Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp4037555rwe; Mon, 17 Apr 2023 07:11:02 -0700 (PDT) X-Google-Smtp-Source: AKy350ZHltnym3xNsimkChapDZyhLHf3QZHYH1GxHS67cT9dThEi7gwZSuaFFWNO2Om2f6cx1MLt X-Received: by 2002:a05:6a00:2e87:b0:627:f0e1:4fbf with SMTP id fd7-20020a056a002e8700b00627f0e14fbfmr24064576pfb.33.1681740661721; Mon, 17 Apr 2023 07:11:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681740661; cv=none; d=google.com; s=arc-20160816; b=bdLJUiR3Xt+6fjyENT6Yr3hvx69BxQs6kuo7l5CBfKSSlF44DWna/iwDJWZ1A/O/Mf YO1a187/fCDIqRDQV61JukoyZesDt7+1m3Q5cuw7vzJoxbd2gaFm323+NA3kdUmv4I4r WKEOKrf1IQOfv65eyME86GGT4acX05YBsGbebZWVg51uVGdr5s3Xe27fXlkr7SQB2OfM zx2S5u2rq6oKenmCIS4NMCljQWtqHknhWiMiYoNBYOfAMrCTpFaYGOeLAb39Dd3Bdppd 7QyjWB43C8xydi+IhJRGn4G0IzrnN+dGP5E9UfQAAj+TDkU7FKVGwBp0CNXyjFditbHh kuSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=XMDsMB887VkI9fHGAb7cUc2yCJqtobqMM2JyC9EaLsE=; b=RemAG6ZXAnNv2j9OTwKS8P9k1K7jOAE5bBimBdykgAUfugUyPTGAK5bzhYQPMSej2R lqgx4co/e4dY1LHH10SUSbNu6x0uijrVsgauPRyS/DRIt0Ocq7xo16+V8GBVd656ZMmo 4n3IbjyH0gck6wTTGekN1BmdV8Dc9qVfxPkeDGRkWVV0JYjovMKJPuqOlnXV8vl6NZMr 9PG4KSbYVcGDLN9E5Ib1o3dkQ9cxOHXEmQmEtYjeIB/57ybxMwyrzLW6zgFTWkZIc2gn iHi9VK+2eGm+lelsIHAta2/nq5mmPNgIUwUQh2WTSIMFC8LFb46L0OyrDJE6LO96isPG XPew== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h125-20020a636c83000000b0051b7f451cc6si7540646pgc.539.2023.04.17.07.10.45; Mon, 17 Apr 2023 07:11:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230128AbjDQOKG (ORCPT + 99 others); Mon, 17 Apr 2023 10:10:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229963AbjDQOKE (ORCPT ); Mon, 17 Apr 2023 10:10:04 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 35624AF14 for ; Mon, 17 Apr 2023 07:09:37 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BEF091FB; Mon, 17 Apr 2023 07:09:59 -0700 (PDT) Received: from [10.57.68.227] (unknown [10.57.68.227]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5C0933F5A1; Mon, 17 Apr 2023 07:09:14 -0700 (PDT) Message-ID: Date: Mon, 17 Apr 2023 15:09:12 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: Re: [PATCH v3 25/60] arm64: head: Clear BSS and the kernel page tables in one go Content-Language: en-US To: Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Catalin Marinas , Will Deacon , Marc Zyngier , Mark Rutland , Anshuman Khandual , Kees Cook References: <20230307140522.2311461-1-ardb@kernel.org> <20230307140522.2311461-26-ardb@kernel.org> <37412bd5-9e73-024f-26ab-a351853bc846@arm.com> From: Ryan Roberts In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17/04/2023 15:02, Ard Biesheuvel wrote: > On Mon, 17 Apr 2023 at 16:00, Ryan Roberts wrote: >> >> On 07/03/2023 14:04, Ard Biesheuvel wrote: >>> We will move the CPU feature overrides into BSS in a subsequent patch, >>> and this requires that BSS is zeroed before the feature override >>> detection code runs. So let's map BSS read-write in the ID map, and zero >>> it via this mapping. >>> >>> Since the kernel page tables are right next to it, and also zeroed via >>> the ID map, let's drop the separate clear_page_tables() function, and >>> just zero everything in one go. >>> >>> Signed-off-by: Ard Biesheuvel >>> --- >>> arch/arm64/kernel/head.S | 33 +++++++------------- >>> 1 file changed, 11 insertions(+), 22 deletions(-) >>> >>> diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S >>> index 0fa44b3188c1e204..ade0cb99c8a83a3d 100644 >>> --- a/arch/arm64/kernel/head.S >>> +++ b/arch/arm64/kernel/head.S >>> @@ -177,17 +177,6 @@ SYM_CODE_START_LOCAL(preserve_boot_args) >>> ret >>> SYM_CODE_END(preserve_boot_args) >>> >>> -SYM_FUNC_START_LOCAL(clear_page_tables) >>> - /* >>> - * Clear the init page tables. >>> - */ >>> - adrp x0, init_pg_dir >>> - adrp x1, init_pg_end >>> - sub x2, x1, x0 >>> - mov x1, xzr >>> - b __pi_memset // tail call >>> -SYM_FUNC_END(clear_page_tables) >>> - >>> /* >>> * Macro to populate page table entries, these entries can be pointers to the next level >>> * or last level entries pointing to physical memory. >>> @@ -386,9 +375,9 @@ SYM_FUNC_START_LOCAL(create_idmap) >>> >>> map_memory x0, x1, x3, x6, x7, x3, IDMAP_PGD_ORDER, x10, x11, x12, x13, x14, EXTRA_SHIFT >>> >>> - /* Remap the kernel page tables r/w in the ID map */ >>> + /* Remap BSS and the kernel page tables r/w in the ID map */ >>> adrp x1, _text >>> - adrp x2, init_pg_dir >>> + adrp x2, __bss_start >>> adrp x3, _end >>> bic x4, x2, #SWAPPER_BLOCK_SIZE - 1 >>> mov x5, SWAPPER_RW_MMUFLAGS >>> @@ -489,14 +478,6 @@ SYM_FUNC_START_LOCAL(__primary_switched) >>> mov x0, x20 >>> bl set_cpu_boot_mode_flag >>> >>> - // Clear BSS >>> - adr_l x0, __bss_start >>> - mov x1, xzr >>> - adr_l x2, __bss_stop >>> - sub x2, x2, x0 >>> - bl __pi_memset >>> - dsb ishst // Make zero page visible to PTW >>> - >>> #if VA_BITS > 48 >>> adr_l x8, vabits_actual // Set this early so KASAN early init >>> str x25, [x8] // ... observes the correct value >>> @@ -780,6 +761,15 @@ SYM_FUNC_START_LOCAL(__primary_switch) >>> adrp x1, reserved_pg_dir >>> adrp x2, init_idmap_pg_dir >>> bl __enable_mmu >>> + >>> + // Clear BSS >>> + adrp x0, __bss_start >>> + mov x1, xzr >>> + adrp x2, init_pg_end >>> + sub x2, x2, x0 >>> + bl __pi_memset >>> + dsb ishst // Make zero page visible to PTW >> >> Is it possible to add an assert somewhere (or at the very least a comment in >> vmlinux.lds.S) to ensure that nothing gets inserted between the BSS and the page >> tables? It feels a bit fragile otherwise. >> > > I'm not sure that matters. The contents are not covered by the loaded > image so they are undefined otherwise in any case. OK, so you couldn't accidentally zero anything in the image. But it could represent a performance regression if something big was added between them that doesn't need to be zeroed. All hypothetical, but this is currently an unstated assumption that I think is worth stating at least as a comment in the linker script. > >> I also wonder what's the point in calling __pi_memset() from here? Why not just >> do it all in C? >> > > That happens in one of the subsequent patches. Ahh, cheers... Haven't got that far yet. (very impressive that you immediately knew that given you posted the series 6 weeks ago! I usually can't remember what I did yesterday ;-)