Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp264546lqp; Wed, 12 Jun 2024 00:15:39 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXoSIboOW2bZQdDRxAuNifogITN83s0xSaTOemx45XrmyEr3adoSQGsZnCArtRVCZr9cMTj0UfsCDKVXyUQPe0AUvVvh4GLQgaRRE5FEQ== X-Google-Smtp-Source: AGHT+IFpDsJAD+IUG/fDxH98IglZhYudJaTwnsg8qRUnPrp3bSF6m8IiHKDeyu2SsNwFfDCzIt8c X-Received: by 2002:a17:907:72c9:b0:a6f:48b2:aac5 with SMTP id a640c23a62f3a-a6f48b2ae99mr57671566b.15.1718176538972; Wed, 12 Jun 2024 00:15:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718176538; cv=pass; d=google.com; s=arc-20160816; b=lJZKJVDuhkd/vIzRXzMCJgvFAw7vVVgklY9XPy/mZM8xiQYpj5dYKsNTq4lGXy+AA6 FA+33ahKInZ3TYxnO0IQq+dNPWgPrOhTXeNY+aw43WPOc63ZrbmAweLZY2BS66skHi+g i7Pw2UyFVlChDBjcjfrrhuZH9/96CQwLpNv4PviEwcoS9oWheMTRNOh+kLOzKMEbIhM3 6aKpSpoy8JvEScGZEmOCXx/LcB5m4Bd01l5kwiPonps8QyK27hs5sDd2SH9J/SDSippH VPudtLW559KIUDS+oEsmGdwzJtp6TlP3Iyf8g29HfKCurB7DZQfU8m8TZR2RYFakCyyU 0Frw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=jsA9fUmKBK5EdL/aJskGAqPwShxYcp+fy8oN2nYqXck=; fh=Ps6Bl4IhRP9IuH4ioi4eszWcsaFcVpxSw17cBkKdKYA=; b=cFiCN9UpYfsEJZ9HVIqE+ePl5SsDXly9q9tfPDJSOJMkLOUcnCSwKbMxMeL9X9rhJR I1d4OWcW7l5Ieyu1O0M3nnobjXeNtxL+D77cBKOej05BTab/5x3JGs1Cvm/cL7HciiEa hu0nuNkBtCertWsuPt6K+mnqtAo4JG0fT95Crr8Rmq2cVjuMn6AwhDD9i/4cnDpG3t/Y NL8fVB/tz0w0Kndgo5qxRULp87UgrYu/tDh4tGhl6yeB3M/sGpItB3t74M6tm+n1SHzS Di+tVqMgI7s1OHH2Y0hp4Qlt+B5bPp0vmc0AXj5y2PcQUKwGFw0o39wKl+EN8cixC9JP Angw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=wiPXIsxX; arc=pass (i=1 spf=pass spfdomain=rivosinc.com dkim=pass dkdomain=rivosinc-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-211046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-211046-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a6f209a55e2si264418666b.129.2024.06.12.00.15.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jun 2024 00:15:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-211046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=wiPXIsxX; arc=pass (i=1 spf=pass spfdomain=rivosinc.com dkim=pass dkdomain=rivosinc-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-211046-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-211046-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 7C0731F23889 for ; Wed, 12 Jun 2024 07:15:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1304B6DD08; Wed, 12 Jun 2024 07:15:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="wiPXIsxX" Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52E1A28399 for ; Wed, 12 Jun 2024 07:15:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.44 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718176532; cv=none; b=ctJ5N1ZKE2U4LvtEdtVB3UWTNNsfNM0zMjuXAY5zP7Ng92LODieW8kk/9tFnZaifsE7N00XLU7AEmssvOAk4sMxZaVW5+Qw5frgMmMGiKGUTvI7R+098zpeBbCzhbnCPFPTAx3mOEWtlCeNkraEPb/dPg9PWV+vobAXF3jFkgIc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718176532; c=relaxed/simple; bh=xFVC0xPm0eXEmudJSkMxtaZYbBcNEsxUF+ByAkbY7cg=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Eyn+CFUcQsDo5odzsIhmWaQItNWsEKmTtuFCHUIFrRlcraO3Qa3c1dyUNGb5oa3OOHAvhq9aGn4b6Lsl9oaMO43A2ixcuTP6w9FgEplYFhbBiFsVFpyXs+HikuC0EqbRnR13n3SeG2AMsuXYvGJhN8DkQOKz7F9XICW9k71u8O4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=wiPXIsxX; arc=none smtp.client-ip=209.85.221.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-35f223c99a3so425292f8f.2 for ; Wed, 12 Jun 2024 00:15:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1718176528; x=1718781328; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=jsA9fUmKBK5EdL/aJskGAqPwShxYcp+fy8oN2nYqXck=; b=wiPXIsxXUSLsGCZnwVPXzKHLVLAiCGti0xf1nPMr1uuxbgY8oY3DqyhxB50fIs/Qv5 vB133lMzAXEgv8QKi8uq5JTKdO8SjGNAO19as/4fHlO+SonT1+G73hA8FASiHqU2UToU cc0/Wd5GvvJnC4H0pGA82vWKdHIy/YtZBVpQECpxZPBMMq3IAR2kmQHoXpuKsp5UcOIF pfgBsGnxVbIeDPjmi4kO8FMGHi5KZiYe3Zwy3S4bcUeOPGlj9/sOs7tgL92QORe34E4I PVfNDcqxYrMiD/aGtodxNjAwhTxc6Ye9BuOu32NZ/eNuGdfc6OiMkLYzQekdETL/CqXa bPrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718176528; x=1718781328; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jsA9fUmKBK5EdL/aJskGAqPwShxYcp+fy8oN2nYqXck=; b=dAGwYSVRJZXemQctK5WsugDGPvU9xNrapp0gyyEjOHhqo0IZh8Tb05thNZUyNUaQk/ Bc7p9vKVVhHYXSk7uf1KjZXhefsaqRTCsPYM1n2J8M9i7eDYVp5AiJeObQ9CNAefasmC P8LCY13+j4iiGshMhqcos9KndjqylwzFE/+LYALGhL1g6xbyedd8VPf6T0gwKnEKltQj Ai62n+r4wSAn99CJRV9dkkQwS3z2Sv2iZ+d9YpGUaGaBetgPlnwwCyNtzfBy3Oj4ClJN D7FFZDkIXMJDvuPhKEBfBfcEb8taXQpbOdamd25eW/ZnOUa5L46gQSqnTmox86Putw/g rFdw== X-Forwarded-Encrypted: i=1; AJvYcCU0c3D9MeixKmiQvYnsOTcZY7GjJ7WTGoNS0Fl49NLfVsZU3wfqoDQxn81pT/OcwZqdGhTcs6sSIKW6YiMihtmQO6L5WIkKOQWfRsgS X-Gm-Message-State: AOJu0YyqBGWmlVw5DJzWaF/A2PgorM3Lhuli0LVrOg+Wpi3fP+IwTTvs tz0hwvLztuiolnu1ZfxqxylcpQv6Gpj9cs4ZDV3Aqlc57Tq8wdZ+nAlV/rWKLeI= X-Received: by 2002:a05:600c:5487:b0:421:7ee4:bbfe with SMTP id 5b1f17b1804b1-42285d851b0mr6833735e9.0.1718176528377; Wed, 12 Jun 2024 00:15:28 -0700 (PDT) Received: from ?IPV6:2a01:e0a:999:a3a0:e10f:8f03:e7e9:a919? ([2a01:e0a:999:a3a0:e10f:8f03:e7e9:a919]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42286fe75ebsm13845365e9.9.2024.06.12.00.15.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 12 Jun 2024 00:15:27 -0700 (PDT) Message-ID: Date: Wed, 12 Jun 2024 09:15:26 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address To: Deepak Gupta , Conor Dooley Cc: Conor Dooley , Alexandre Ghiti , Jesse Taube , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Alexandre Ghiti , Palmer Dabbelt , Albert Ou , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Paul Walmsley , Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Atish Patra References: <20240531162327.2436962-1-jesse@rivosinc.com> <20240531-uselessly-spied-262ecf44e694@spud> <20240603-stinking-roster-cfad46696ae5@spud> <20240610-qualm-chalice-72d0cc743658@wendy> <01547275-8c8c-43cf-9da0-64825c234707@rivosinc.com> <20240610-earplugs-anybody-ebd04a5fa777@spud> Content-Language: en-US From: =?UTF-8?B?Q2zDqW1lbnQgTMOpZ2Vy?= In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On 11/06/2024 17:32, Deepak Gupta wrote: > On Mon, Jun 10, 2024 at 10:56:35PM +0100, Conor Dooley wrote: >> On Mon, Jun 10, 2024 at 02:06:50PM -0700, Deepak Gupta wrote: >>> On Mon, Jun 10, 2024 at 11:16:42AM +0200, Clément Léger wrote: >>> > On 10/06/2024 11:02, Conor Dooley wrote: >>> > > On Mon, Jun 10, 2024 at 10:33:34AM +0200, Clément Léger wrote: >>> > > > On 07/06/2024 20:51, Deepak Gupta wrote: >>> > > > > On Mon, Jun 03, 2024 at 01:47:40PM +0100, Conor Dooley wrote: >>> > > > > > On Mon, Jun 03, 2024 at 11:14:49AM +0200, Alexandre Ghiti >>> wrote: >>> > > > > I don't know all the details but on first glance it seems >>> like instead >>> > > > > of ACPI, >>> > > > > may be FWFT is a better place for discovery ? >>> > > > > >>> https://lists.riscv.org/g/tech-prs/topic/patch_v12_add_firmware/106479571 >>> > > > >>> > > > IMHO, doing discovery in FWFT is not the goal of this >>> extension. I think >>> > > > the "real" solution would be to wait for the unified discovery >>> task >>> > > > group to come up with something for that (which is their goal I >>> think) [1] >>> >>> Yeah I understand the conundrum here. >>> >>> > > >>> > > I'm curious to see how that works out. The proposal documents an >>> m-mode >>> > > csr, so we'd have to smuggle the information to s-mode somehow... >>> > >>> > Ahem, yeah, I spoke a bit too fast. Looked at the proposal and the >>> > mconfigptr CSR will be accessible by M-mode only so I guess we will >>> have >>> > to find another way... >>> >>> That's not the only problem. Even if you get mconfigptr access, >>> parsing the format >>> is another thing that has to be done. This is early in boot. Although >>> its strictly (pun >>> intended) not a firmware feature extension, I think it's much easier >>> to ask underlying >>> firmware if platform is `Sstrict`. or may be expose something like below >>> >>> `ENABLE_SSTRICT`. >>> Platforms which support `Sstrict` can return success for this while >>> platforms which don't >>> have `Sstrict` can return error code (not supported or not implemented). >>> This way its not feature discovery. >> >> I mean, it's feature discovery in all but name. You're calling it >> enable, but the behaviour you describe is feature discovery - not that I >> am against this being feature discovery since it gets us out of an >> annoying bind. > > Yes I know it's cheating but at least for this case, it seems like easy > solution which > doesn't break anything. Neither I see it creating any future problems > (except FWFT becoming > to look like discovery mechanism :-) and Clement/Atish hating me for that) Ahah no worries;) Thinking a bit more about it, if we need only a few extensions to be discoverable, it seems manageable (ie add a "locked" feature that report the extension availability itself, get only will work, set will return SBI_EDENIED). But if need more of them, then a dedicated mechanism should probably be designed. Clément > > Another solution to this could be introducing a riscv config > `CONFIG_RISCV_SSTRICT`. > By default always select `CONFIG_RISCV_SSTRICT` and any platform owner > who are not > sstrict, they can build their own. > I expect distro (ubuntu, red hat, etc) would want by default > `CONFIG_RISCV_SSTRICT`. > >> >> I forget which extension Alex and I discussed previously, but there's >> some mm-related things that you're gonna have to probe super early and >> we need to figure out if we can get that info from ACPI or not. I know >> we discussed it w.r.t. one of the T-Head vendor extensions, but I think >> another standard one got mentioned too. >> >>> It seems like arm64 parses fdt and it reads certain CSRs too >>> (`arch/arm64/kernel/pi/kaslr_early.c`). Although it doesn't look like >>> it has to do any >>> discovery for them. >> >> A decree from the Palmer that we don't support things that do not conform >> in this manner would allow us to do what arm64 does. I brought this up >> originally because it's been discussed before that we cannot rely on >> conformance because we want to support people's platforms, whether they >> comply or not. I'd be wary of making this an exception now, and then >> later on someone makes a platform we want to support that doesn't >> conform and hey presto, we regress KASLR support - even if I think it is >> pretty unlikely that someone is going to repurpose the Zkr CSRs. >> >> One of the problems with only supporting conforming platforms is that >> the definition of conforming changes over time! This has happened with >> the Andes PMU for example, which I believe uses an interrupt number that >> was later co-opted by AIA spec. That conformed at the time, but doesn't >> anymore - do they get to mark themselves as Sstrict? >> >> Maybe we can do this on a case-by-case basis, but it's up to Palmer >> whether or not we can do that.