Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp940111lqj;
        Mon, 3 Jun 2024 05:51:42 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUST2wbMH27eeOdaX6WSHwuwAwLocZxU/LYkGP6iXCNc6GFV0qfJ0KfeKH9djSSj4jiBEer/jHXuOMRqR1vr30vt73MurSgpRmuYdg2Ow==
X-Google-Smtp-Source: AGHT+IH7H0/BiDPC1/Kb6UubRXrkqXIWzU5o+fPYwddrF6l9v48bxxRxCiV1ymCgdzTju9AUIjHO
X-Received: by 2002:a17:90a:bf87:b0:2c1:b396:3377 with SMTP id 98e67ed59e1d1-2c1dc57693amr8852853a91.15.1717419101692;
        Mon, 03 Jun 2024 05:51:41 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717419101; cv=pass;
        d=google.com; s=arc-20160816;
        b=0elUUiJyD71i1J5v5UCgDEAKTrb8qC0E/Bpk9SwokY189CVlecQS6nXtl6K5k09k/E
         c+VbmASmuAoVvUIXUqZV5NUWAltAygX+83b988PNDCvfmGVPW/LkBIpeqQyTEuEl0tJ0
         8bAK521RXejhsBhTZdbtMwZ1ApRsR4lFXO8UfUy+BEJSW39FzZfb2rJpAUEShLkdzTY5
         NjnhBG5o/jwsXNdTsDrP5ciJZgVLpIAwb2yRON7fyE0SHOhNWyjzDQqOASBnyeNgyByy
         kWiKXT7Wgeg87x6Jmvflekwmz0wR7VdIRaxz+6Pl8M+qpPnuTkGmkpIu10uYQ4b3KuEf
         33Ig==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=;
        fh=LH4MSSvZpMqezTQgUVZohY0X9QlFgjkyu9/tkdYJBKg=;
        b=d9g1TteUfBmFXkDyO2IGpkS7hePHcLENNMplT/WzaRMrDnjvhqMu7kVPJkscl6kCGx
         K8UgSU4+TGp2yqaNh5CQ+0sohU3qkRfo1sHKwZLI2HHjgGb2jxGzqzlKS4EKF3pma/7Z
         TwtK3EOzwpk4EPuYhx5c8YAUxuTdLOAeWb1Ra6vlR3TuVXckG1nQT8Yg3/RxnNUfyJBl
         R0UZRstofHYswRrdydgo+ALu24GYzsuS4sl2U5YZpEcRIR5iStZ9SYDyWfdkVIxMUUwR
         oXyLLrNKnKpEARVDSoxAzKH5ZF/QqUgG2nGTU3Wg4z8AiChrMeudt2hBaDo5YDIgFQgr
         7c9Q==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jx9j+DBz;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id 98e67ed59e1d1-2c2410637fesi1221624a91.14.2024.06.03.05.51.41
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 03 Jun 2024 05:51:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jx9j+DBz;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 188DD287C3A
	for <linux.lists.archive@gmail.com>; Mon,  3 Jun 2024 12:47:50 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 04E6512C52E;
	Mon,  3 Jun 2024 12:47:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Jx9j+DBz"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A79A126F1A;
	Mon,  3 Jun 2024 12:47:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717418865; cv=none; b=VTRrejY6uyjGlb5U0LtAukQFvyU98xWbHt3HID/zywfTHiG47dKWFr+WaQFwtERsgGeu4ab5XizJKpe7nkjTmpLxCc3j9U2zyVdm9QSh0dj9j+Ktyzd6BUN/c/9hcxn1f/DK9bak48tR/0uGXFVsbyYZS9snkzXeCGxaEaRK68c=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717418865; c=relaxed/simple;
	bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=UuP3WjoChYwmVRPvDD0PjTsOyzDb4B/duvsX7dgCJ+vaPuo0P+GyRLu2oAx4TWyHKxuNrTv00Leq0X5qPHpuZynA69MYDfsNeJ0AtmssrHtRZINFl3l4XVlhCnlC7UZCihhqXHWry53mGwhfnUU6WXq2on3LQJHwIIM03hhiYnM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Jx9j+DBz; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18AA1C4AF07;
	Mon,  3 Jun 2024 12:47:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1717418864;
	bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=Jx9j+DBzZp16t8GUoTabwdp9sySO5qFu4XyiaobyhE0bWZwGYAOot9E1RKFHAGYn1
	 RFsK6myrrIx2X2exvfkwD06gQ3WHr6ZYP0rC6kRpLfp+Yw6+qyPFIJ3wNt2Do8lDRw
	 XlKSVa+zhpiYpdo4ATR6iTBlhCqmlI3pK90eRLAdF6y3vgSkOu2HfFxLuH0vBaSdb0
	 8Nb4ZCCxOVH8GQ/30htNKhSoPm2sqqExt91urxrj4zWKfMiSKE7BtkWjaZBi3V02Dl
	 cvSBUIfXhsLmcP4umDOyuEW90vH3ruTPyFgiFAQYhyREH7WHaicWHcBssMiWSzb+HU
	 BrCqREjhNes9g==
Date: Mon, 3 Jun 2024 13:47:40 +0100
From: Conor Dooley <conor@kernel.org>
To: Alexandre Ghiti <alex@ghiti.fr>
Cc: Jesse Taube <jesse@rivosinc.com>, linux-riscv@lists.infradead.org,
	linux-kernel@vger.kernel.org, llvm@lists.linux.dev,
	Alexandre Ghiti <alexghiti@rivosinc.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Albert Ou <aou@eecs.berkeley.edu>,
	=?iso-8859-1?Q?Bj=F6rn_T=F6pel?= <bjorn@rivosinc.com>,
	Paul Walmsley <paul.walmsley@sifive.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Masahiro Yamada <masahiroy@kernel.org>
Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address
Message-ID: <20240603-stinking-roster-cfad46696ae5@spud>
References: <20240531162327.2436962-1-jesse@rivosinc.com>
 <20240531-uselessly-spied-262ecf44e694@spud>
 <b199fde6-c24e-4c18-9c38-fdc923294551@ghiti.fr>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="iJdrl4qDKkXrEMBS"
Content-Disposition: inline
In-Reply-To: <b199fde6-c24e-4c18-9c38-fdc923294551@ghiti.fr>


--iJdrl4qDKkXrEMBS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 03, 2024 at 11:14:49AM +0200, Alexandre Ghiti wrote:
> Hi Conor,
>=20
> On 31/05/2024 19:31, Conor Dooley wrote:
> > On Fri, May 31, 2024 at 12:23:27PM -0400, Jesse Taube wrote:
> > > Dectect the Zkr extension and use it to seed the kernel base address.
> > >=20
> > > Detection of the extension can not be done in the typical fashion, as
> > > this is very early in the boot process. Instead, add a trap handler
> > > and run it to see if the extension is present.
> > You can't rely on the lack of a trap meaning that Zkr is present unless
> > you know that the platform implements Ssstrict. The CSR with that number
> > could do anything if not Ssstrict compliant, so this approach gets a
> > nak from me. Unfortunately, Ssstrict doesn't provide a way to detect
> > it, so you're stuck with getting that information from firmware.
>=20
>=20
> FYI, this patch is my idea, so I'm the one to blame here :)
>=20
>=20
> >=20
> > For DT systems, you can actually parse the DT in the pi, we do it to get
> > the kaslr seed if present, so you can actually check for Zkr. With ACPI
> > I have no idea how you can get that information, I amn't an ACPI-ist.
>=20
>=20
> I took a look at how to access ACPI tables this early when implementing t=
he
> Zabha/Zacas patches, but it seems not possible.
>=20
> But I'll look into this more, this is not the first time we need the
> extensions list very early and since we have no way to detect the presence
> of an extension at runtime, something needs to be done.

Aye, having remembered that reading CSR_SEED could have side-effects on a
system with non-conforming extensions, it'd be good to see if we can
actually do this via detection on ACPI - especially for some other
extensions that we may need to turn on very early (I forget which ones we
talked about this before for). I didn't arm64 do anything with ACPI in the
pi code, is the code arch/x86/boot/compressed run at an equivilent-ish point
in boot?

--iJdrl4qDKkXrEMBS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZl27awAKCRB4tDGHoIJi
0qGGAP0dROI2kQOiSz/LUNHcEMeZPOeCAtT2w2ieJ5CnnqdxFAEA0+On5DOHDyHW
ScDD2IjkJxreOi0zn1lj8uq2WccodwI=
=fWLb
-----END PGP SIGNATURE-----

--iJdrl4qDKkXrEMBS--