Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp71882lqr; Tue, 4 Jun 2024 21:55:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVi/wjgUf8cWKQTgo3VueNHWRc75VgHynI0B+BhZlI0Zk4NNkQQ3br9QJhoVCl+IJ87JPqkTEeGrHZZ7pIj9Gpa0LKsX1vWSBfO7VFhLw== X-Google-Smtp-Source: AGHT+IFP+43mA2fqJJPaeMs32Hnd8Zxx3WOMdI55xw49zMK6HKismN7scQwwpN7d5KNrEQb8P5z3 X-Received: by 2002:a05:6870:5691:b0:24f:f413:303b with SMTP id 586e51a60fabf-25121c954d1mr1982132fac.12.1717563309960; Tue, 04 Jun 2024 21:55:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717563309; cv=pass; d=google.com; s=arc-20160816; b=HQnosqfoApIisUJzb1xjT0S2ejlvoPi187Z8LxKYkNCu+7hK49Fh5xJ7veOlR+vquK 1x0y1kqtIhC2aH1EXtp3lYJAwfFWHvuRv5b1ra9jLbXWFU/FvM+xqSmoOgLDAxvgZVuV Pfw47/nxFp1TtiJakwobL+CeBVnzabKemxx3b8fRMdHNk81sZzFuXeoUGNZkbbjcJAmO nKdZPjXoQC6KCu3vs1ZhoKwUZF1UDRjlwETCAXjsfJl43Bm5YerBlL/EpGGS+FTqGV7W ZHtzOCs3jDz9uwvctHL2dKdfoI5HWBuOsHfkpgWGv1k8cDt+xzFnKorLxKPRDTPirViZ LMiw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=f+9KIC2ZMxoi+KaQ4+bun3D6PF4buG3kzbZsU0iekQA=; fh=ELmzdqeKL2uo3pirKMrjUyjyIO2hVMiuUpqMWgsvupg=; b=C4Za1gpvpVRafacxrrpuF62097V8VzbjhZ36q2yk3Re2TwGgTp/itVsSrQUMz2w6Og jpwKtXMG392OKpc8j/6AuV4Dfre8t+EJy/LMKFCtucNtPdS7V/GmMJfuVUKLwBgQfkn1 Fu71w2OoYUAaoZlyKvu+ua02kaNoCkUy2piAvkNJiJ0gZrSvjC+7EF1FgAzfEfxOPWuY ztYrnGnLL+V5juQGVjJH6AKdLZOTbZf1o7su7g9nj7a8afbiwFdWBKw1bO/UPdWh3nl7 mzQN6rloHqxZmPyf7xUoMZZWNX5xpxsUlj36DkWIg16CVWWE5ONk6h9Ko0b9CnvoOz+v znvg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b="MCx/TvRP"; arc=pass (i=1 spf=pass spfdomain=sifive.com dkim=pass dkdomain=sifive.com dmarc=pass fromdomain=sifive.com); spf=pass (google.com: domain of linux-kernel+bounces-201754-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-201754-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-6c359e09d87si9234393a12.375.2024.06.04.21.55.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jun 2024 21:55:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-201754-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b="MCx/TvRP"; arc=pass (i=1 spf=pass spfdomain=sifive.com dkim=pass dkdomain=sifive.com dmarc=pass fromdomain=sifive.com); spf=pass (google.com: domain of linux-kernel+bounces-201754-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-201754-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D5615B2155D for ; Wed, 5 Jun 2024 04:51:48 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3D66A135A40; Wed, 5 Jun 2024 04:51:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com header.b="MCx/TvRP" Received: from mail-io1-f49.google.com (mail-io1-f49.google.com [209.85.166.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 973C212F5A6 for ; Wed, 5 Jun 2024 04:51:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.49 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717563100; cv=none; b=ITNwyl6lVQ9tVqAMy6qRnFqKB0/IaiGhRSDpwfk73UV7NA6EUwSFquoRMoO1BGOlzRNitXAdj7sZNEpHOYoS+egsjC6A9fWwR4CMamnVgmX+/samqEXCcGdvRAp3TaGOl3vzHNYccKzNoYCPc7OFGArgFV1JkPvAdZGNuy86UCQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717563100; c=relaxed/simple; bh=fRj/9daOi684S1CjP8+/OFf16Zh4BiNKACL519r/dhE=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=UI8H+8jnnc1cdCvmXZZZyEWKgvKIiWaoFl4ep0W+VCe9w2wrP3yVOFpNlXEsjwX7bUSgRf68BizGaa7YxrrIKbsYpEyit5HkGUAVgF5vqR0KmsrTuny4CmIvwjfB5lxZgq+imv83CLCXND677QjosZ7mqEVHhxD5X0y3iCwqI4o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=sifive.com; spf=pass smtp.mailfrom=sifive.com; dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com header.b=MCx/TvRP; arc=none smtp.client-ip=209.85.166.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sifive.com Received: by mail-io1-f49.google.com with SMTP id ca18e2360f4ac-7e1f984312cso262889039f.2 for ; Tue, 04 Jun 2024 21:51:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1717563097; x=1718167897; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=f+9KIC2ZMxoi+KaQ4+bun3D6PF4buG3kzbZsU0iekQA=; b=MCx/TvRPnOGXYgjiFoHSXxbwPHz81PL5kLtlfNa46l0dMmMmeiRbvYLkGz+ZmM4nIp UlUFPQGS8u/v5Sjr3G2wAQ0C9L/qRcCRtB+JxMFYLFurL2K0vqHFTMuRFvm3u+UT8QpH 05JrU9avzjvoANS/q7OExYHOQ7pMHjcrKfaD1TmW3ikP6tTFzddfoBgqcznYnJymBDFQ GqZd62A61gL5wKfgwGDxGK+7F6ab2RG6ZU5QaN+kkP8m3tiOXkux8oJjm40foZnkfAxY j4fIBeNdUq4RKN1hiBszQzEtWBGKo83xEPp3gMwu4oqCYclAjCEy1TjcxqxDKfma+7er d55g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717563097; x=1718167897; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f+9KIC2ZMxoi+KaQ4+bun3D6PF4buG3kzbZsU0iekQA=; b=VkduO3NG171NXzS5CLPmXhsfaMLug8S3RltBNzpq3GCQqyMp5XV199hxzlX3kwgahH Vk3eAlB9yRW7LUrR6AtmqI+5g1yo4Y8whdQfKHOiUFGi+oC05mWiLY8u0VNU3GSyPwb0 4oXqSf6PoxCX8RlYTUoUprt6MufANbU2OtbnI0kqHEz686pS45V51lWatkgQqMeRZlW5 x82bw8Xt9w/UkAS6rzL+Ux7I91oCtxuZwPRLncQBX+cQiBEjX7add4S+DqsTfDjpXCNB MnPk+oKiOLQF8SfvBczT8rzLwiLbCo0dE/rQqOZmjVMTpNqzz4LLH5+o/qE+/iFR+LN3 D2rg== X-Forwarded-Encrypted: i=1; AJvYcCUJLUZdlW1Bya6zB9vtoG7C04wgHkla2o3kzxPaNxKiQyC/LkS+4RCMWhdMedTxYLC8Mn0b++M8Ite0i8wL5m2gl5UehkFf9aDVV0Rd X-Gm-Message-State: AOJu0YxfnedIcL9EzJNPHdbweHKLGCt9SH7BMQCKEi7jbtJhr8p0jcE4 be5yceOjpKdjAYpM30zyFhtZJyE3zkNjaIVsAnSSXMwjKXaZHmheD8PSfzL/qJ32UDpyqFhAFAK 9PjmkfoKvHr7883uug3LjpnLicZYY9AeW4rV8yg== X-Received: by 2002:a05:6602:3fc7:b0:7e1:85a5:36c0 with SMTP id ca18e2360f4ac-7eb3c8b52edmr187420039f.9.1717563097575; Tue, 04 Jun 2024 21:51:37 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240531162327.2436962-1-jesse@rivosinc.com> In-Reply-To: <20240531162327.2436962-1-jesse@rivosinc.com> From: Zong Li Date: Wed, 5 Jun 2024 12:51:26 +0800 Message-ID: Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address To: Jesse Taube Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Alexandre Ghiti , Palmer Dabbelt , Albert Ou , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Paul Walmsley , Nathan Chancellor , Nick Desaulniers , Masahiro Yamada Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Jun 1, 2024 at 12:23=E2=80=AFAM Jesse Taube wr= ote: > > Dectect the Zkr extension and use it to seed the kernel base address. > > Detection of the extension can not be done in the typical fashion, as > this is very early in the boot process. Instead, add a trap handler > and run it to see if the extension is present. > > Signed-off-by: Jesse Taube > --- > arch/riscv/kernel/pi/Makefile | 2 +- > arch/riscv/kernel/pi/archrandom_early.c | 71 +++++++++++++++++++++++++ > arch/riscv/mm/init.c | 3 ++ > 3 files changed, 75 insertions(+), 1 deletion(-) > create mode 100644 arch/riscv/kernel/pi/archrandom_early.c > > diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefil= e > index 50bc5ef7dd2f..9025eb52945a 100644 > --- a/arch/riscv/kernel/pi/Makefile > +++ b/arch/riscv/kernel/pi/Makefile > @@ -32,5 +32,5 @@ $(obj)/string.o: $(srctree)/lib/string.c FORCE > $(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE > $(call if_changed_rule,cc_o_c) > > -obj-y :=3D cmdline_early.pi.o fdt_early.pi.o string.pi.o ctype.= pi.o lib-fdt.pi.o lib-fdt_ro.pi.o > +obj-y :=3D cmdline_early.pi.o fdt_early.pi.o string.pi.o ctype.= pi.o lib-fdt.pi.o lib-fdt_ro.pi.o archrandom_early.pi.o > extra-y :=3D $(patsubst %.pi.o,%.o,$(obj-y)) > diff --git a/arch/riscv/kernel/pi/archrandom_early.c b/arch/riscv/kernel/= pi/archrandom_early.c > new file mode 100644 > index 000000000000..311be9388b5c > --- /dev/null > +++ b/arch/riscv/kernel/pi/archrandom_early.c > @@ -0,0 +1,71 @@ > +// SPDX-License-Identifier: GPL-2.0-only > + > +/* > + * To avoid rewriteing code include asm/archrandom.h and create macros > + * for the functions that won't be included. > + */ > + > +#define riscv_has_extension_likely(...) false > +#define pr_err_once(...) > + > +#include > +#include > +#include > + > +/* > + * Asm goto is needed so that the compiler does not remove the label. > + */ > + > +#define csr_goto_swap(csr, val) = \ > +({ \ > + unsigned long __v; \ > + __asm__ __volatile__ goto("csrrw %0, " __ASM_STR(csr) ", %1" \ > + : "=3Dr" (__v) : "rK" (&&val) = \ > + : "memory" : val); \ > + __v; \ > +}) > + > +/* > + * Declare the functions that are exported (but prefixed) here so that L= LVM > + * does not complain it lacks the 'static' keyword (which, if added, mak= es > + * LLVM complain because the function is actually unused in this file). > + */ > + > +u64 get_kaslr_seed_zkr(void); > + > +/* > + * This function is called by setup_vm to check if the kernel has the ZK= R. > + * Traps haven't been set up yet, but save and restore the TVEC to avoid > + * any side effects. > + */ > + > +static inline bool __must_check riscv_has_zkr(void) > +{ > + unsigned long tvec; > + > + tvec =3D csr_goto_swap(CSR_TVEC, not_zkr); > + csr_swap(CSR_SEED, 0); > + csr_write(CSR_TVEC, tvec); > + return true; > +not_zkr: > + csr_write(CSR_TVEC, tvec); > + return false; > +} > + > +u64 get_kaslr_seed_zkr(void) > +{ > + const int needed_seeds =3D sizeof(u64) / sizeof(long); > + int i =3D 0; > + u64 seed =3D 0; > + long *entropy =3D (long *)(&seed); > + > + if (!riscv_has_zkr()) > + return 0; > + > + for (i =3D 0; i < needed_seeds; i++) { > + if (!csr_seed_long(&entropy[i])) > + return 0; > + } > + > + return seed; > +} > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index 9940171c79f0..8ef1edd2cddd 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -1025,6 +1025,7 @@ static void __init pt_ops_set_late(void) > #ifdef CONFIG_RANDOMIZE_BASE > extern bool __init __pi_set_nokaslr_from_cmdline(uintptr_t dtb_pa); > extern u64 __init __pi_get_kaslr_seed(uintptr_t dtb_pa); > +extern u64 __init __pi_get_kaslr_seed_zkr(void); > > static int __init print_nokaslr(char *p) > { > @@ -1049,6 +1050,8 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa) > u32 kernel_size =3D (uintptr_t)(&_end) - (uintptr_t)(&_st= art); > u32 nr_pos; > > + if (kaslr_seed =3D=3D 0) > + kaslr_seed =3D __pi_get_kaslr_seed_zkr(); Could you elaborate on why we try to get the seed from DT first, rather than from ZKR? Also, I was wondering if, by any chance, it can leverage arch_get_random_seed_longs() to get the seed instead of __pi_get_kasler_seed_zkr()? Thanks > /* > * Compute the number of positions available: we are limi= ted > * by the early page table that only has one PUD and we m= ust > -- > 2.43.0 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv