references:in-reply-to :subject:cc:to:from:date:content-transfer-encoding:mime-version; bh=mvz4YoDzpaVsg6BLEUOhyvX3d+eqg+QNrDwnKNmn1IA=; b=oh068UHiE1OzRxMsJdCa4Da9lCYed/9AATF0X1Zhd3au1++7uzMj0NA80AEH3dZJzd YljaNkjZmUQnj9AfjYsT+ScJT+0k59506iXqpE6EQFEr3Nt+wvykDHjs++CM0FVyrCT7 S+Z+IC6ujg9Op4/aBLfI5psbEWeyZ4rIIwQPr1o/AypYkYYELEabbdeDvlxmAesMjUR+ NqrDHkUjfK0h+vybF09WdO6AuaalbsfQGfpqlbqi85E9M3HHflvjV0D2ipMWc+gubeXv uLTHSzYJ3GL/FrqnzJ0MyAgEQKFGQxpWIkzU1ROodkXtXYGNcRGVD5bYm2LqHmjpohvD ahWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u9si5386523ejr.186.2021.02.08.10.40.51; Mon, 08 Feb 2021 10:41:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233960AbhBHSiR (ORCPT + 99 others); Mon, 8 Feb 2021 13:38:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:51668 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234422AbhBHQbf (ORCPT ); Mon, 8 Feb 2021 11:31:35 -0500 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FBC264E8C; Mon, 8 Feb 2021 16:30:53 +0000 (UTC) Received: from disco-boy.misterjones.org ([51.254.78.96] helo=www.loen.fr) by disco-boy.misterjones.org with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94) (envelope-from ) id 1l99R4-00CpnW-SH; Mon, 08 Feb 2021 16:30:50 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 08 Feb 2021 16:30:50 +0000 From: Marc Zyngier To: Will Deacon Cc: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Catalin Marinas , Mark Rutland , David Brazdil , Alexandru Elisei , Ard Biesheuvel , Jing Zhang , Ajay Patil , Prasad Sodagudi , Srinivas Ramana , Hector Martin , James Morse , Julien Thierry , Suzuki K Poulose , kernel-team@android.com Subject: Re: [PATCH v7 00/23] arm64: Early CPU feature override, and applications to VHE, BTI and PAuth In-Reply-To: <20210208143248.GA25934@willie-the-truck> References: <20210208095732.3267263-1-maz@kernel.org> <20210208143248.GA25934@willie-the-truck> User-Agent: Roundcube Webmail/1.4.10 Message-ID: X-Sender: maz@kernel.org X-SA-Exim-Connect-IP: 51.254.78.96 X-SA-Exim-Rcpt-To: will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, dbrazdil@google.com, alexandru.elisei@arm.com, ardb@kernel.org, jingzhangos@google.com, pajay@qti.qualcomm.com, psodagud@codeaurora.org, sramana@codeaurora.org, marcan@marcan.st, james.morse@arm.com, julien.thierry.kdev@gmail.com, suzuki.poulose@arm.com, kernel-team@android.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021-02-08 14:32, Will Deacon wrote: > Hi Marc, > > On Mon, Feb 08, 2021 at 09:57:09AM +0000, Marc Zyngier wrote: >> It recently came to light that there is a need to be able to override >> some CPU features very early on, before the kernel is fully up and >> running. The reasons for this range from specific feature support >> (such as using Protected KVM on VHE HW, which is the main motivation >> for this work) to errata workaround (a feature is broken on a CPU and >> needs to be turned off, or rather not enabled). >> >> This series tries to offer a limited framework for this kind of >> problems, by allowing a set of options to be passed on the >> command-line and altering the feature set that the cpufeature >> subsystem exposes to the rest of the kernel. Note that this doesn't >> change anything for code that directly uses the CPU ID registers. > > I applied this locally, but I'm seeing consistent boot failure under > QEMU when > KASAN is enabled. I tried sprinkling some __no_sanitize_address > annotations > around (see below) but it didn't help. The culprit appears to be > early_fdt_map(), but looking a bit more closely, I'm really nervous > about the > way we call into C functions from __primary_switched. Remember -- this > code > runs _twice_ when KASLR is active: before and after the randomization. > This > also means that any memory writes the first time around can be lost due > to > the D-cache invalidation when (re-)creating the kernel page-tables. Nailed it. Of course, before anything starts writing from C code, we need to have initialised KASAN. kasan_init.c itself is compiled without any address sanitising, but we can't repaint all the stuff that is called from early_fdt_map() (quite a lot). So the natural thing to do is to keep kasan_early_init() as the first thing we do in C code, and everything falls from that. Any chance you could try that on top and see if that cures your problem? If that works for you, I'll push an updates series. Thanks, M. diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index bce66d6bda74..09a5b603c950 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -429,13 +429,13 @@ SYM_FUNC_START_LOCAL(__primary_switched) bl __pi_memset dsb ishst // Make zero page visible to PTW +#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) + bl kasan_early_init +#endif mov x0, x21 // pass FDT address in x0 bl early_fdt_map // Try mapping the FDT early bl init_feature_override bl switch_to_vhe -#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) - bl kasan_early_init -#endif #ifdef CONFIG_RANDOMIZE_BASE tst x23, ~(MIN_KIMG_ALIGN - 1) // already running randomized? b.ne 0f -- Jazz is not dead. It just smells funny...