From nobody Wed Apr 16 14:30:59 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zd3P12mwkz5sm15 for ; Wed, 16 Apr 2025 14:31:17 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zd3P11XGPz416Q for ; Wed, 16 Apr 2025 14:31:12 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-43cfe63c592so74547455e9.2 for ; Wed, 16 Apr 2025 07:31:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744813870; x=1745418670; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7Ytpxd3gnWc/DTEmovQAgIH+CL/w3hZYsBeN8I7323s=; b=GYV9GyyOzslZnXisKqxpAvOTvDOdGablqTkZoRVFqNwpyZRXAOjF9itr8uvO4CrdqA DGYd1P/g6EdjSaggE2dHByrR9klkUp33a+V6fbZkZhehxsDncNTzkYeoXWNocPhtVXhG g9PkYladntT4rwtLk0BHSdj0hpQFphgK+Bt3nlijJqo35iSRWk6oGl4ygh8sI9k2TEh0 6JMgILRwmA0pc5/dAggq04mo2CFL3PspNAUBGXp+Rtrq+Re8XxrL/1cPz3XT1fUJjMWM cMfXG/tXdBTJEo/He12/EyinzX7Jkl9uPcmIfwz+2QBtcshw8/fo7fN1iJIYPGSpXQV9 518g== X-Forwarded-Encrypted: i=1; AJvYcCXWRlx3tE0Dv+wesZGmfx1uZVhC4fDoxW167yX8myYxvHo3C2Cce6NXML+51HdovEM3N/XDeK1d/Ux6ADKOM7sMz5U3cA==@freebsd.org X-Gm-Message-State: AOJu0YweVLFGmjT/iaxBvkzafUweE+q5WLoa+SOVmf4seJ8M757hnM/b RAHHdtx++DvjImHOzkT+NHAl5WMNu1PU51R2r8ckQFbnb8UE90UaQCcJu0uRuRhakOusYWxiqsc v X-Gm-Gg: ASbGncsOGzNj3ZEevIdapyIezmC+cGBtqi09qGSULyuxfEdCHeKKQif7aSN8r+WiesM zYUrFpW/w0Ov5KZmCBjcp0b6wkux3Knse0t12CgIaM6kX2yfDLuujVt2mNwOdusXx2M4lqf7spF 6yiPTLOz6jlCSVK+pLJRDxivtMbwjpEIdgDni7tCfOAp6DHB8FqiLPztpXso/Boxe6t9Yhugc7o kjMnejsKhYiPRnKHxApRRTtJnI8ycfgWX+10SNLf5gt3V7RMs9gVTHemrNN+M8KmfaEuIZQEeMC Y/D6YATQk9xeMmCvIMry4CV+0tQScvuwuz35q3lI0pntrhE645ThiFrTZq+CzVnZBw== X-Google-Smtp-Source: AGHT+IGbwbf42ydcQVJbIKFnlyaDcNkxc96uwdHOEOIQapbR/aTKnF0Ci7ed3y0B953S3rV2nBAZ4w== X-Received: by 2002:a05:600c:1e28:b0:43c:e8a5:87a with SMTP id 5b1f17b1804b1-4405d63821cmr27612135e9.16.1744813870299; Wed, 16 Apr 2025 07:31:10 -0700 (PDT) Received: from smtpclient.apple ([131.111.5.201]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4405b58cc0csm22763255e9.32.2025.04.16.07.31.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Apr 2025 07:31:09 -0700 (PDT) Content-Type: text/plain; charset=utf-8 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.300.87.4.3\)) Subject: Re: git: f1e18f331923 - main - riscv: Exclude OpenSBI memory regions when booting with EFI From: Jessica Clarke In-Reply-To: <202504161421.53GELphv059586@gitrepo.freebsd.org> Date: Wed, 16 Apr 2025 15:30:59 +0100 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <6F9CE6EB-8A7E-48D1-BDE5-AB7D930EC1DE@freebsd.org> References: <202504161421.53GELphv059586@gitrepo.freebsd.org> To: =?utf-8?Q?Bojan_Novkovi=C4=87?= X-Mailer: Apple Mail (2.3826.300.87.4.3) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4Zd3P11XGPz416Q X-Spamd-Bar: ---- On 16 Apr 2025, at 15:21, Bojan Novkovi=C4=87 = wrote: >=20 > The branch main has been updated by bnovkov: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3Df1e18f331923041980149fef46cdb273= 6e61debb >=20 > commit f1e18f331923041980149fef46cdb2736e61debb > Author: Bojan Novkovi=C4=87 > AuthorDate: 2025-04-15 16:28:05 +0000 > Commit: Bojan Novkovi=C4=87 > CommitDate: 2025-04-16 14:20:13 +0000 >=20 > riscv: Exclude OpenSBI memory regions when booting with EFI >=20 > OpenSBI uses the first PMP entry to prevent buggy supervisor > software from overwriting the firmware [1]. However, this > region may not be properly marked as reserved in the EFI map, = leading > to an access violation exception whenever the kernel > attempts to write to a page from that region. >=20 > Fix this by preemptively excluding first EFI memory map entry > if it is marked as "BootServicesData". >=20 > [1] https://github.com/riscv-non-isa/riscv-sbi-doc/pull/37 >=20 > Reported by: tuexen > Tested by: tuexen > Fixes: a2e2178402af > Reviewed by: imp, jrtc27 No I didn=E2=80=99t, I left a comment saying I didn=E2=80=99t like the = concept. > Differential Revision: https://reviews.freebsd.org/D49839 > --- > sys/riscv/riscv/machdep.c | 32 ++++++++++++++++++++++++++++++-- > 1 file changed, 30 insertions(+), 2 deletions(-) >=20 > diff --git a/sys/riscv/riscv/machdep.c b/sys/riscv/riscv/machdep.c > index 516dbde5ffaa..f253bc9a853b 100644 > --- a/sys/riscv/riscv/machdep.c > +++ b/sys/riscv/riscv/machdep.c > @@ -541,6 +541,22 @@ fdt_physmem_exclude_region_cb(const struct = mem_region *mr, void *arg __unused) > } > #endif >=20 > +static void > +efi_exclude_sbi_pmp_cb(struct efi_md *p, void *argp) > +{ > + bool *first =3D (bool *)argp; > + > + if (!*first) > + return; > + > + *first =3D false; > + if (p->md_type =3D=3D EFI_MD_TYPE_BS_DATA) { > + physmem_exclude_region(p->md_phys, > + min(p->md_pages * EFI_PAGE_SIZE, L2_SIZE), > + EXFLAG_NOALLOC); Doesn=E2=80=99t this need EXFLAG_NODUMP like the FDT case? Jess > + } > +} > + > void > initriscv(struct riscv_bootparams *rvbp) > { > @@ -548,6 +564,7 @@ initriscv(struct riscv_bootparams *rvbp) > struct pcpu *pcpup; > vm_offset_t lastaddr; > vm_size_t kernlen; > + bool first; > char *env; >=20 > TSRAW(&thread0, TS_ENTER, __func__, NULL); > @@ -577,11 +594,22 @@ initriscv(struct riscv_bootparams *rvbp) > if (efihdr !=3D NULL) { > efi_map_add_entries(efihdr); > efi_map_exclude_entries(efihdr); > + > + /* > + * OpenSBI uses the first PMP entry to prevent buggy supervisor > + * software from overwriting the firmware. However, this > + * region may not be properly marked as reserved, leading > + * to an access violation exception whenever the kernel > + * attempts to write to a page from that region. > + * > + * Fix this by excluding first EFI memory map entry > + * if it is marked as "BootServicesData". > + */ > + first =3D true; > + efi_map_foreach_entry(efihdr, efi_exclude_sbi_pmp_cb, &first); > } > #ifdef FDT > else { > - bool first; > - > /* Exclude reserved memory specified by the device tree. */ > fdt_foreach_reserved_mem(fdt_physmem_exclude_region_cb, NULL); >=20