Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4588224rwb; Tue, 8 Aug 2023 10:33:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEYXJYtc5AwFS6lA637qeS6fxmxTGCia3nNVgX/dTrrSLSbpPin7DbXSMoBeHvHUnYoLmhO X-Received: by 2002:a50:fa84:0:b0:522:30cc:a1f4 with SMTP id w4-20020a50fa84000000b0052230cca1f4mr457567edr.0.1691515999340; Tue, 08 Aug 2023 10:33:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691515999; cv=none; d=google.com; s=arc-20160816; b=0b7dgd3rZNV8mHdaoWZYZw6NAsDxDYgnfcBwMR/PpLfYeZKR6lPnG9sIABnpSjp2fJ v9HwR4YKJUnfpmi2GPNqePQbiRgrYICj6fIsZPdChdTKfGoEhyHo6g+krfHMzwm6IntM BH9jO0XBTKCIOzm+wlRFwBdzirsXVbB3fmZkXjgXNoPxmC4FB6afvjjyK2hTiyEcw8fg XaDs83RZM2lfw+bj4kb2hsmU8rnx/rmOca2Qp5CXm5M4VOfTrUptN8xqedFq3IIVp14Z NtX/+SPR1tOPQgeTrydKx9i1X4Y79WDBgvueV2ci46aMtZq+1ViQQzatBQjHhsZglJd0 0Byw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=N4RvFydLY4NE81BOENjonNWOWuUbqDyR/yz5oU7ihfI=; fh=kcS3UpadM9/h+5MJoabS58SOMuY7IUFc49vfZmWE0g4=; b=yOGiR0837Q/PAWCuGAf8XacRYRIWoZ8vRr07VbyCMqbVo4MPz6KATGk5wX3FU7Pirw RVvwBw+Dshs0NLnucH0czh9ffL7IKnREKNPajmWd28ZdN5BOPAey7UUdQMh4eZ1D+Jwn couJrMM6Qn3JmykGyu7v7buFFtf20EfxlaoyKg++QbilcA5DIosTqpogqh2Ps6RTmnwO e5D9TMgThHwIHe7k9laa3yaaPkalFx9ya67bY7ly+oEMUo2iON6ACAin4RHc1iYqhPCv WZVzVKalmn7siynh5iX6ts6s6yymD2843PcKDHWy20yv9Oa0YXqckp7t/lkc2GE9olid V3Pw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="qoX/eMO0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l26-20020aa7c3da000000b005223a5df62asi7806040edr.198.2023.08.08.10.32.54; Tue, 08 Aug 2023 10:33:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="qoX/eMO0"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234138AbjHHRNK (ORCPT + 99 others); Tue, 8 Aug 2023 13:13:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229731AbjHHRMX (ORCPT ); Tue, 8 Aug 2023 13:12:23 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54FFB1BAEF; Tue, 8 Aug 2023 09:05:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D10D46255B; Tue, 8 Aug 2023 13:39:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB753C433C7; Tue, 8 Aug 2023 13:39:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691501956; bh=Ki1HzhNVrEMQqJYK0ubVbjtanH8DpF6Ky5gGu4/0x4k=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=qoX/eMO017CMAZkvb5eeeZSwrGoo7OhaWXNBUPAwkABu5o8SDL76hkMVFaXDUR5Io Nn0o252MBpOGGoZYWuNRNgFRx5bOTLOTY993hG6hJUjbz1nIX/5ukgMnMXkxGl1zba Mo3kuaoicSI+nGJ9g/AG+ieTHPdLvzThSBQorQGCGt9p17fq4lkAUz4SwEW0stHdO7 Szagd69E8U2I5XXZ4IV7JaHi9SYjiOGvOnevorrizcM64DnADzW35VYq4e0ljaSbXr rpWSPeHnMcHVQVEklx3CorOhu5FBhpKItIdm9k2lUzS56OGu2NCv4S+5jgbvr6Wbmo qCqtSFuHo4lFA== Date: Tue, 8 Aug 2023 14:39:11 +0100 From: Conor Dooley To: Atish Kumar Patra Cc: Conor Dooley , palmer@dabbelt.com, Paul Walmsley , Anup Patel , Alexandre Ghiti , =?iso-8859-1?Q?Bj=F6rn_T=F6pel?= , Song Shuai , JeeHeng Sia , Petr Tesarik , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [RFT 1/2] RISC-V: handle missing "no-map" properties for OpenSBI's PMP protected regions Message-ID: <20230808-handbag-mushily-f884178d29f5@spud> References: <20230802-purse-hydrant-6f44f77364b0@wendy> <20230802-detention-second-82ab2b53e07a@wendy> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rx7tRWhyclYJdoyr" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --rx7tRWhyclYJdoyr Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 08, 2023 at 12:54:11AM -0700, Atish Kumar Patra wrote: > On Wed, Aug 2, 2023 at 4:14=E2=80=AFAM Conor Dooley wrote: > > > > Add an erratum for versions [v0.8 to v1.3) of OpenSBI which fail to add > > the "no-map" property to the reserved memory nodes for the regions it > > has protected using PMPs. > > > > Our existing fix sweeping hibernation under the carpet by marking it > > NONPORTABLE is insufficient as there are other ways to generate > > accesses to these reserved memory regions, as Petr discovered [1] > > while testing crash kernels & kdump. > > > > Intercede during the boot process when the afflicted versions of OpenSBI > > are present & set the "no-map" property in all "mmode_resv" nodes before > > the kernel does its reserved memory region initialisation. > > >=20 > We have different mechanisms of DT being passed to the kernel. >=20 > 1. A prior stage(e.g U-Boot SPL) to M-mode runtime firmware (e.g. > OpenSBI, rustSBI) passes the DT to M-mode runtime firmware and it > passes to the next stage. > In this case, M-mode runtime firmware gets a chance to update the > no-map property in DT that the kernel can parse. >=20 > 2. User loads the DT from the boot loader (e.g EDK2, U-Boot proper). > Any DT patching done by the M-mode firmware is useless. If these DTBs > don't have the no-map > property, hibernation or EFI booting will have issues as well. >=20 > We are trying to solve only one part of problem #1 in this patch. Correct. If someone's second stage is also providing an incorrect devicetree then, yeah, this approach would fall apart - but it's the firmware provided devicetree being incorrect that I am trying to account for here. If a person incorrectly constructed one, I am not really sure what we can do for them, they incorrect described their hardware /shrug My patch should of course help in some of the scenarios you mention above if the name of the reserved memory region from OpenSBI is propagated by the second-stage bootloader, but that is just an extension of case 1, not case 2. > I > don't think any other M-mode runtime firmware patches DT with no-map > property as well. > Please let me know if I am wrong about that. The problem is not > restricted to [v0.8 to v1.3) of OpenSBI. It comes down to Alex's question - do we want to fix this kind of firmware issue in the kernel? Ultimately this is a policy decision that "somebody" has to make. Maybe the list of firmwares that need this grows, but hopefully this bug will be fixed everywhere going forward, since, as you say, we now have a document. The reason I've only targeted OpenSBI here is that it's what is being shipped on people's SBCs etc by default & is also what is in the versions of QEMU that people seem to be using. Unless there's some example that I am missing, other firmwares are either not affected or not actually being shipped on to consumers? > The booting doc now says that no-map property must be set and any > usage of DTBs without that (via #1 or #2) will have unintended > consequences. Which is great. It unfortunately does not help one iota with stuff that's already in the wild. Thanks, Conor. > > Reported-by: Song Shuai > > Link: https://lore.kernel.org/all/CAAYs2=3DgQvkhTeioMmqRDVGjdtNF_vhB+vm= _1dHJxPNi75YDQ_Q@mail.gmail.com/ > > Reported-by: JeeHeng Sia > > Link: https://groups.google.com/a/groups.riscv.org/g/sw-dev/c/ITXwaKfA6= z8 > > Reported-by: Petr Tesarik > > Closes: https://lore.kernel.org/linux-riscv/76ff0f51-d6c1-580d-f943-061= e93073306@huaweicloud.com/ [1] > > CC: stable@vger.kernel.org > > Signed-off-by: Conor Dooley > > --- > > arch/riscv/include/asm/sbi.h | 5 +++++ > > arch/riscv/kernel/sbi.c | 42 +++++++++++++++++++++++++++++++++++- > > arch/riscv/mm/init.c | 3 +++ > > 3 files changed, 49 insertions(+), 1 deletion(-) > > > > diff --git a/arch/riscv/include/asm/sbi.h b/arch/riscv/include/asm/sbi.h > > index 5b4a1bf5f439..5360f3476278 100644 > > --- a/arch/riscv/include/asm/sbi.h > > +++ b/arch/riscv/include/asm/sbi.h > > @@ -252,6 +252,9 @@ enum sbi_pmu_ctr_type { > > #define SBI_ERR_ALREADY_STARTED -7 > > #define SBI_ERR_ALREADY_STOPPED -8 > > > > +/* SBI implementation IDs */ > > +#define SBI_IMP_OPENSBI 1 > > + > > extern unsigned long sbi_spec_version; > > struct sbiret { > > long error; > > @@ -259,6 +262,8 @@ struct sbiret { > > }; > > > > void sbi_init(void); > > +void sbi_apply_reserved_mem_erratum(void *dtb_va); > > + > > struct sbiret sbi_ecall(int ext, int fid, unsigned long arg0, > > unsigned long arg1, unsigned long arg2, > > unsigned long arg3, unsigned long arg4, > > diff --git a/arch/riscv/kernel/sbi.c b/arch/riscv/kernel/sbi.c > > index c672c8ba9a2a..aeb27263fa53 100644 > > --- a/arch/riscv/kernel/sbi.c > > +++ b/arch/riscv/kernel/sbi.c > > @@ -5,8 +5,10 @@ > > * Copyright (c) 2020 Western Digital Corporation or its affiliates. > > */ > > > > +#include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -583,6 +585,40 @@ long sbi_get_mimpid(void) > > } > > EXPORT_SYMBOL_GPL(sbi_get_mimpid); > > > > +static long sbi_firmware_id; > > +static long sbi_firmware_version; > > + > > +/* > > + * For devicetrees patched by OpenSBI a "mmode_resv" node is added to = cover > > + * the region OpenSBI has protected by means of a PMP. Some versions o= f OpenSBI, > > + * [v0.8 to v1.3), omitted the "no-map" property, but this trips up hi= bernation > > + * among other things. > > + */ > > +void __init sbi_apply_reserved_mem_erratum(void *dtb_pa) > > +{ > > + int child, reserved_mem; > > + > > + if (sbi_firmware_id !=3D SBI_IMP_OPENSBI) > > + return; > > + > > + if (!acpi_disabled) > > + return; > > + > > + if (sbi_firmware_version >=3D 0x10003 || sbi_firmware_version <= 0x8) > > + return; > > + > > + reserved_mem =3D fdt_path_offset((void *)dtb_pa, "/reserved-mem= ory"); > > + if (reserved_mem < 0) > > + return; > > + > > + fdt_for_each_subnode(child, (void *)dtb_pa, reserved_mem) { > > + const char *name =3D fdt_get_name((void *)dtb_pa, child= , NULL); > > + > > + if (!strncmp(name, "mmode_resv", 10)) > > + fdt_setprop((void *)dtb_pa, child, "no-map", NU= LL, 0); > > + } > > +}; > > + > > void __init sbi_init(void) > > { > > int ret; > > @@ -596,8 +632,12 @@ void __init sbi_init(void) > > sbi_major_version(), sbi_minor_version()); > > > > if (!sbi_spec_is_0_1()) { > > + sbi_firmware_id =3D sbi_get_firmware_id(); > > + sbi_firmware_version =3D sbi_get_firmware_version(); > > + > > pr_info("SBI implementation ID=3D0x%lx Version=3D0x%lx\= n", > > - sbi_get_firmware_id(), sbi_get_firmware_version= ()); > > + sbi_firmware_id, sbi_firmware_version); > > + > > if (sbi_probe_extension(SBI_EXT_TIME)) { > > __sbi_set_timer =3D __sbi_set_timer_v02; > > pr_info("SBI TIME extension detected\n"); > > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > > index 70fb31960b63..cb16bfdeacdb 100644 > > --- a/arch/riscv/mm/init.c > > +++ b/arch/riscv/mm/init.c > > @@ -29,6 +29,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -253,6 +254,8 @@ static void __init setup_bootmem(void) > > * in the device tree, otherwise the allocation could end up in= a > > * reserved region. > > */ > > + > > + sbi_apply_reserved_mem_erratum(dtb_early_va); > > early_init_fdt_scan_reserved_mem(); > > > > /* > > -- > > 2.40.1 > > --rx7tRWhyclYJdoyr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZNJFfwAKCRB4tDGHoIJi 0uEqAP9hw6Quu+1eFhYzWMHbD4zSBoRmdSPjufPiD7IKziLVzgD/XlkWXPdZ+Ror 6EFOBSXlAVHRbpzcs80M/sl1y1Z46wc= =rpvq -----END PGP SIGNATURE----- --rx7tRWhyclYJdoyr--