Received: by 2002:ab2:7903:0:b0:1fb:b500:807b with SMTP id a3csp940111lqj; Mon, 3 Jun 2024 05:51:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUST2wbMH27eeOdaX6WSHwuwAwLocZxU/LYkGP6iXCNc6GFV0qfJ0KfeKH9djSSj4jiBEer/jHXuOMRqR1vr30vt73MurSgpRmuYdg2Ow== X-Google-Smtp-Source: AGHT+IH7H0/BiDPC1/Kb6UubRXrkqXIWzU5o+fPYwddrF6l9v48bxxRxCiV1ymCgdzTju9AUIjHO X-Received: by 2002:a17:90a:bf87:b0:2c1:b396:3377 with SMTP id 98e67ed59e1d1-2c1dc57693amr8852853a91.15.1717419101692; Mon, 03 Jun 2024 05:51:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717419101; cv=pass; d=google.com; s=arc-20160816; b=0elUUiJyD71i1J5v5UCgDEAKTrb8qC0E/Bpk9SwokY189CVlecQS6nXtl6K5k09k/E c+VbmASmuAoVvUIXUqZV5NUWAltAygX+83b988PNDCvfmGVPW/LkBIpeqQyTEuEl0tJ0 8bAK521RXejhsBhTZdbtMwZ1ApRsR4lFXO8UfUy+BEJSW39FzZfb2rJpAUEShLkdzTY5 NjnhBG5o/jwsXNdTsDrP5ciJZgVLpIAwb2yRON7fyE0SHOhNWyjzDQqOASBnyeNgyByy kWiKXT7Wgeg87x6Jmvflekwmz0wR7VdIRaxz+6Pl8M+qpPnuTkGmkpIu10uYQ4b3KuEf 33Ig== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=; fh=LH4MSSvZpMqezTQgUVZohY0X9QlFgjkyu9/tkdYJBKg=; b=d9g1TteUfBmFXkDyO2IGpkS7hePHcLENNMplT/WzaRMrDnjvhqMu7kVPJkscl6kCGx K8UgSU4+TGp2yqaNh5CQ+0sohU3qkRfo1sHKwZLI2HHjgGb2jxGzqzlKS4EKF3pma/7Z TwtK3EOzwpk4EPuYhx5c8YAUxuTdLOAeWb1Ra6vlR3TuVXckG1nQT8Yg3/RxnNUfyJBl R0UZRstofHYswRrdydgo+ALu24GYzsuS4sl2U5YZpEcRIR5iStZ9SYDyWfdkVIxMUUwR oXyLLrNKnKpEARVDSoxAzKH5ZF/QqUgG2nGTU3Wg4z8AiChrMeudt2hBaDo5YDIgFQgr 7c9Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jx9j+DBz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2c2410637fesi1221624a91.14.2024.06.03.05.51.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 05:51:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jx9j+DBz; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-199129-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 188DD287C3A for ; Mon, 3 Jun 2024 12:47:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 04E6512C52E; Mon, 3 Jun 2024 12:47:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Jx9j+DBz" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A79A126F1A; Mon, 3 Jun 2024 12:47:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717418865; cv=none; b=VTRrejY6uyjGlb5U0LtAukQFvyU98xWbHt3HID/zywfTHiG47dKWFr+WaQFwtERsgGeu4ab5XizJKpe7nkjTmpLxCc3j9U2zyVdm9QSh0dj9j+Ktyzd6BUN/c/9hcxn1f/DK9bak48tR/0uGXFVsbyYZS9snkzXeCGxaEaRK68c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717418865; c=relaxed/simple; bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UuP3WjoChYwmVRPvDD0PjTsOyzDb4B/duvsX7dgCJ+vaPuo0P+GyRLu2oAx4TWyHKxuNrTv00Leq0X5qPHpuZynA69MYDfsNeJ0AtmssrHtRZINFl3l4XVlhCnlC7UZCihhqXHWry53mGwhfnUU6WXq2on3LQJHwIIM03hhiYnM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Jx9j+DBz; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18AA1C4AF07; Mon, 3 Jun 2024 12:47:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717418864; bh=xjvuuOdnqOIhK5ZBtlN6ndKEQrQUjVsyjGmdjk8KDM8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Jx9j+DBzZp16t8GUoTabwdp9sySO5qFu4XyiaobyhE0bWZwGYAOot9E1RKFHAGYn1 RFsK6myrrIx2X2exvfkwD06gQ3WHr6ZYP0rC6kRpLfp+Yw6+qyPFIJ3wNt2Do8lDRw XlKSVa+zhpiYpdo4ATR6iTBlhCqmlI3pK90eRLAdF6y3vgSkOu2HfFxLuH0vBaSdb0 8Nb4ZCCxOVH8GQ/30htNKhSoPm2sqqExt91urxrj4zWKfMiSKE7BtkWjaZBi3V02Dl cvSBUIfXhsLmcP4umDOyuEW90vH3ruTPyFgiFAQYhyREH7WHaicWHcBssMiWSzb+HU BrCqREjhNes9g== Date: Mon, 3 Jun 2024 13:47:40 +0100 From: Conor Dooley To: Alexandre Ghiti Cc: Jesse Taube , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Alexandre Ghiti , Palmer Dabbelt , Albert Ou , =?iso-8859-1?Q?Bj=F6rn_T=F6pel?= , Paul Walmsley , Nathan Chancellor , Nick Desaulniers , Masahiro Yamada Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address Message-ID: <20240603-stinking-roster-cfad46696ae5@spud> References: <20240531162327.2436962-1-jesse@rivosinc.com> <20240531-uselessly-spied-262ecf44e694@spud> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="iJdrl4qDKkXrEMBS" Content-Disposition: inline In-Reply-To: --iJdrl4qDKkXrEMBS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 03, 2024 at 11:14:49AM +0200, Alexandre Ghiti wrote: > Hi Conor, >=20 > On 31/05/2024 19:31, Conor Dooley wrote: > > On Fri, May 31, 2024 at 12:23:27PM -0400, Jesse Taube wrote: > > > Dectect the Zkr extension and use it to seed the kernel base address. > > >=20 > > > Detection of the extension can not be done in the typical fashion, as > > > this is very early in the boot process. Instead, add a trap handler > > > and run it to see if the extension is present. > > You can't rely on the lack of a trap meaning that Zkr is present unless > > you know that the platform implements Ssstrict. The CSR with that number > > could do anything if not Ssstrict compliant, so this approach gets a > > nak from me. Unfortunately, Ssstrict doesn't provide a way to detect > > it, so you're stuck with getting that information from firmware. >=20 >=20 > FYI, this patch is my idea, so I'm the one to blame here :) >=20 >=20 > >=20 > > For DT systems, you can actually parse the DT in the pi, we do it to get > > the kaslr seed if present, so you can actually check for Zkr. With ACPI > > I have no idea how you can get that information, I amn't an ACPI-ist. >=20 >=20 > I took a look at how to access ACPI tables this early when implementing t= he > Zabha/Zacas patches, but it seems not possible. >=20 > But I'll look into this more, this is not the first time we need the > extensions list very early and since we have no way to detect the presence > of an extension at runtime, something needs to be done. Aye, having remembered that reading CSR_SEED could have side-effects on a system with non-conforming extensions, it'd be good to see if we can actually do this via detection on ACPI - especially for some other extensions that we may need to turn on very early (I forget which ones we talked about this before for). I didn't arm64 do anything with ACPI in the pi code, is the code arch/x86/boot/compressed run at an equivilent-ish point in boot? --iJdrl4qDKkXrEMBS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZl27awAKCRB4tDGHoIJi 0qGGAP0dROI2kQOiSz/LUNHcEMeZPOeCAtT2w2ieJ5CnnqdxFAEA0+On5DOHDyHW ScDD2IjkJxreOi0zn1lj8uq2WccodwI= =fWLb -----END PGP SIGNATURE----- --iJdrl4qDKkXrEMBS--