[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] xen/riscv: introduce identity mapping
commit fe0ae3f7dd7013ccac3df3bc3222194a551852e0 Author: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> AuthorDate: Thu Nov 2 10:49:37 2023 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Thu Nov 2 10:49:37 2023 +0100 xen/riscv: introduce identity mapping The way how switch to virtual address was implemented in the commit e66003e7be ("xen/riscv: introduce setup_initial_pages") isn't safe enough as: * enable_mmu() depends on hooking all exceptions and pagefault. * Any exception other than pagefault, or not taking a pagefault causes it to malfunction, which means you will fail to boot depending on where Xen was loaded into memory. Instead of the proposed way of switching to virtual addresses was decided to use identity mapping for area which constains needed code to switch from identity mapping and after switching to virtual addresses, identity mapping is removed from page-tables in the following way: search for top-most page table entry and remove it. Fixes: e66003e7be ("xen/riscv: introduce setup_initial_pages") Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/riscv/include/asm/acpi.h | 6 +++ xen/arch/riscv/include/asm/config.h | 2 + xen/arch/riscv/include/asm/mm.h | 5 ++- xen/arch/riscv/mm.c | 90 ++++++++++++++++++++----------------- xen/arch/riscv/riscv64/head.S | 30 +++++++++++++ xen/arch/riscv/setup.c | 14 +----- xen/arch/riscv/xen.lds.S | 11 +++++ 7 files changed, 103 insertions(+), 55 deletions(-) diff --git a/xen/arch/riscv/include/asm/acpi.h b/xen/arch/riscv/include/asm/acpi.h new file mode 100644 index 0000000000..3aef993d81 --- /dev/null +++ b/xen/arch/riscv/include/asm/acpi.h @@ -0,0 +1,6 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef __ASM_RISCV_ACPI_H +#define __ASM_RISCV_ACPI_H + +#endif /* __ASM_RISCV_ACPI_H */ diff --git a/xen/arch/riscv/include/asm/config.h b/xen/arch/riscv/include/asm/config.h index fa90ae0898..f0544c6a20 100644 --- a/xen/arch/riscv/include/asm/config.h +++ b/xen/arch/riscv/include/asm/config.h @@ -95,6 +95,8 @@ #define RV_STAGE1_MODE SATP_MODE_SV32 #endif +#define IDENT_AREA_SIZE 64 + #endif /* __RISCV_CONFIG_H__ */ /* * Local variables: diff --git a/xen/arch/riscv/include/asm/mm.h b/xen/arch/riscv/include/asm/mm.h index 7b94cbadd7..07c7a0abba 100644 --- a/xen/arch/riscv/include/asm/mm.h +++ b/xen/arch/riscv/include/asm/mm.h @@ -13,8 +13,11 @@ extern unsigned char cpu0_boot_stack[]; void setup_initial_pagetables(void); void enable_mmu(void); -void cont_after_mmu_is_enabled(void); + +void remove_identity_mapping(void); unsigned long calc_phys_offset(void); +void turn_on_mmu(unsigned long ra); + #endif /* _ASM_RISCV_MM_H */ diff --git a/xen/arch/riscv/mm.c b/xen/arch/riscv/mm.c index a73f135a3c..053f043a3d 100644 --- a/xen/arch/riscv/mm.c +++ b/xen/arch/riscv/mm.c @@ -4,6 +4,7 @@ #include <xen/compiler.h> #include <xen/init.h> #include <xen/kernel.h> +#include <xen/macros.h> #include <xen/pfn.h> #include <asm/early_printk.h> @@ -35,8 +36,11 @@ static unsigned long __ro_after_init phys_offset; * * It might be needed one more page table in case when Xen load address * isn't 2 MB aligned. + * + * CONFIG_PAGING_LEVELS page tables are needed for the identity mapping, + * except that the root page table is shared with the initial mapping */ -#define PGTBL_INITIAL_COUNT ((CONFIG_PAGING_LEVELS - 1) + 1) +#define PGTBL_INITIAL_COUNT ((CONFIG_PAGING_LEVELS - 1) * 2 + 1) pte_t __section(".bss.page_aligned") __aligned(PAGE_SIZE) stage1_pgtbl_root[PAGETABLE_ENTRIES]; @@ -75,6 +79,7 @@ static void __init setup_initial_mapping(struct mmu_desc *mmu_desc, unsigned int index; pte_t *pgtbl; unsigned long page_addr; + bool is_identity_mapping = map_start == pa_start; if ( (unsigned long)_start % XEN_PT_LEVEL_SIZE(0) ) { @@ -108,16 +113,18 @@ static void __init setup_initial_mapping(struct mmu_desc *mmu_desc, { unsigned long paddr = (page_addr - map_start) + pa_start; unsigned int permissions = PTE_LEAF_DEFAULT; + unsigned long addr = is_identity_mapping + ? page_addr : LINK_TO_LOAD(page_addr); pte_t pte_to_be_written; index = pt_index(0, page_addr); - if ( is_kernel_text(LINK_TO_LOAD(page_addr)) || - is_kernel_inittext(LINK_TO_LOAD(page_addr)) ) - permissions = - PTE_EXECUTABLE | PTE_READABLE | PTE_VALID; + if ( is_kernel_text(addr) || + is_kernel_inittext(addr) ) + permissions = + PTE_EXECUTABLE | PTE_READABLE | PTE_VALID; - if ( is_kernel_rodata(LINK_TO_LOAD(page_addr)) ) + if ( is_kernel_rodata(addr) ) permissions = PTE_READABLE | PTE_VALID; pte_to_be_written = paddr_to_pte(paddr, permissions); @@ -211,6 +218,13 @@ void __init setup_initial_pagetables(void) unsigned long linker_start = LOAD_TO_LINK(load_start); unsigned long linker_end = LOAD_TO_LINK(load_end); + unsigned long ident_start; + unsigned long ident_end; + + /* + * If the overlapping check will be removed then remove_identity_mapping() + * logic should be updated. + */ if ( (linker_start != load_start) && (linker_start <= load_end) && (load_start <= linker_end) ) { @@ -232,48 +246,40 @@ void __init setup_initial_pagetables(void) linker_start, linker_end, load_start); + + if ( linker_start == load_start ) + return; + + ident_start = (unsigned long)turn_on_mmu & XEN_PT_LEVEL_MAP_MASK(0); + ident_end = ident_start + PAGE_SIZE; + + setup_initial_mapping(&mmu_desc, + ident_start, + ident_end, + ident_start); } -void __init noreturn noinline enable_mmu() +void __init remove_identity_mapping(void) { - /* - * Calculate a linker time address of the mmu_is_enabled - * label and update CSR_STVEC with it. - * MMU is configured in a way where linker addresses are mapped - * on load addresses so in a case when linker addresses are not equal - * to load addresses, after MMU is enabled, it will cause - * an exception and jump to linker time addresses. - * Otherwise if load addresses are equal to linker addresses the code - * after mmu_is_enabled label will be executed without exception. - */ - csr_write(CSR_STVEC, LOAD_TO_LINK((unsigned long)&&mmu_is_enabled)); - - /* Ensure page table writes precede loading the SATP */ - sfence_vma(); + unsigned int i; + pte_t *pgtbl; + unsigned int index, xen_index; + unsigned long ident_start = + LINK_TO_LOAD(turn_on_mmu) & XEN_PT_LEVEL_MAP_MASK(0); - /* Enable the MMU and load the new pagetable for Xen */ - csr_write(CSR_SATP, - PFN_DOWN((unsigned long)stage1_pgtbl_root) | - RV_STAGE1_MODE << SATP_MODE_SHIFT); + for ( pgtbl = stage1_pgtbl_root, i = CONFIG_PAGING_LEVELS; i; i-- ) + { + index = pt_index(i - 1, ident_start); + xen_index = pt_index(i - 1, XEN_VIRT_START); - asm volatile ( ".p2align 2" ); - mmu_is_enabled: - /* - * Stack should be re-inited as: - * 1. Right now an address of the stack is relative to load time - * addresses what will cause an issue in case of load start address - * isn't equal to linker start address. - * 2. Addresses in stack are all load time relative which can be an - * issue in case when load start address isn't equal to linker - * start address. - * - * We can't return to the caller because the stack was reseted - * and it may have stash some variable on the stack. - * Jump to a brand new function as the stack was reseted - */ + if ( index != xen_index ) + { + pgtbl[index].pte = 0; + break; + } - switch_stack_and_jump((unsigned long)cpu0_boot_stack + STACK_SIZE, - cont_after_mmu_is_enabled); + pgtbl = (pte_t *)LOAD_TO_LINK(pte_to_paddr(pgtbl[index])); + } } /* diff --git a/xen/arch/riscv/riscv64/head.S b/xen/arch/riscv/riscv64/head.S index ae194bb099..b6ce2894ab 100644 --- a/xen/arch/riscv/riscv64/head.S +++ b/xen/arch/riscv/riscv64/head.S @@ -39,6 +39,22 @@ ENTRY(start) jal calc_phys_offset mv s2, a0 + jal setup_initial_pagetables + + /* Calculate proper VA after jump from 1:1 mapping */ + la a0, .L_primary_switched + sub a0, a0, s2 + + jal turn_on_mmu + +.L_primary_switched: + /* + * cpu0_boot_stack address is 1:1 mapping related so it should be + * recalculated after jump from 1:1 mapping world as 1:1 mapping + * will be removed soon in start_xen(). + */ + jal reset_stack + /* restore hart_id ( bootcpu_id ) and dtb address */ mv a0, s0 mv a1, s1 @@ -54,3 +70,17 @@ ENTRY(reset_stack) ret + .section .text.ident, "ax", %progbits + +ENTRY(turn_on_mmu) + sfence.vma + + li t0, RV_STAGE1_MODE + slli t0, t0, SATP_MODE_SHIFT + + la t1, stage1_pgtbl_root + srli t1, t1, PAGE_SHIFT + or t1, t1, t0 + csrw CSR_SATP, t1 + + jr a0 diff --git a/xen/arch/riscv/setup.c b/xen/arch/riscv/setup.c index dde8fb898b..6593f601c1 100644 --- a/xen/arch/riscv/setup.c +++ b/xen/arch/riscv/setup.c @@ -13,20 +13,10 @@ unsigned char __initdata cpu0_boot_stack[STACK_SIZE] void __init noreturn start_xen(unsigned long bootcpu_id, paddr_t dtb_addr) { - early_printk("Hello from C env\n"); - - setup_initial_pagetables(); - - enable_mmu(); - - for ( ;; ) - asm volatile ("wfi"); + remove_identity_mapping(); - unreachable(); -} + early_printk("Hello from C env\n"); -void __init noreturn cont_after_mmu_is_enabled(void) -{ early_printk("All set up\n"); for ( ;; ) diff --git a/xen/arch/riscv/xen.lds.S b/xen/arch/riscv/xen.lds.S index 9064852173..3fa7db3bf9 100644 --- a/xen/arch/riscv/xen.lds.S +++ b/xen/arch/riscv/xen.lds.S @@ -31,6 +31,11 @@ SECTIONS *(.text.*) #endif + . = ALIGN(IDENT_AREA_SIZE); + _ident_start = .; + *(.text.ident) + _ident_end = .; + *(.fixup) *(.gnu.warning) . = ALIGN(POINTER_ALIGN); @@ -173,4 +178,10 @@ ASSERT(IS_ALIGNED(__bss_end, POINTER_ALIGN), "__bss_end is misaligned") ASSERT(!SIZEOF(.got), ".got non-empty") ASSERT(!SIZEOF(.got.plt), ".got.plt non-empty") +/* + * Changing the size of Xen binary can require an update of + * PGTBL_INITIAL_COUNT. + */ ASSERT(_end - _start <= MB(2), "Xen too large for early-boot assumptions") + +ASSERT(_ident_end - _ident_start <= IDENT_AREA_SIZE, "identity region is too big"); -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |