On Thu, 20 Apr 2023 10:36:43 PDT (-0700), Palmer Dabbelt wrote: > On Tue, 28 Mar 2023 22:09:51 PDT (-0700), alexghiti@xxxxxxxxxxxx wrote: >> Add 2 early command line parameters that allow to downgrade satp mode >> (using the same naming as x86): >> - "no5lvl": use a 4-level page table (down from sv57 to sv48) >> - "no4lvl": use a 3-level page table (down from sv57/sv48 to sv39) >> >> Note that going through the device tree to get the kernel command line >> works with ACPI too since the efi stub creates a device tree anyway with >> the command line. >> >> In KASAN kernels, we can't use the libfdt that early in the boot process >> since we are not ready to execute instrumented functions. So instead of >> using the "generic" libfdt, we compile our own versions of those functions >> that are not instrumented and that are prefixed so that they do not >> conflict with the generic ones. We also need the non-instrumented versions >> of the string functions and the prefixed versions of memcpy/memmove. >> >> This is largely inspired by commit aacd149b6238 ("arm64: head: avoid >> relocating the kernel twice for KASLR") from which I removed compilation >> flags that were not relevant to RISC-V at the moment (LTO, SCS, pie). >> >> Signed-off-by: Alexandre Ghiti <alexghiti@xxxxxxxxxxxx> >> Tested-by: Björn Töpel <bjorn@xxxxxxxxxxxx> >> Reviewed-by: Björn Töpel <bjorn@xxxxxxxxxxxx> >> --- >> .../admin-guide/kernel-parameters.txt | 5 +- >> arch/riscv/kernel/Makefile | 2 + >> arch/riscv/kernel/pi/Makefile | 39 ++++++++++++ >> arch/riscv/kernel/pi/cmdline_early.c | 62 +++++++++++++++++++ >> arch/riscv/kernel/vmlinux.lds.S | 8 +++ >> arch/riscv/lib/memcpy.S | 2 + >> arch/riscv/lib/memmove.S | 2 + >> arch/riscv/lib/strlen.S | 1 + >> arch/riscv/mm/init.c | 36 +++++++++-- >> 9 files changed, 150 insertions(+), 7 deletions(-) >> create mode 100644 arch/riscv/kernel/pi/Makefile >> create mode 100644 arch/riscv/kernel/pi/cmdline_early.c >> >> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt >> index 6221a1d057dd..accc400b43f1 100644 >> --- a/Documentation/admin-guide/kernel-parameters.txt >> +++ b/Documentation/admin-guide/kernel-parameters.txt >> @@ -3576,7 +3576,10 @@ >> emulation library even if a 387 maths coprocessor >> is present. >> >> - no5lvl [X86-64] Disable 5-level paging mode. Forces >> + no4lvl [RISCV] Disable 4-level and 5-level paging modes. Forces >> + kernel to use 3-level paging instead. >> + >> + no5lvl [X86-64,RISCV] Disable 5-level paging mode. Forces >> kernel to use 4-level paging instead. >> >> nofsgsbase [X86] Disables FSGSBASE instructions. >> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile >> index 4cf303a779ab..aa22f87faeae 100644 >> --- a/arch/riscv/kernel/Makefile >> +++ b/arch/riscv/kernel/Makefile >> @@ -89,3 +89,5 @@ obj-$(CONFIG_EFI) += efi.o >> obj-$(CONFIG_COMPAT) += compat_syscall_table.o >> obj-$(CONFIG_COMPAT) += compat_signal.o >> obj-$(CONFIG_COMPAT) += compat_vdso/ >> + >> +obj-$(CONFIG_64BIT) += pi/ >> diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile >> new file mode 100644 >> index 000000000000..42c58f4ab53b >> --- /dev/null >> +++ b/arch/riscv/kernel/pi/Makefile >> @@ -0,0 +1,39 @@ >> +# SPDX-License-Identifier: GPL-2.0 >> +# This file was copied from arm64/kernel/pi/Makefile. >> + >> +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ >> + -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \ >> + $(call cc-option,-mbranch-protection=none) \ >> + -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \ >> + -D__DISABLE_EXPORTS -ffreestanding \ >> + -fno-asynchronous-unwind-tables -fno-unwind-tables \ >> + $(call cc-option,-fno-addrsig) >> + >> +KBUILD_CFLAGS += -mcmodel=medany >> + >> +CFLAGS_cmdline_early.o += -D__NO_FORTIFY >> +CFLAGS_lib-fdt_ro.o += -D__NO_FORTIFY >> + >> +GCOV_PROFILE := n >> +KASAN_SANITIZE := n >> +KCSAN_SANITIZE := n >> +UBSAN_SANITIZE := n >> +KCOV_INSTRUMENT := n >> + >> +$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ \ >> + --remove-section=.note.gnu.property \ >> + --prefix-alloc-sections=.init >> +$(obj)/%.pi.o: $(obj)/%.o FORCE >> + $(call if_changed,objcopy) >> + >> +$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE >> + $(call if_changed_rule,cc_o_c) >> + >> +$(obj)/string.o: $(srctree)/lib/string.c FORCE >> + $(call if_changed_rule,cc_o_c) >> + >> +$(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE >> + $(call if_changed_rule,cc_o_c) >> + >> +obj-y := cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt_ro.pi.o >> +extra-y := $(patsubst %.pi.o,%.o,$(obj-y)) >> diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c >> new file mode 100644 >> index 000000000000..05652d13c746 >> --- /dev/null >> +++ b/arch/riscv/kernel/pi/cmdline_early.c >> @@ -0,0 +1,62 @@ >> +// SPDX-License-Identifier: GPL-2.0-only >> +#include <linux/types.h> >> +#include <linux/init.h> >> +#include <linux/libfdt.h> >> +#include <linux/string.h> >> +#include <asm/pgtable.h> >> +#include <asm/setup.h> >> + >> +static char early_cmdline[COMMAND_LINE_SIZE]; >> + >> +/* >> + * Declare the functions that are exported (but prefixed) here so that LLVM >> + * does not complain it lacks the 'static' keyword (which, if added, makes >> + * LLVM complain because the function is actually unused in this file). >> + */ >> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa); >> + >> +static char *get_early_cmdline(uintptr_t dtb_pa) >> +{ >> + const char *fdt_cmdline = NULL; >> + unsigned int fdt_cmdline_size = 0; >> + int chosen_node; >> + >> + if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) { >> + chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen"); >> + if (chosen_node >= 0) { >> + fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node, >> + "bootargs", NULL); >> + if (fdt_cmdline) { >> + fdt_cmdline_size = strlen(fdt_cmdline); >> + strscpy(early_cmdline, fdt_cmdline, >> + COMMAND_LINE_SIZE); >> + } >> + } >> + } >> + >> + if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) || >> + IS_ENABLED(CONFIG_CMDLINE_FORCE) || >> + fdt_cmdline_size == 0 /* CONFIG_CMDLINE_FALLBACK */) { >> + strncat(early_cmdline, CONFIG_CMDLINE, >> + COMMAND_LINE_SIZE - fdt_cmdline_size); >> + } >> + >> + return early_cmdline; >> +} >> + >> +static u64 match_noXlvl(char *cmdline) >> +{ >> + if (strstr(cmdline, "no4lvl")) >> + return SATP_MODE_48; >> + else if (strstr(cmdline, "no5lvl")) >> + return SATP_MODE_57; >> + >> + return 0; >> +} >> + >> +u64 set_satp_mode_from_cmdline(uintptr_t dtb_pa) >> +{ >> + char *cmdline = get_early_cmdline(dtb_pa); >> + >> + return match_noXlvl(cmdline); >> +} >> diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.lds.S >> index 615ff5842690..b12a843ad426 100644 >> --- a/arch/riscv/kernel/vmlinux.lds.S >> +++ b/arch/riscv/kernel/vmlinux.lds.S >> @@ -83,6 +83,14 @@ SECTIONS >> /* Start of init data section */ >> __init_data_begin = .; >> INIT_DATA_SECTION(16) >> + >> + /* Those sections result from the compilation of kernel/pi/string.c */ >> + .init.pidata : { >> + *(.init.srodata.cst8*) >> + *(.init__bug_table*) >> + *(.init.sdata*) >> + } >> + >> .init.bss : { >> *(.init.bss) /* from the EFI stub */ >> } >> diff --git a/arch/riscv/lib/memcpy.S b/arch/riscv/lib/memcpy.S >> index 51ab716253fa..1a40d01a9543 100644 >> --- a/arch/riscv/lib/memcpy.S >> +++ b/arch/riscv/lib/memcpy.S >> @@ -106,3 +106,5 @@ WEAK(memcpy) >> 6: >> ret >> END(__memcpy) >> +SYM_FUNC_ALIAS(__pi_memcpy, __memcpy) >> +SYM_FUNC_ALIAS(__pi___memcpy, __memcpy) >> diff --git a/arch/riscv/lib/memmove.S b/arch/riscv/lib/memmove.S >> index e0609e1f0864..838ff2022fe3 100644 >> --- a/arch/riscv/lib/memmove.S >> +++ b/arch/riscv/lib/memmove.S >> @@ -314,3 +314,5 @@ return_from_memmove: >> >> SYM_FUNC_END(memmove) >> SYM_FUNC_END(__memmove) >> +SYM_FUNC_ALIAS(__pi_memmove, __memmove) >> +SYM_FUNC_ALIAS(__pi___memmove, __memmove) >> diff --git a/arch/riscv/lib/strlen.S b/arch/riscv/lib/strlen.S >> index 15bb8f3aa959..9d0055616f7b 100644 >> --- a/arch/riscv/lib/strlen.S >> +++ b/arch/riscv/lib/strlen.S >> @@ -131,3 +131,4 @@ strlen_zbb: >> .option pop >> #endif >> SYM_FUNC_END(strlen) >> +SYM_FUNC_ALIAS(__pi_strlen, strlen) >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >> index bce899b180cd..3ad771571c2d 100644 >> --- a/arch/riscv/mm/init.c >> +++ b/arch/riscv/mm/init.c >> @@ -746,6 +746,8 @@ static __init pgprot_t pgprot_from_va(uintptr_t va) >> #endif /* CONFIG_STRICT_KERNEL_RWX */ >> >> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL) >> +u64 __pi_set_satp_mode_from_cmdline(uintptr_t dtb_pa); >> + >> static void __init disable_pgtable_l5(void) >> { >> pgtable_l5_enabled = false; >> @@ -760,17 +762,39 @@ static void __init disable_pgtable_l4(void) >> satp_mode = SATP_MODE_39; >> } >> >> +static int __init print_no4lvl(char *p) >> +{ >> + pr_info("Disabled 4-level and 5-level paging"); >> + return 0; >> +} >> +early_param("no4lvl", print_no4lvl); >> + >> +static int __init print_no5lvl(char *p) >> +{ >> + pr_info("Disabled 5-level paging"); >> + return 0; >> +} >> +early_param("no5lvl", print_no5lvl); >> + >> /* >> * There is a simple way to determine if 4-level is supported by the >> * underlying hardware: establish 1:1 mapping in 4-level page table mode >> * then read SATP to see if the configuration was taken into account >> * meaning sv48 is supported. >> */ >> -static __init void set_satp_mode(void) >> +static __init void set_satp_mode(uintptr_t dtb_pa) >> { >> u64 identity_satp, hw_satp; >> uintptr_t set_satp_mode_pmd = ((unsigned long)set_satp_mode) & PMD_MASK; >> - bool check_l4 = false; >> + u64 satp_mode_cmdline = __pi_set_satp_mode_from_cmdline(dtb_pa); >> + >> + if (satp_mode_cmdline == SATP_MODE_57) { >> + disable_pgtable_l5(); >> + } else if (satp_mode_cmdline == SATP_MODE_48) { >> + disable_pgtable_l5(); >> + disable_pgtable_l4(); >> + return; >> + } >> >> create_p4d_mapping(early_p4d, >> set_satp_mode_pmd, (uintptr_t)early_pud, >> @@ -789,7 +813,8 @@ static __init void set_satp_mode(void) >> retry: >> create_pgd_mapping(early_pg_dir, >> set_satp_mode_pmd, >> - check_l4 ? (uintptr_t)early_pud : (uintptr_t)early_p4d, >> + pgtable_l5_enabled ? >> + (uintptr_t)early_p4d : (uintptr_t)early_pud, >> PGDIR_SIZE, PAGE_TABLE); >> >> identity_satp = PFN_DOWN((uintptr_t)&early_pg_dir) | satp_mode; >> @@ -800,9 +825,8 @@ static __init void set_satp_mode(void) >> local_flush_tlb_all(); >> >> if (hw_satp != identity_satp) { >> - if (!check_l4) { >> + if (pgtable_l5_enabled) { >> disable_pgtable_l5(); >> - check_l4 = true; >> memset(early_pg_dir, 0, PAGE_SIZE); >> goto retry; >> } >> @@ -1031,7 +1055,7 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa) >> #endif >> >> #if defined(CONFIG_64BIT) && !defined(CONFIG_XIP_KERNEL) >> - set_satp_mode(); >> + set_satp_mode(dtb_pa); >> #endif >> >> /* > > Alex found that we're missing -fpie, which was causing the LLVM boot > failures. I'm just going to squash in > > diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile > index 42c58f4ab53b..5d7cb991f2b8 100644 > --- a/arch/riscv/kernel/pi/Makefile > +++ b/arch/riscv/kernel/pi/Makefile > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: GPL-2.0 > # This file was copied from arm64/kernel/pi/Makefile. > > -KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ > +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) -fpie \ > -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \ > $(call cc-option,-mbranch-protection=none) \ > -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \ Looks like we got a bit ahead of ourselves, this trips up some warnings like riscv64-unknown-linux-gnu-ld: warning: orphan section `.got' from `init/main.o' being placed in section `.got' riscv64-unknown-linux-gnu-ld: warning: orphan section `.got.plt' from `init/main.o' being placed in section `.got.plt' I'm going to drop this for now, Alex is looking at a better fix. Sorry for the churn!