| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Feb 2023 14:10:11 +0100
From: Björn Töpel <bjorn@...nel.org>
To: Alexandre Ghiti <alexghiti@...osinc.com>,
Jonathan Corbet <corbet@....net>,
Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>,
Conor Dooley <conor@...nel.org>,
Ard Biesheuvel <ardb@...nel.org>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org
Cc: Alexandre Ghiti <alexghiti@...osinc.com>
Subject: Re: [PATCH v4 1/1] riscv: Allow to downgrade paging mode from the
command line
Alexandre Ghiti <alexghiti@...osinc.com> writes:
> Add 2 early command line parameters that allow to downgrade satp mode
> (using the same naming as x86):
> - "no5lvl": use a 4-level page table (down from sv57 to sv48)
> - "no4lvl": use a 3-level page table (down from sv57/sv48 to sv39)
>
> Note that going through the device tree to get the kernel command line
> works with ACPI too since the efi stub creates a device tree anyway with
> the command line.
>
> In KASAN kernels, we can't use the libfdt that early in the boot process
> since we are not ready to execute instrumented functions. So instead of
> using the "generic" libfdt, we compile our own versions of those functions
> that are not instrumented and that are prefixed so that they do not
> conflict with the generic ones. We also need the non-instrumented versions
> of the string functions and the prefixed versions of memcpy/memmove.
>
> This is largely inspired by commit aacd149b6238 ("arm64: head: avoid
> relocating the kernel twice for KASLR") from which I removed compilation
> flags that were not relevant to RISC-V at the moment (LTO, SCS, pie).
>
> Signed-off-by: Alexandre Ghiti <alexghiti@...osinc.com>
> ---
> .../admin-guide/kernel-parameters.txt | 5 +-
> arch/riscv/kernel/Makefile | 2 +
> arch/riscv/kernel/pi/Makefile | 34 ++++++++++++
> arch/riscv/kernel/pi/cmdline_early.c | 52 +++++++++++++++++++
> arch/riscv/lib/memcpy.S | 2 +
> arch/riscv/lib/memmove.S | 2 +
> arch/riscv/mm/init.c | 36 ++++++++++---
> 7 files changed, 126 insertions(+), 7 deletions(-)
> create mode 100644 arch/riscv/kernel/pi/Makefile
> create mode 100644 arch/riscv/kernel/pi/cmdline_early.c
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 6cfa6e3996cf..1d8fc66d2b0d 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -3578,7 +3578,10 @@
> emulation library even if a 387 maths coprocessor
> is present.
>
> - no5lvl [X86-64] Disable 5-level paging mode. Forces
> + no4lvl [RISCV] Disable 4-level and 5-level paging modes. Forces
> + kernel to use 3-level paging instead.
> +
> + no5lvl [X86-64,RISCV] Disable 5-level paging mode. Forces
> kernel to use 4-level paging instead.
>
> nofsgsbase [X86] Disables FSGSBASE instructions.
> diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile
> index 4cf303a779ab..6756209f1ac6 100644
> --- a/arch/riscv/kernel/Makefile
> +++ b/arch/riscv/kernel/Makefile
> @@ -89,3 +89,5 @@ obj-$(CONFIG_EFI) += efi.o
> obj-$(CONFIG_COMPAT) += compat_syscall_table.o
> obj-$(CONFIG_COMPAT) += compat_signal.o
> obj-$(CONFIG_COMPAT) += compat_vdso/
> +
> +obj-y += pi/
> diff --git a/arch/riscv/kernel/pi/Makefile b/arch/riscv/kernel/pi/Makefile
> new file mode 100644
> index 000000000000..554e936ef0b6
> --- /dev/null
> +++ b/arch/riscv/kernel/pi/Makefile
> @@ -0,0 +1,34 @@
> +# SPDX-License-Identifier: GPL-2.0
> +# This file was copied from arm64/kernel/pi/Makefile.
> +
> +KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> + -Os -DDISABLE_BRANCH_PROFILING $(DISABLE_STACKLEAK_PLUGIN) \
> + $(call cc-option,-mbranch-protection=none) \
> + -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
> + -D__DISABLE_EXPORTS -ffreestanding \
> + -fno-asynchronous-unwind-tables -fno-unwind-tables \
> + $(call cc-option,-fno-addrsig)
> +
> +GCOV_PROFILE := n
> +KASAN_SANITIZE := n
> +KCSAN_SANITIZE := n
> +UBSAN_SANITIZE := n
> +KCOV_INSTRUMENT := n
> +
> +$(obj)/%.pi.o: OBJCOPYFLAGS := --prefix-symbols=__pi_ \
> + --remove-section=.note.gnu.property \
> + --prefix-alloc-sections=.init
> +$(obj)/%.pi.o: $(obj)/%.o FORCE
> + $(call if_changed,objcopy)
> +
> +$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +$(obj)/string.o: $(srctree)/lib/string.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +$(obj)/ctype.o: $(srctree)/lib/ctype.c FORCE
> + $(call if_changed_rule,cc_o_c)
> +
> +obj-y := cmdline_early.pi.o string.pi.o ctype.pi.o lib-fdt.pi.o lib-fdt_ro.pi.o
> +extra-y := $(patsubst %.pi.o,%.o,$(obj-y))
> diff --git a/arch/riscv/kernel/pi/cmdline_early.c b/arch/riscv/kernel/pi/cmdline_early.c
> new file mode 100644
> index 000000000000..5ae7b853fa66
> --- /dev/null
> +++ b/arch/riscv/kernel/pi/cmdline_early.c
> @@ -0,0 +1,52 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +#include <linux/types.h>
> +#include <linux/init.h>
> +#include <linux/libfdt.h>
> +#include <linux/string.h>
> +#include <asm/pgtable.h>
> +#include <asm/setup.h>
> +
> +static char early_cmdline[COMMAND_LINE_SIZE] __initdata;
> +
> +static char * __init get_early_cmdline(uintptr_t dtb_pa)
> +{
> + const char *fdt_cmdline = NULL;
> + unsigned int fdt_cmdline_size = 0;
> + int chosen_node;
> +
> + if (!IS_ENABLED(CONFIG_CMDLINE_FORCE)) {
> + chosen_node = fdt_path_offset((void *)dtb_pa, "/chosen");
> + if (chosen_node >= 0) {
> + fdt_cmdline = fdt_getprop((void *)dtb_pa, chosen_node,
> + "bootargs", NULL);
Alex and I have been running some more tests, and fdt_cmdline is missing
a NULL-check here.
We'll need a v5 to fix this!
Björn
Powered by blists - more mailing lists