| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Sep 2021 14:42:04 +0800
From: Nanyong Sun <sunnanyong@...wei.com>
To: Palmer Dabbelt <palmer@...belt.com>, <alex@...ti.fr>
CC: Paul Walmsley <paul.walmsley@...ive.com>, <aou@...s.berkeley.edu>,
"Anup Patel" <Anup.Patel@....com>,
<linux-riscv@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
Atish Patra <Atish.Patra@....com>,
<wangkefeng.wang@...wei.com>, <tiantao6@...ilicon.com>,
<qiuwenbo@...tium.com.cn>, <rppt@...nel.org>, <jszhang@...nel.org>,
<mick@....forth.gr>
Subject: Re: [PATCH v2 -next] riscv: mm: remove redundant trampoline PGD for
64bit
On 2021/8/14 6:08, Palmer Dabbelt wrote:
> On Mon, 02 Aug 2021 05:43:02 PDT (-0700), alex@...ti.fr wrote:
>> Hi Nanyong,
>>
>> Le 28/07/2021 à 13:55, Alex Ghiti a écrit :
>>>
>>>
>>> Le 28/07/2021 à 04:49, Nanyong Sun a écrit :
>>>> Remove redundant trampoline PGD for 64bit and add more comment
>>>> for why 32bit systems need trampoline PGD.
>>>>
>>>>
>>>> +load_kernel_pgd:
>>>> + /*
>>>> + * Switch to kernel page tables. A full fence is necessary
>>>> in order to
>>>> + * avoid using the trampoline translations, which are only
>>>> correct for
>>>> + * the first superpage. Fetching the fence is guarnteed
>>>> to work
>>>> + * because that first superpage is translated the same way.
>>>> + */
>>>> + csrw CSR_SATP, a2
>>>> + sfence.vma
>>>> +
>>>> +load_done:
>>>> /* Set trap vector to spin forever to help debug */
>>>> la a0, .Lsecondary_park
>>>> csrw CSR_TVEC, a0
>>
>>
>> I suppose stvec was set this way to catch any problem with early_pg_dir,
>> you moved that and then this defeats this original purpose.
>
Hi Alex,
I don't think so, before set early_pg_dir to satp, it's the
physical address world, we must set stvec as
the first place in virtual address world we want jump to. And I don't
think ".Lsecondary_park " can catch
problem of bad early_pg_dir, if the basic page table is wrong, CPU also
can not go to the virtual address stored in stvec correctly.
More, in the original code, before set trampoline_pg_dir, what if the
trampoline_pg_dir had a problem?
> Essentially.
>
> The specific issue is that the JTAG debug spec is defined (or at least
> was when I was using it, it's been years since I've needed to do that)
> in terms of committed instructions. Thus if you end up in a position
> where the processer is unable to commit an instruction you also lose
> the ability to do anything meaningful with the debugger, thus
> essentially locking up the system.
>
> The most common way to end up in a situation where the processor is
> unable to commit an instruction is to have a fault with an invalid
> trap vector: maybe dangling from M-mode, the last boot, reset,
> whatever. Then as soon as you take a trap the system locks up. Any
> trap before we have a working trap handler is a bug, but it's way
> harder to debug things when the debugger doesn't function.
>
> There is of course no way to fundamentally prevent these sort of
> no-commitable-instruction situations, but I got into the habbit of
> just setting up a trivial trap entry point ASAP -- it probably took a
> dozen rounds of trying to debug the debugger only to realize it was
> per spec to hang, but that idiom eventually crept into pretty much
> everything.
>
> Not sure if the debug spec is still written this way (or if debuggers
> respect it), as I haven't had to use one in a while.
>
>>
>>
>>>>
>>>> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
>>>> index ac48742fa6fc..306fcb2334fa 100644
>>>> --- a/arch/riscv/mm/init.c
>>>> +++ b/arch/riscv/mm/init.c
>>>> @@ -219,13 +219,17 @@ unsigned long pfn_base __ro_after_init;
>>>> EXPORT_SYMBOL(pfn_base);
>>>> pgd_t swapper_pg_dir[PTRS_PER_PGD] __page_aligned_bss;
>>>> +#ifndef CONFIG_64BIT
>>>> pgd_t trampoline_pg_dir[PTRS_PER_PGD] __page_aligned_bss;
>>>> +#endif /* CONFIG_64BIT */
>>
>>
>> As stated in Documentation/process/coding-style.rst, it is better to use
>> __maybe_unused rather than #ifdefs.
>>
>>
I'm afraid that __maybe_unused can not save one page memory here.
>>
>> Overall this version adds more complexity to assembly code than I
>> thought, but I don't see any way to improve that (which does not mean
>> there isn't!).
>>
>> Thanks,
>>
>> Alex
>>
Thanks for your review, let me figure out a better solution.
>>
>>> _______________________________________________
>>> linux-riscv mailing list
>>> linux-riscv@...ts.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists