Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp276558lqp; Wed, 12 Jun 2024 00:48:43 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUquyGIgHJ9SO4P1mkxdLLKv9Yxq1Bmg7id8mf6J2uhQ5MEIzuzkxsynGCosPRkmzHaXcDDu1hnAeDRtcOaEodGrZR3rFQimBO5PrAD4A== X-Google-Smtp-Source: AGHT+IE70V1p/V12Y5nWfnju95EHzEYVkzmeYjqvedmOEIHpN5Vdha21uF72PTNpiFyrZWK3zINl X-Received: by 2002:a05:6a21:999a:b0:1af:b1c0:c9eb with SMTP id adf61e73a8af0-1b8a9c50facmr1325007637.45.1718178523698; Wed, 12 Jun 2024 00:48:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718178523; cv=pass; d=google.com; s=arc-20160816; b=WqTfXgdz8LhdZGf4qHmmhe0Qkm/og/UT5JI+rwRKJTF6HXLBszU2z6ebVN57IkVpnA 3jDXbgG/SFJFTuUsdT9OF+/hFGR4oPSo1rRzW4/pFxbXZgEZotg8SPPR+HLk/+4Mu7T9 vq5PCQOBGH23DVPhr1jm5XgHNy9yVX4NfmBFmjHdXrMZMGLz/sQpzRxm0PaFho6SroWI XuX6/Y1XGktuqOLxxarLyMlgwP+zoyCpbICxyjYPdwhnFWjDCDucTenLlWH+HEd77krH L8SIakQPV8N0WGYSU+APmbhDefbmny6V0O1SwdWERRclOFjMV7QsHAuWM530UfoQ+Wsx TXxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=lBUAuCh6WQTSc26sbqbHcPEdHufPV6icZ6onUz+5Vaw=; fh=n660k1ndb3dMN9uhbNInH0C5lwPNEpvm8uSJ0CBshC0=; b=HaIlnMPGPHl6APaC8808CuezZeJ55ginjV0jaSj6HiXgLhQE/i1tpP0tqpFMpUDP3S JnNB/qRwKQju1msqQcsfBDxwev41vV8jdSpkpNUNHorHBBtc5ArnjBBVSyjHypUGR7VK omfH7+xKnEcE3F1XCkCPkw/SHXTnKJDj3W7wM4NTLBjLI/N88KCyLXtzMClpa6hDKqGl 2jl4SoFnc05Lv3r0kYmxsRyNnShmA+bN/5mQMK2uKhVVCX0PYt0VOBve0yq0Lrjun8+P cw9/2nbPVqrtt/UI1A4Qui2gn/2lFfuQgYoHJJLvwvZGidlEdgzudjxb/UdSRzwl2Nor rOzg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=owgj1tK8; arc=pass (i=1 spf=pass spfdomain=rivosinc.com dkim=pass dkdomain=rivosinc-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-211100-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-211100-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id 41be03b00d2f7-6e360e831cfsi7317825a12.386.2024.06.12.00.48.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jun 2024 00:48:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-211100-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=owgj1tK8; arc=pass (i=1 spf=pass spfdomain=rivosinc.com dkim=pass dkdomain=rivosinc-com.20230601.gappssmtp.com); spf=pass (google.com: domain of linux-kernel+bounces-211100-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-211100-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E152E282742 for ; Wed, 12 Jun 2024 07:48:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 86F0E16C445; Wed, 12 Jun 2024 07:48:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="owgj1tK8" Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAB2417C9 for ; Wed, 12 Jun 2024 07:48:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.44 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718178516; cv=none; b=qYHTJYakqmm5SDX0Vfs7FeGYM+4hRlqxTCR8Jt7ZXX3PupmBcdhfd1Kb8uwL+oGD+ZldD9HUJWA4KTZSBl1sC0NqkUL4QlK6l5/A73Y9Aj4+ceEi3PrbPQ/BWsJhD4Xy1mif55VnoX1Z5q08EhKE0dJnQIVWlhwdDYKEEPbn01k= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718178516; c=relaxed/simple; bh=lBUAuCh6WQTSc26sbqbHcPEdHufPV6icZ6onUz+5Vaw=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=JHSLAHNe5HNQWzh7V8svH40QkqzdXIMrLYDSlCL5YI0xPcfirOGO7G8C/V2U1QkUatW++If3CAI4vsZjRyDVqJwZBKltbF1igWdQ0o8BYRmKyw7RSJBspPzF7tt1Oa+QBxqS+t/XWMUzbUUPdJsKO1cFCEYV5tvv62QZna49rdc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=owgj1tK8; arc=none smtp.client-ip=209.85.167.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Received: by mail-lf1-f44.google.com with SMTP id 2adb3069b0e04-52c32d934c2so4015261e87.2 for ; Wed, 12 Jun 2024 00:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1718178513; x=1718783313; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=lBUAuCh6WQTSc26sbqbHcPEdHufPV6icZ6onUz+5Vaw=; b=owgj1tK8aFPFVvcihFZ3Vb9aoNIkduMy4hIEWAMe/slmZrh+1y4pFthSsVuhILzaQH MBvSSam9A88BIR2J9XAb/VmqwzBM0OoBE9wgGfrF8LYBBzpgblnHbmmGVp4iP6ivScuU BdTL8shi+gWTtvkdRWT2AzakeO3PgAqpywvpa+YKCfcx561OwMzghvyM3+W6Z95sR4VP RvG1g/TzmpmH53XkqEEBe8ORO2/zNg77cm5YVMzVqLPmYvCmnKDMAjJVjh77FSEIP6TZ iHLZZ/3bHJwxX2gJWvyaVDdgZbs6k1uJZ9n9fgIJrMKgboK+5k9mRWzYL9v0gDc6or4F vxZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718178513; x=1718783313; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lBUAuCh6WQTSc26sbqbHcPEdHufPV6icZ6onUz+5Vaw=; b=iO06TPp+jR9/Lm6pe4YTXkUoMS+c/jwVr0fZjWmDgT+dKZ34dsB0Zvf8jYyLyx01PP 3fAr1SWZj6C+DGVABpI3oeHVSqL0Zjg4cHzPesQaMBaRnR3hqgbBw1vES0Lv5jwot1tJ VeEPYNKzfHRw/xcB7jVqKW7CSDLgGKs7zgkJS5kV1zHFiCIiemYejZXlKtvHJnsexeM0 7+UyUGZPFqWQOkyFqERhckmWIYfelWL2TLEoM1ihbEqhtWWtWZ58NDW93lqPYCneZruZ r5lETQSxKvp7leGskqWI71+hqwUD6M4h47Wk7mnSQl1OUwVLCTAsGRs7ohOiA9NH+CpZ WljA== X-Forwarded-Encrypted: i=1; AJvYcCWIBXnrVPRbQlYtVveHYGYBsD13nhO7JnyX+gnsqVVevZ9ShmoYfzTZylcVrbiZ+sFb3zNkDg3U+5pipL0oeSKDneJ+c2FFXOMoxBqr X-Gm-Message-State: AOJu0Yw/CSMJyNuTnLB47Iy1I5tc7G3FfuZ4yn3Vo9M7IEvNn/aC/Ejd GwhbJw23ZI16TFBA+Fj1+w955MFts5toagXFgmvv3BgFkI3q7rlyIiAv2+gdXwlrf+RiheHryvn DoR64t2bs2Nup0xXORi1ONchOsIAIwQvICk7jwQ== X-Received: by 2002:a05:6512:1284:b0:52c:7a2d:5d5d with SMTP id 2adb3069b0e04-52c9a3b9e12mr725836e87.3.1718178513041; Wed, 12 Jun 2024 00:48:33 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240531162327.2436962-1-jesse@rivosinc.com> <20240531-uselessly-spied-262ecf44e694@spud> <20240603-stinking-roster-cfad46696ae5@spud> <20240610-qualm-chalice-72d0cc743658@wendy> <01547275-8c8c-43cf-9da0-64825c234707@rivosinc.com> <20240610-earplugs-anybody-ebd04a5fa777@spud> In-Reply-To: From: Atish Kumar Patra Date: Wed, 12 Jun 2024 00:48:23 -0700 Message-ID: Subject: Re: [PATCH v0] RISC-V: Use Zkr to seed KASLR base address To: =?UTF-8?B?Q2zDqW1lbnQgTMOpZ2Vy?= Cc: Deepak Gupta , Conor Dooley , Conor Dooley , Alexandre Ghiti , Jesse Taube , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Alexandre Ghiti , Palmer Dabbelt , Albert Ou , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Paul Walmsley , Nathan Chancellor , Nick Desaulniers , Masahiro Yamada Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jun 12, 2024 at 12:15=E2=80=AFAM Cl=C3=A9ment L=C3=A9ger wrote: > > > > On 11/06/2024 17:32, Deepak Gupta wrote: > > On Mon, Jun 10, 2024 at 10:56:35PM +0100, Conor Dooley wrote: > >> On Mon, Jun 10, 2024 at 02:06:50PM -0700, Deepak Gupta wrote: > >>> On Mon, Jun 10, 2024 at 11:16:42AM +0200, Cl=C3=A9ment L=C3=A9ger wro= te: > >>> > On 10/06/2024 11:02, Conor Dooley wrote: > >>> > > On Mon, Jun 10, 2024 at 10:33:34AM +0200, Cl=C3=A9ment L=C3=A9ger= wrote: > >>> > > > On 07/06/2024 20:51, Deepak Gupta wrote: > >>> > > > > On Mon, Jun 03, 2024 at 01:47:40PM +0100, Conor Dooley wrote: > >>> > > > > > On Mon, Jun 03, 2024 at 11:14:49AM +0200, Alexandre Ghiti > >>> wrote: > >>> > > > > I don't know all the details but on first glance it seems > >>> like instead > >>> > > > > of ACPI, > >>> > > > > may be FWFT is a better place for discovery ? > >>> > > > > > >>> https://lists.riscv.org/g/tech-prs/topic/patch_v12_add_firmware/10647= 9571 > >>> > > > > >>> > > > IMHO, doing discovery in FWFT is not the goal of this > >>> extension. I think > >>> > > > the "real" solution would be to wait for the unified discovery > >>> task > >>> > > > group to come up with something for that (which is their goal I > >>> think) [1] > >>> > >>> Yeah I understand the conundrum here. > >>> > >>> > > > >>> > > I'm curious to see how that works out. The proposal documents an > >>> m-mode > >>> > > csr, so we'd have to smuggle the information to s-mode somehow... > >>> > > >>> > Ahem, yeah, I spoke a bit too fast. Looked at the proposal and the > >>> > mconfigptr CSR will be accessible by M-mode only so I guess we will > >>> have > >>> > to find another way... > >>> > >>> That's not the only problem. Even if you get mconfigptr access, > >>> parsing the format > >>> is another thing that has to be done. This is early in boot. Although > >>> its strictly (pun > >>> intended) not a firmware feature extension, I think it's much easier > >>> to ask underlying > >>> firmware if platform is `Sstrict`. or may be expose something like be= low > >>> > >>> `ENABLE_SSTRICT`. > >>> Platforms which support `Sstrict` can return success for this while > >>> platforms which don't > >>> have `Sstrict` can return error code (not supported or not implemente= d). > >>> This way its not feature discovery. > >> > >> I mean, it's feature discovery in all but name. You're calling it > >> enable, but the behaviour you describe is feature discovery - not that= I > >> am against this being feature discovery since it gets us out of an > >> annoying bind. > > > > Yes I know it's cheating but at least for this case, it seems like easy > > solution which > > doesn't break anything. Neither I see it creating any future problems > > (except FWFT becoming > > to look like discovery mechanism :-) and Clement/Atish hating me for th= at) > > Ahah no worries;) Thinking a bit more about it, if we need only a few > extensions to be discoverable, it seems manageable (ie add a "locked" > feature that report the extension availability itself, get only will > work, set will return SBI_EDENIED). But if need more of them, then a > dedicated mechanism should probably be designed. > Retrying again as gmail switched my default to html again :(. Sorry for the spam. Yes. Once it is allowed, there will be many more in the future :). Reading this thread, it seems we need early detection for these 3 now. Zabha/Zacas/Zkr Is there any use case for obtaining additional information related to an ISA or just extension presence is enough ? +Sunil (in case he has some tricks in ACPI land for early parsing). Otherwise, we may have to come up with a separate mechanism for early detec= tion. > Cl=C3=A9ment > > > > > Another solution to this could be introducing a riscv config > > `CONFIG_RISCV_SSTRICT`. > > By default always select `CONFIG_RISCV_SSTRICT` and any platform owner > > who are not > > sstrict, they can build their own. > > I expect distro (ubuntu, red hat, etc) would want by default > > `CONFIG_RISCV_SSTRICT`. > > > >> > >> I forget which extension Alex and I discussed previously, but there's > >> some mm-related things that you're gonna have to probe super early and > >> we need to figure out if we can get that info from ACPI or not. I know > >> we discussed it w.r.t. one of the T-Head vendor extensions, but I thin= k > >> another standard one got mentioned too. > >> > >>> It seems like arm64 parses fdt and it reads certain CSRs too > >>> (`arch/arm64/kernel/pi/kaslr_early.c`). Although it doesn't look like > >>> it has to do any > >>> discovery for them. > >> > >> A decree from the Palmer that we don't support things that do not conf= orm > >> in this manner would allow us to do what arm64 does. I brought this up > >> originally because it's been discussed before that we cannot rely on > >> conformance because we want to support people's platforms, whether the= y > >> comply or not. I'd be wary of making this an exception now, and then > >> later on someone makes a platform we want to support that doesn't > >> conform and hey presto, we regress KASLR support - even if I think it = is > >> pretty unlikely that someone is going to repurpose the Zkr CSRs. > >> > >> One of the problems with only supporting conforming platforms is that > >> the definition of conforming changes over time! This has happened with > >> the Andes PMU for example, which I believe uses an interrupt number th= at > >> was later co-opted by AIA spec. That conformed at the time, but doesn'= t > >> anymore - do they get to mark themselves as Sstrict? > >> > >> Maybe we can do this on a case-by-case basis, but it's up to Palmer > >> whether or not we can do that.