| Message ID | 20231121211958.3158576-1-samuel.holland@sifive.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp921540vqb;
Tue, 21 Nov 2023 13:20:07 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEVu/reN66ZxROYYpQMVMYuuhlS8H6H0F4/3qIDT2KYWOBidHsR4DnAHZErMbuf9XesmdNm
X-Received: by 2002:a17:90b:1e43:b0:280:2823:6615 with SMTP id
pi3-20020a17090b1e4300b0028028236615mr491168pjb.36.1700601606922;
Tue, 21 Nov 2023 13:20:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1700601606; cv=none;
d=google.com; s=arc-20160816;
b=Md023syR53BLIYszy6I9SIcp9KkUTd4lbr7O2xSv7Ej7zbwT+qtb+uHms0AzedZ5ch
RG1gY61AT86dFY+xnqc8jUPxZZoXESM4VccAG15w1rNb6d+m/X2kAhIy6Q5mhboR/kzC
ai/PmTEUjoNCKrjF25jHyUTY2tEHpJ2h0mc1mlBswh3N5HnkB3mDoQZP2be4M1EDg1dE
wYxL2n14Ki8GNymJVPJLZ0RCaa0oZe8v2G0AuIB5oYD2y9UzneiAmewquE+fmaqg4ylX
v6C46N/p/PXhuVdtZv0ovqujwvqQAtfPqHXY879Nn9DUwGK6MfsCSwhAj0YheGSiE3kX
wbbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=kgh0uBFCCexs3X74tOvJ4nUeduxVPgSncyExFdlszoE=;
fh=QyPXK8y9vNUA6Bp4CUt+5OziX6ZjNxcjDKJewqe0NsU=;
b=YxSiY01UWATLDr/HOYq031PiypMENm0RFMtrWqHM78O1B1nQBjMHQ4DWEy0hTObquH
np3mG/wO3DTmsXT18agoAGLMHIcHRq9fKASMoWOl6EgQFkbrl3oIGOMozbu84NiRBVVm
Gv9kx8EOVdb9lB3k5zNIGC2MdCubCAHz7G+EDkMednGgoPc6DPm44roM5A5jzgqDZhy5
vVGY8zgBk+HA5svuF0xw3BSVitN+CTdEdUeqsuKrTLxaWogUnRulITc8EFiEEJ+WA1Kt
OVri2rrlRed8xPiR+t0SwY4EdSdDvHFgp+0KtLATWTQ4dxG+lALhkJmvSfaoD7hXq4E/
oqnw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sifive.com header.s=google header.b=NWrvpVlR;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.37 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
by mx.google.com with ESMTPS id
mw12-20020a17090b4d0c00b0027cef9ad081si13895560pjb.164.2023.11.21.13.20.06
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 21 Nov 2023 13:20:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sifive.com header.s=google header.b=NWrvpVlR;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.37 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by snail.vger.email (Postfix) with ESMTP id E85FA8127F59;
Tue, 21 Nov 2023 13:20:05 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229513AbjKUVUH (ORCPT <rfc822;ouuuleilei@gmail.com> + 99 others);
Tue, 21 Nov 2023 16:20:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49746 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229488AbjKUVUF (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 21 Nov 2023 16:20:05 -0500
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com
[IPv6:2607:f8b0:4864:20::635])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89A82DD
for <linux-kernel@vger.kernel.org>;
Tue, 21 Nov 2023 13:20:02 -0800 (PST)
Received: by mail-pl1-x635.google.com with SMTP id
d9443c01a7336-1cc5b705769so53527265ad.0
for <linux-kernel@vger.kernel.org>;
Tue, 21 Nov 2023 13:20:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sifive.com; s=google; t=1700601602; x=1701206402;
darn=vger.kernel.org;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=kgh0uBFCCexs3X74tOvJ4nUeduxVPgSncyExFdlszoE=;
b=NWrvpVlRJSXz5Wnq1IjLlrZtLgt4/VEF/YlAuegMrTBp2xz1ycAONpLL2vTC20MKl4
VWfe5gFJY7TDzrAaJCuttj7hu6DI5KwCWnbDCDQIK5G0FxyqH0hmQjU1T3qAQhRtk0Hh
bgReLgODRrvtDw2Umy6GWZ23KATTAizL3DDZgOFUqjW8fMgawNmbp4XPbodoeaOzzpz9
skgj9mOLzm+ywPuaHF3brWxUmC9Pi+7KGE1eUxNULtWNZJDLXTzO2aEwjGqV90MkXfWX
yLQKnbLG/ChooGqHuvvueY1lsnvtMA66lSmgM32rgUZSCVoU/Vnjr1Ve2mkLw+exmx2Q
AdDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1700601602; x=1701206402;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=kgh0uBFCCexs3X74tOvJ4nUeduxVPgSncyExFdlszoE=;
b=R0R+HAu85cnqSwmLf0VbvYXbXoEAZ+IXd2yLtTxasU14zEjaK3NvdPbf/6tQKkYM76
jOX3w6/BWANvAC8ORonXPhAjhfA5Q53qlCHWBUt4e20bp2P9ma1gHWmI0TM1oYZvEMrY
GDkwF61zxooOEN+couNsunRbYM5jKRCEC/dGYIShbdzwJy6+mcdvgc0+eI7JMsfVPVFu
MxsaakhklgAESVplJXYm0v05gJ24ZtPK7Jb1tIUu/rs4IcboUOcgu9Qn8Pwjp+cZLj7H
ANF9e9nggiHSC18HCFDAd8XSnZ9KQDl2U40GZIqHoF4xWqa9GOaBH4VVyxyYtYUPtmX0
5lLg==
X-Gm-Message-State: AOJu0Yy4+RBw6pLjuic9nKAWRddyh3fgAhaiitFXBYoPM1/a9O9Ho3h/
+haUW4DiP4H3ZM+7NW+ADHW18A==
X-Received: by 2002:a17:902:aa8e:b0:1cc:2f90:6291 with SMTP id
d14-20020a170902aa8e00b001cc2f906291mr367179plr.54.1700601601956;
Tue, 21 Nov 2023 13:20:01 -0800 (PST)
Received: from sw06.internal.sifive.com ([4.53.31.132])
by smtp.gmail.com with ESMTPSA id
p7-20020a170902a40700b001b53c8659fesm8333270plq.30.2023.11.21.13.20.00
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 21 Nov 2023 13:20:01 -0800 (PST)
From: Samuel Holland <samuel.holland@sifive.com>
To: Palmer Dabbelt <palmer@dabbelt.com>,
linux-riscv@lists.infradead.org
Cc: Samuel Holland <samuel.holland@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>, Andy Chiu <andy.chiu@sifive.com>,
=?utf-8?b?Q2zDqW1lbnQgTMOpZ2Vy?= <cleger@rivosinc.com>,
Conor Dooley <conor.dooley@microchip.com>,
Greentime Hu <greentime.hu@sifive.com>, Guo Ren <guoren@kernel.org>,
Heiko Stuebner <heiko@sntech.de>, Masahiro Yamada <masahiroy@kernel.org>,
Nam Cao <namcaov@gmail.com>, Paul Walmsley <paul.walmsley@sifive.com>,
Sami Tolvanen <samitolvanen@google.com>, linux-kernel@vger.kernel.org
Subject: [PATCH] riscv: Fix SMP when shadow call stacks are enabled
Date: Tue, 21 Nov 2023 13:19:29 -0800
Message-ID: <20231121211958.3158576-1-samuel.holland@sifive.com>
X-Mailer: git-send-email 2.42.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]);
Tue, 21 Nov 2023 13:20:06 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1783210030470378702
X-GMAIL-MSGID: 1783210030470378702
|
| Series |
riscv: Fix SMP when shadow call stacks are enabled
|
|
Commit Message
Samuel Holland
Nov. 21, 2023, 9:19 p.m. UTC
This fixes two bugs in SCS initialization for secondary CPUs. First,
the SCS was not initialized at all in the spinwait boot path. Second,
the code for the SBI HSM path attempted to initialize the SCS before
enabling the MMU. However, that involves dereferencing the thread
pointer, which requires the MMU to be enabled.
Fix both issues by setting up the SCS in the common secondary entry
path, after enabling the MMU.
Fixes: d1584d791a29 ("riscv: Implement Shadow Call Stack")
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
---
arch/riscv/kernel/head.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Tue, Nov 21, 2023 at 01:19:29PM -0800, Samuel Holland wrote: > This fixes two bugs in SCS initialization for secondary CPUs. First, > the SCS was not initialized at all in the spinwait boot path. Second, > the code for the SBI HSM path attempted to initialize the SCS before > enabling the MMU. However, that involves dereferencing the thread > pointer, which requires the MMU to be enabled. > > Fix both issues by setting up the SCS in the common secondary entry > path, after enabling the MMU. I'm curious, mostly because I do not know much about the implemtnation of the shadow call stack, but does it actually work correctly when the kernel is built without mmu support? > > Fixes: d1584d791a29 ("riscv: Implement Shadow Call Stack") > Signed-off-by: Samuel Holland <samuel.holland@sifive.com> > --- > > arch/riscv/kernel/head.S | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S > index b77397432403..76ace1e0b46f 100644 > --- a/arch/riscv/kernel/head.S > +++ b/arch/riscv/kernel/head.S > @@ -154,7 +154,6 @@ secondary_start_sbi: > XIP_FIXUP_OFFSET a3 > add a3, a3, a1 > REG_L sp, (a3) > - scs_load_current > > .Lsecondary_start_common: > > @@ -165,6 +164,7 @@ secondary_start_sbi: > call relocate_enable_mmu > #endif > call .Lsetup_trap_vector > + scs_load_current > tail smp_callin > #endif /* CONFIG_SMP */ > > -- > 2.42.0 >
Hi Conor, On 2023-11-23 8:06 AM, Conor Dooley wrote: > On Tue, Nov 21, 2023 at 01:19:29PM -0800, Samuel Holland wrote: >> This fixes two bugs in SCS initialization for secondary CPUs. First, >> the SCS was not initialized at all in the spinwait boot path. Second, >> the code for the SBI HSM path attempted to initialize the SCS before >> enabling the MMU. However, that involves dereferencing the thread >> pointer, which requires the MMU to be enabled. >> >> Fix both issues by setting up the SCS in the common secondary entry >> path, after enabling the MMU. > > I'm curious, mostly because I do not know much about the implemtnation > of the shadow call stack, but does it actually work correctly when the > kernel is built without mmu support? I imagine it would work. The SCS implementation is purely software; it stores the return address in a stack at `gp` instead of with the rest of local variables at `sp`. The problem here is that we are passing a pointer between CPUs with different views of the virtual address space (i.e. the boot CPU sees the kernel at 0xffffffff80000000 while the CPU being brought up sees it at its physical address), and then dereferencing it. If there is no MMU support, then the virtual address space is identity mapped on all CPUs, and there is no problem. Regards, Samuel >> Fixes: d1584d791a29 ("riscv: Implement Shadow Call Stack") >> Signed-off-by: Samuel Holland <samuel.holland@sifive.com> >> --- >> >> arch/riscv/kernel/head.S | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S >> index b77397432403..76ace1e0b46f 100644 >> --- a/arch/riscv/kernel/head.S >> +++ b/arch/riscv/kernel/head.S >> @@ -154,7 +154,6 @@ secondary_start_sbi: >> XIP_FIXUP_OFFSET a3 >> add a3, a3, a1 >> REG_L sp, (a3) >> - scs_load_current >> >> .Lsecondary_start_common: >> >> @@ -165,6 +164,7 @@ secondary_start_sbi: >> call relocate_enable_mmu >> #endif >> call .Lsetup_trap_vector >> + scs_load_current >> tail smp_callin >> #endif /* CONFIG_SMP */ >> >> -- >> 2.42.0 >>
Hi Samuel, On Tue, Nov 21, 2023 at 1:20 PM Samuel Holland <samuel.holland@sifive.com> wrote: > > This fixes two bugs in SCS initialization for secondary CPUs. First, > the SCS was not initialized at all in the spinwait boot path. Second, > the code for the SBI HSM path attempted to initialize the SCS before > enabling the MMU. However, that involves dereferencing the thread > pointer, which requires the MMU to be enabled. > > Fix both issues by setting up the SCS in the common secondary entry > path, after enabling the MMU. Thanks for the patch! Looks like my qemu setup doesn't hit this issue, but nevertheless, the fix looks good to me. Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Sami
Hello: This patch was applied to riscv/linux.git (fixes) by Palmer Dabbelt <palmer@rivosinc.com>: On Tue, 21 Nov 2023 13:19:29 -0800 you wrote: > This fixes two bugs in SCS initialization for secondary CPUs. First, > the SCS was not initialized at all in the spinwait boot path. Second, > the code for the SBI HSM path attempted to initialize the SCS before > enabling the MMU. However, that involves dereferencing the thread > pointer, which requires the MMU to be enabled. > > Fix both issues by setting up the SCS in the common secondary entry > path, after enabling the MMU. > > [...] Here is the summary with links: - riscv: Fix SMP when shadow call stacks are enabled https://git.kernel.org/riscv/c/f40cab8e18ed You are awesome, thank you!
On Fri, Dec 01, 2023 at 09:40:55AM -0800, Sami Tolvanen wrote: > Hi Samuel, > > On Tue, Nov 21, 2023 at 1:20 PM Samuel Holland > <samuel.holland@sifive.com> wrote: > > > > This fixes two bugs in SCS initialization for secondary CPUs. First, > > the SCS was not initialized at all in the spinwait boot path. Second, > > the code for the SBI HSM path attempted to initialize the SCS before > > enabling the MMU. However, that involves dereferencing the thread > > pointer, which requires the MMU to be enabled. > > > > Fix both issues by setting up the SCS in the common secondary entry > > path, after enabling the MMU. > > Thanks for the patch! Looks like my qemu setup doesn't hit this issue, > but nevertheless, the fix looks good to me. Because there is no function call in relocate_enable_mmu :) > > Reviewed-by: Sami Tolvanen <samitolvanen@google.com> > > Sami > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index b77397432403..76ace1e0b46f 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -154,7 +154,6 @@ secondary_start_sbi: XIP_FIXUP_OFFSET a3 add a3, a3, a1 REG_L sp, (a3) - scs_load_current .Lsecondary_start_common: @@ -165,6 +164,7 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector + scs_load_current tail smp_callin #endif /* CONFIG_SMP */