From: Andrew Waterman <andrew@sifive.com>
To: Jessica Clarke <jrtc27@jrtc27.com>
Cc: "Lad, Prabhakar" <prabhakar.csengg@gmail.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
binutils@sourceware.org,
linux-riscv <linux-riscv@lists.infradead.org>
Subject: Re: [QUERY]: Adding support for a platform
Date: Tue, 29 Nov 2022 12:21:31 -0800 [thread overview]
Message-ID: <CA++6G0Do001Bo+kxhUNz5T937TYU-K5Y43MH+X=Q2TgFCaxcfQ@mail.gmail.com> (raw)
In-Reply-To: <4386F399-2862-4161-B303-8080EBEEA374@jrtc27.com>
On Tue, Nov 29, 2022 at 12:12 PM Jessica Clarke <jrtc27@jrtc27.com> wrote:
>
> On 29 Nov 2022, at 19:28, Lad, Prabhakar <prabhakar.csengg@gmail.com> wrote:
> >
> > Hi Palmer,
> >
> > Oops I should have included linux-riscv to the CC list here (doing it now)
> >
> > On Tue, Nov 29, 2022 at 7:20 PM Palmer Dabbelt <palmer@dabbelt.com> wrote:
> >>
> >> On Tue, 29 Nov 2022 11:16:29 PST (-0800), binutils@sourceware.org wrote:
> >>> Hi All,
> >>>
> >>> If this is not the right place to ask this question please let me know.
> >>>
> >>> So we have a RISCV platform (Renesas RZ/Five) for which we need to
> >>> adjust the TEXT_START_ADDR. So below are my queries:
> >>> * What is the procedure for upstreaming?
> >>> * Are patches accepted for individual platforms (for adjusting TEXT_START_ADDR)?
> >>
> >> Is this still related to that bug with the static binaries you'd
> >> mentioned before? I think we'd really need to figure out the root cause
> >> before we can make a reasoned decision here, my guess would be that
> >> changing TEXT_START_ADDR just works around the real bug.
> >>
> > Below is the root cause and the solution:
> >
> > TEXT_START_ADDR is the start of the text segment of an application.
> > This is being set to 0x10000 for RISCV platforms.
> >
> > So when an application is compiled with the static flag the load would
> > start from 0x10000 - xyz (depending on size of the application)
> >
> > Entry point 0x101c0
> > There are 5 program headers, starting at offset 64Program Headers:
> > Type Offset VirtAddr PhysAddr
> > FileSiz MemSiz Flags Align
> > LOAD 0x0000000000000000 0x0000000000010000 0x0000000000010000
> > 0x0000000000059b48 0x0000000000059b48 R E 0x1000
> > LOAD 0x0000000000059b60 0x000000000006ab60 0x000000000006ab60
> > 0x0000000000001f68 0x0000000000003528 RW 0x1000
> >
> > So for the above application which is compiled statically we can see
> > the entry point is 0x101c0 and load 0x0000000000010000.
> >
> > Andes AX45MP cores have local memory ILM and DLM that are mapped in
> > the region H’0_0003_0000 - H’0_0004_FFFF on the RZ/Five SoC. When the
> > virtual address falls in this range the MMU doesn't trigger a page
> > fault and assumes the virtual address as physical address and hence
> > the application fails to run (panics somewhere).
> >
> > So to avoid this issue we set the TEXT_START_ADDR to 0x50000 so that
> > the virtual address of any statically compiled application does not
> > fall in the range of H’0_0003_0000 - H’0_0004_FFFF.
> >
> > Elf file type is EXEC (Executable file)
> > Entry point 0x504e4
> > There are 5 program headers, starting at offset 64
> >
> > Program Headers:
> > Type Offset VirtAddr PhysAddr
> > FileSiz MemSiz Flags Align
> > LOAD 0x0000000000000000 0x0000000000050000 0x0000000000050000
> > 0x0000000000057dc8 0x0000000000057dc8 R E 0x1000
> > LOAD 0x00000000000585b8 0x00000000000a95b8 0x00000000000a95b8
> > 0x0000000000004ee0 0x00000000000064b0 RW 0x1000
> > NOTE 0x0000000000000158 0x0000000000050158 0x0000000000050158
> > 0x0000000000000044 0x0000000000000044 R 0x4
> >
> > So now with the fix for statically compiled applications we can see
> > its offsetted and entry point is 0x504e4 and load is at
> > 0x0000000000050000. So with this we are for sure the MMU will always
> > trigger a page fault.
>
> Well that’s just a blatant violation of the spec.
Right - this isn't a platform quirk; it's a violation of the ISA.
Unless this behavior is engaged by a custom mode bit, that is, in
which case, it should just be disabled by default and none of this
would be a problem. If the behavior is unconditionally enabled, this
should be treated as an erratum.
> What happens if a
> malicious (or buggy) userspace binary goes and accesses unmapped memory
> in that range? Does it actually get access to this ILM/DLM? If so
> that’s a gaping side channel.
>
> Jess
>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2022-11-29 20:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+V-a8uTdiWJSCdbukA1sndHxDXE_VV0Qzara_AQw2s2n6s6Lg@mail.gmail.com>
[not found] ` <mhng-c2b3d5ca-288f-45b3-97f5-7c532db2e59f@palmer-ri-x1c9a>
2022-11-29 19:28 ` [QUERY]: Adding support for a platform Lad, Prabhakar
2022-11-29 19:35 ` Palmer Dabbelt
2022-11-29 21:33 ` Lad, Prabhakar
2022-11-29 20:12 ` Jessica Clarke
2022-11-29 20:21 ` Andrew Waterman [this message]
2022-11-29 20:57 ` Palmer Dabbelt
2022-11-29 21:40 ` Lad, Prabhakar
2022-11-29 21:54 ` Palmer Dabbelt
2022-12-12 12:43 ` Lad, Prabhakar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA++6G0Do001Bo+kxhUNz5T937TYU-K5Y43MH+X=Q2TgFCaxcfQ@mail.gmail.com' \
--to=andrew@sifive.com \
--cc=binutils@sourceware.org \
--cc=jrtc27@jrtc27.com \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=prabhakar.csengg@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.