risc-v/spike: reserve memory for SBI #365
Conversation
|
@alistair23: I'd appreciate your feedback also about this patch and any additional thoughts on reserving space for SBI. |
|
OpenSBI will do the same thing automatically at boot: https://github.com/riscv/opensbi/blob/4ef2f5d3e6b25356a8fab19574bed76ce60edeee/lib/utils/fdt/fdt_fixup.c#L156 From what I can tell seL4 kernel doesn't parse the DT at runtime, in which case this change looks good. |
axel-h
force-pushed
the
patch-axel-2
branch
2 times, most recently
from
b0c8844
to
c30c6c1
Compare
|
Any objections to merge this? Seem without this spike cannot be used. The automated checks for links fails because of #371 |
There are parts of the kernel's riscv tooling scripts that already try and insert this reserved region into the memory space after the device tree is passed: https://github.com/seL4/seL4/blob/master/tools/hardware/config.py#L51 I think adding it into the device tree is better, but that means we should remove the assumptions that it isn't there from elsewhere. |
|
This would also likely allow this discussion to be resolved: https://github.com/seL4/seL4/pull/363/files#r633223133 |
|
I think the treatment of avoiding the SBI firmware is also encoded here (https://github.com/seL4/seL4/blob/master/include/arch/riscv/arch/64/mode/hardware.h#L95) |
axel-h
force-pushed
the
patch-axel-2
branch
2 times, most recently
from
0f10bb2
to
8b00044
Compare
|
Thanks for the comments, I will rework this PR to address them. However this turns out as not trivial and needs some more time |
|
With all the hacks removed, This works now when I pass |
axel-h
force-pushed
the
patch-axel-2
branch
2 times, most recently
from
1248def
to
77dd46d
Compare
|
I'm also removing |
|
@ssrg-bamboo |
axel-h
force-pushed
the
patch-axel-2
branch
5 times, most recently
from
526b17b
to
3475dbf
Compare
|
Seem we have to apply the DTS overlay in all RISC-V platform now, otherwise thins will not work. I wonder if we should add DTB parsing code to the ELF-Loder to catch some error. As @alistair23 said, OpenSBI modifies the DTB that is passes to the ELF-Loader and carves out the reserved memory. Since we don't do runtime DTB parsing in the kernel ,as least the ELF-Loader could do this and do a consistency check when it copies around the images. We saw a crash there when to tries to move the kernel image to 0x80000000 on the HiFive, because this was missing the DTS overlay patch. |
axel-h
force-pushed
the
patch-axel-2
branch
2 times, most recently
from
439e85c
to
e9ad617
Compare
axel-h
force-pushed
the
patch-axel-2
branch
2 times, most recently
from
8f7c3bc
to
61b6c50
Compare
axel-h
force-pushed
the
patch-axel-2
branch
4 times, most recently
from
18b6005
to
9381db7
Compare
axel-h
force-pushed
the
patch-axel-2
branch
5 times, most recently
from
8d5f1b8
to
b110706
Compare
|
Can you give an update of what you're attempting here @axel-h? Adding the reserved region to the device tree should be sufficient to ensure that the kernel doesn't use it as untypeds. Is the rest of the changes to try and ensure that the reserved memory isn't also given to user level as device untypeds? This may not be something the kernel needs to restrict. If you do wish that the kernel restrict this, then |
|
Yes, this is trying to ensure the kernel does not give any untypeds that cover the memory used by the SBI. Rational is, that this memory should be considered unusable practically, so there is not much point making this avaiable. In the long run, a proper RISC-V S-Mode should have ways to lock this downs somehow (PMP ...), so accesses eventually trap anway. But having a generic mechanism in seL4 to carve out memory region to they don't even become device untypeds seem useful to me, too. |
What is your threat model in this case? Any policy to restrict access to hardware resources that the kernel doesn't use can already be implemented within the existing access control mechanisms. Adding an extra layer of restrictions doesn't enhance the existing mechanisms unless you are assuming that the roottask is compromised. |
Instead of special handling for the SBI region in the kernel, which can be platform specific, treat it as a reserved memory region in the device tree which is sufficient to prevent the kernel from turning the reserved region into kernel untyped caps. Signed-off-by: Kent McLeod <kent@kry10.com>
Signed-off-by: Axel Heider <axelheider@gmx.de>
Since we have Python 3.7 now, the usage of type hints can be improved further. Signed-off-by: Axel Heider <axelheider@gmx.de>
Signed-off-by: Axel Heider <axelheider@gmx.de>
- pass a dict - add type information for parameters Signed-off-by: Axel Heider <axelheider@gmx.de>
- merge functions to simplify control flow - clarify variable names - add comments - Improve code readability Signed-off-by: Axel Heider <axelheider@gmx.de>
Config is already part of the hardware YAML object, take it from there. Signed-off-by: Axel Heider <axelheider@gmx.de>
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
axel-h
force-pushed
the
patch-axel-2
branch
from
e576db8
to
8d3ea8b
Compare
No description provided.