Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp15505lqj; Sat, 1 Jun 2024 06:23:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW7jmvsem1j+nSw4AAPC3hKIRqgojALhtZ38CBKHCZSymcgA5cNdo3hURZLQc8ObXfws+FeP2KJgccMElGB0gNGnKW+yJsYmDcd+57hRw== X-Google-Smtp-Source: AGHT+IFzYThF6bXlZuLaC45tD6i56LUsnN9grvxtDlr/WAiI5eOhykyOFAjx9iqbzgfvc4nj6XcR X-Received: by 2002:a17:906:63d1:b0:a59:aa69:9791 with SMTP id a640c23a62f3a-a68208fe2ecmr299555566b.34.1717248187140; Sat, 01 Jun 2024 06:23:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717248187; cv=pass; d=google.com; s=arc-20160816; b=ucdPTfxeYnFwe3Q0P/T53auq6byBb0kTtJZkP7Ra9qQqSoEZBuaSjrye4NKDN4Fwhs 83BZG70TiIslptrBNn0bS0gsZeAX1YovriLl71YsJOMwSDCGuGjOLm5XvQtck7a7+7vD sTidDLv5AtaRhk76WuSi77viPMSjuMElPzWcVCbGK1UFdAbQxJLdhxJQMRsiK7rODm/M zbA5zjEmMyt5rcLVkNW+EGjzT6O7Xe9fQOD3IxUyKfYZQNe0mfRddPWS98lYyUuzVMEA vL2mgZ8SFrXXNKHFlKqcEt+OZVDH6hGp4tkc6aFPjGKwPA/ABbrbTvajiYQnJoAwnJz6 bQ8w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=uemKakUr8vZOqaAGlWk2WVIUnDQWBAtUrKhYYseMLMM=; fh=jvJMkTpLIwT8/TNaGposikj9t/fZYqXKzbpqDv9/0TY=; b=RKunaQXpEmrAgNnC/BFqeKTz1C0GOLHaK311r9YSNrxdCw5FSW+TaBX9NURym0tyz8 ym9VK/awqE/k+PEQC9qogNJ1uewksNdSvECgujetlr2zam0YVz3IhluhAD6hhiAKVWiX 6G3vmqUMzG7psoqpBmTKynK+6PW21JMEwsT7dvDWIJ9Jd1pN/IRjtstSlZxRBcKXpZhF T2R0NAt+blDrWdV620AnQM6wSaitrM5uL50bQG2Iwh+NeWLkYtGheNdy3WCScdp0svQ2 U1qHTCWwYSs2nctjAGzs1MiT4FagWN6ZIGYAGoJl0fOC6cv4mrFA9O+/FtXH1sglcbEa P7Kg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TOEoxg1c; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197867-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197867-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a67eaf6535csi207366166b.828.2024.06.01.06.23.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Jun 2024 06:23:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197867-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=TOEoxg1c; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197867-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197867-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id AEFCF1F21D4E for ; Sat, 1 Jun 2024 13:23:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0B1301509B4; Sat, 1 Jun 2024 13:23:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TOEoxg1c" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A90F1D52D; Sat, 1 Jun 2024 13:23:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717248181; cv=none; b=n4lQxF0IPzMegpNAUGsEVnfq6jg5USZ1Zuu+T4EbkEZ7aSWx/laiKbinr09NC9zE92WuHNqv/2+kDlCWxjoI3lzwk+9Og9Vynbp0HshrjlFecnpyBlyH3TrevtJmZdHrsdv/yH710uoOS/86mMd97BYsAl6aRe0YVG30pq5TVZo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717248181; c=relaxed/simple; bh=uemKakUr8vZOqaAGlWk2WVIUnDQWBAtUrKhYYseMLMM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MC7/FkDcLmZIdQu9J4FT4WBcPn8YRqH13d2Q6EhY5Mf7BuVw42k0m/mJM75IPGzpTx4KHgNwKABd8WEKoe/GQC1tu1wb7lKh/BSqxLb10+C0iCZk+49r3WcuEznYUnGQgW54Vw2PyE1ZaTj08QoKvNYircJPkIAbk2ORUPoaBI8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TOEoxg1c; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4DEB2C116B1; Sat, 1 Jun 2024 13:22:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717248180; bh=uemKakUr8vZOqaAGlWk2WVIUnDQWBAtUrKhYYseMLMM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=TOEoxg1chOjfRE/E4b5As7oYDoY3J10V3tBaL6M6PTfqJ4e0WTYhrkav8NfTfTBrN dD/ap9/w0VHqNGtdFeyWoQR2OIl5UAf0EnnywWch8I4HNnhbfBDTNMAYOK/JnEZkIn il6ie2YmaAmz82jNyBD7f2efX5+0IVGHCFxT6blV/DNNcuW9ZAdtlxiH9IOEkEFjls x8nebtFOi4fOfBg9Xc1wNk9XGR9z/sSbJQAcZc79jfD7Ut+pK2wpVQN1hNs/063sW3 JjQ3yF6RQA9om3uqpKdjdoJ+OA7nl1wdwkf/wkSA54OFaf/IPuzpAh9cctwAncNrPc uHUxB4z559Tsg== Date: Sat, 1 Jun 2024 14:22:56 +0100 From: Conor Dooley To: Charlie Jenkins Cc: Jesse Taube , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Alexandre Ghiti , Palmer Dabbelt , Albert Ou , =?iso-8859-1?Q?Bj=F6rn_T=F6pel?= , Paul Walmsley , Nathan Chancellor , Nick Desaulniers , Masahiro Yamada Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address Message-ID: <20240601-powdering-herbicide-7bfe85717536@spud> References: <20240531162327.2436962-1-jesse@rivosinc.com> <20240531-uselessly-spied-262ecf44e694@spud> <20240531-cough-yearling-bdfd49244885@spud> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qb94X1QeeBV02Dig" Content-Disposition: inline In-Reply-To: --qb94X1QeeBV02Dig Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 31, 2024 at 02:40:05PM -0700, Charlie Jenkins wrote: > On Fri, May 31, 2024 at 10:36:46PM +0100, Conor Dooley wrote: > > On Fri, May 31, 2024 at 01:19:14PM -0700, Charlie Jenkins wrote: > > > On Fri, May 31, 2024 at 06:31:09PM +0100, Conor Dooley wrote: > > > > On Fri, May 31, 2024 at 12:23:27PM -0400, Jesse Taube wrote: > > > > > Dectect the Zkr extension and use it to seed the kernel base addr= ess. > > > > >=20 > > > > > Detection of the extension can not be done in the typical fashion= , as > > > > > this is very early in the boot process. Instead, add a trap handl= er > > > > > and run it to see if the extension is present. > > > >=20 > > > > You can't rely on the lack of a trap meaning that Zkr is present un= less > > > > you know that the platform implements Ssstrict. The CSR with that n= umber > > > > could do anything if not Ssstrict compliant, so this approach gets a > > > > nak from me. Unfortunately, Ssstrict doesn't provide a way to detect > > > > it, so you're stuck with getting that information from firmware. > > >=20 > > > The Scalar Cryptography v1.0.1 spec says "If Zkr is not implemented, = the > > > [s,u]seed bits must be hardwired to zero". It also says "Without the > > > corresponding access control bit set to 1, any attempted access to se= ed > > > from U, S, or HS modes will raise an illegal instruction exception." > > >=20 > > > There is a slight nuance here as the definition of Ssstrict is: > > >=20 > > > "No non-conforming extensions are present. Attempts to execute > > > unimplemented opcodes or access unimplemented CSRs in the standard or > > > reserved encoding spaces raises an illegal instruction exception that > > > results in a contained trap to the supervisor-mode trap handler." > > >=20 > > > The trap that Jesse is relying on in the code here is related to acce= ss > > > bits and not related to the CSR being unimplemented. Since the access > > > bits are required to be 0 on an implementation without Zkr, it is > > > required to trap if seed is accessed, regardless of Ssstrict. > > >=20 > > > The situation here is slightly odd because the spec is defining behav= ior > > > for what to do if the extension is not supported, and requires > > > implementations to follow this aspect of the Scalar Cryptography spec > > > even though they may not implement any of the instructions in the spe= c. > >=20 > > Firstly, you absolutely cannot rely on the behaviour defined by a new > > extension by systems that implement a version of the ISA that predates > > it. Secondly, we're talking about non-conforming implementations that > > use a reserved CSR number for other purposes, you cannot rely on the > > behaviour that the Scalar Crypto spec prescribes for access to the > > register. >=20 > Yes that is definitely a slippery slope. >=20 > >=20 > > "Non-conforming" is also a moving target btw - the Andes PMU (I think > > it's that) uses an interrupt number that was moved from "platform > > specific use" to "reserved" by the AIA spec. If you only looked the > > current specs, the Andes PMU is a "non-conforming extension" but at the > > time that it was created it was compliant. I think we're gonna have a > > fun conversation defining what "Ssstrict" actually means when someone > > actually tries to document that. >=20 > Sounds fun ;) >=20 > >=20 > > > > For DT systems, you can actually parse the DT in the pi, we do it t= o get > > > > the kaslr seed if present, so you can actually check for Zkr. With = ACPI > > > > I have no idea how you can get that information, I amn't an ACPI-is= t. > > >=20 > > > It is feasible to check if Zkr is present in the device tree at this > > > stage in boot, but at first glance does not seem feasible to read the > > > ACPI tables this early. > > >=20 > > > The CSR being read is just for entropy so even if the seed CSR doesn't > > > trap and provides an arbitrary value on an implementation that does n= ot > > > support Zkr, it can still be used as a source of entropy. If the > > > implementation does trap, the entropy will be set to 0 which is just a > > > different hard-coded arbitrary value.=20 > >=20 > > Right. I can see value in doing something that may contain entropy, and > > is at worst no better than the 0 we can currently get. But the patch > > we're talking about here mentions nothing of the sort, it presents itse= lf > > as detection of Zkr and an actually random number - but all it actually > > detects is whether or not the CSR at CSR_SEED traps. > >=20 > > To be acceptable, the patch would need to stop claiming that it is a va= lid > > way to detect Zkr. The commit message, and a comment, must also explain > > what may happen on systems that do not implement Zkr as you have done > > here. > > For example, `if (!riscv_has_zkr()) return 0` would have to be something > > like `if (riscv_csr_seed_traps()) return 0`. >=20 > That is reasonable, thank you for your input! Another thing to consider is that writing a zero to CSR_SEED may have side effects on a non-conforming implementation. --qb94X1QeeBV02Dig Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZlsgsAAKCRB4tDGHoIJi 0mpAAP9Wf2UEJYEbxtEQlARVw3uO6tK/Rw99oZhzzH6rx7bt5gD7BLLU4j5MVT6g xpvg+3vpip6nI973bF8fq8d0T537UQM= =RU7v -----END PGP SIGNATURE----- --qb94X1QeeBV02Dig--