-
Notifications
You must be signed in to change notification settings - Fork 644
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
risc-v/spike: reserve memory for SBI #365
base: master
Are you sure you want to change the base?
Conversation
@alistair23: I'd appreciate your feedback also about this patch and any additional thoughts on reserving space for SBI. |
OpenSBI will do the same thing automatically at boot: https://github.com/riscv/opensbi/blob/4ef2f5d3e6b25356a8fab19574bed76ce60edeee/lib/utils/fdt/fdt_fixup.c#L156 From what I can tell seL4 kernel doesn't parse the DT at runtime, in which case this change looks good. |
b0c8844
to
c30c6c1
Compare
Any objections to merge this? Seem without this spike cannot be used. The automated checks for links fails because of #371 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There are parts of the kernel's riscv tooling scripts that already try and insert this reserved region into the memory space after the device tree is passed: https://github.com/seL4/seL4/blob/master/tools/hardware/config.py#L51 I think adding it into the device tree is better, but that means we should remove the assumptions that it isn't there from elsewhere. |
This would also likely allow this discussion to be resolved: https://github.com/seL4/seL4/pull/363/files#r633223133 |
I think the treatment of avoiding the SBI firmware is also encoded here (https://github.com/seL4/seL4/blob/master/include/arch/riscv/arch/64/mode/hardware.h#L95) |
0f10bb2
to
8b00044
Compare
Thanks for the comments, I will rework this PR to address them. However this turns out as not trivial and needs some more time |
With all the hacks removed, This works now when I pass |
1248def
to
77dd46d
Compare
I'm also removing |
@ssrg-bamboo |
526b17b
to
3475dbf
Compare
Seem we have to apply the DTS overlay in all RISC-V platform now, otherwise thins will not work. I wonder if we should add DTB parsing code to the ELF-Loder to catch some error. As @alistair23 said, OpenSBI modifies the DTB that is passes to the ELF-Loader and carves out the reserved memory. Since we don't do runtime DTB parsing in the kernel ,as least the ELF-Loader could do this and do a consistency check when it copies around the images. We saw a crash there when to tries to move the kernel image to 0x80000000 on the HiFive, because this was missing the DTS overlay patch. |
439e85c
to
e9ad617
Compare
8f7c3bc
to
61b6c50
Compare
18b6005
to
9381db7
Compare
8d5f1b8
to
b110706
Compare
Can you give an update of what you're attempting here @axel-h? Adding the reserved region to the device tree should be sufficient to ensure that the kernel doesn't use it as untypeds. Is the rest of the changes to try and ensure that the reserved memory isn't also given to user level as device untypeds? This may not be something the kernel needs to restrict. If you do wish that the kernel restrict this, then |
Yes, this is trying to ensure the kernel does not give any untypeds that cover the memory used by the SBI. Rational is, that this memory should be considered unusable practically, so there is not much point making this avaiable. In the long run, a proper RISC-V S-Mode should have ways to lock this downs somehow (PMP ...), so accesses eventually trap anway. But having a generic mechanism in seL4 to carve out memory region to they don't even become device untypeds seem useful to me, too. |
What is your threat model in this case? Any policy to restrict access to hardware resources that the kernel doesn't use can already be implemented within the existing access control mechanisms. Adding an extra layer of restrictions doesn't enhance the existing mechanisms unless you are assuming that the roottask is compromised. |
Instead of special handling for the SBI region in the kernel, which can be platform specific, treat it as a reserved memory region in the device tree which is sufficient to prevent the kernel from turning the reserved region into kernel untyped caps. Signed-off-by: Kent McLeod <kent@kry10.com>
Signed-off-by: Axel Heider <axelheider@gmx.de>
Since we have Python 3.7 now, the usage of type hints can be improved further. Signed-off-by: Axel Heider <axelheider@gmx.de>
Signed-off-by: Axel Heider <axelheider@gmx.de>
- pass a dict - add type information for parameters Signed-off-by: Axel Heider <axelheider@gmx.de>
- merge functions to simplify control flow - clarify variable names - add comments - Improve code readability Signed-off-by: Axel Heider <axelheider@gmx.de>
Config is already part of the hardware YAML object, take it from there. Signed-off-by: Axel Heider <axelheider@gmx.de>
Signed-off-by: Axel Heider <axel.heider@hensoldt.net>
e576db8
to
8d3ea8b
Compare
No description provided.