From owner-svn-src-head@freebsd.org Sun Apr 19 00:33:05 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D60A62B262D; Sun, 19 Apr 2020 00:33:05 +0000 (UTC) (envelope-from mhorne@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 494W5F5P9cz4BkD; Sun, 19 Apr 2020 00:33:05 +0000 (UTC) (envelope-from mhorne@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B47361D1F9; Sun, 19 Apr 2020 00:33:05 +0000 (UTC) (envelope-from mhorne@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03J0X5hP078941; Sun, 19 Apr 2020 00:33:05 GMT (envelope-from mhorne@FreeBSD.org) Received: (from mhorne@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03J0X5q0078940; Sun, 19 Apr 2020 00:33:05 GMT (envelope-from mhorne@FreeBSD.org) Message-Id: <202004190033.03J0X5q0078940@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mhorne set sender to mhorne@FreeBSD.org using -f From: Mitchell Horne Date: Sun, 19 Apr 2020 00:33:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360084 - head/sys/riscv/riscv X-SVN-Group: head X-SVN-Commit-Author: mhorne X-SVN-Commit-Paths: head/sys/riscv/riscv X-SVN-Commit-Revision: 360084 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Apr 2020 00:33:05 -0000 Author: mhorne Date: Sun Apr 19 00:33:05 2020 New Revision: 360084 URL: https://svnweb.freebsd.org/changeset/base/360084 Log: RISC-V: exclude reserved memory regions The device tree may contain a "reserved-memory" node, whose purpose is to communicate sections of physical memory that should not be used for general allocations. Add the logic to parse and exclude these regions. The particular motivation for this is protection of the SBI runtime firmware. Currently, there is no mechanism through which the SBI can communicate the details of its reserved memory region(s) to a supervisor payload. There has been some discussion recently on how this can be achieved [1], and it seems that the path going forward will be to add an entry to the reserved-memory node. This hasn't caused any issues for us yet, since we exclude all physical memory below the kernel's load address from being allocated, and on all currently supported platforms this covers the SBI firmware region. This will change in another commit, so as a safety measure, ensure that the lowest 2MB of memory is excluded if this region has not been reported. [1] https://github.com/riscv/riscv-sbi-doc/pull/37 Reviewed by: markj, nick (older version) Differential Revision: https://reviews.freebsd.org/D24155 Modified: head/sys/riscv/riscv/machdep.c Modified: head/sys/riscv/riscv/machdep.c ============================================================================== --- head/sys/riscv/riscv/machdep.c Sun Apr 19 00:18:16 2020 (r360083) +++ head/sys/riscv/riscv/machdep.c Sun Apr 19 00:33:05 2020 (r360084) @@ -84,6 +84,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -827,6 +828,15 @@ initriscv(struct riscv_bootparams *rvbp) #ifdef FDT try_load_dtb(kmdp); + /* + * Exclude reserved memory specified by the device tree. Typically, + * this contains an entry for memory used by the runtime SBI firmware. + */ + if (fdt_get_reserved_mem(mem_regions, &mem_regions_sz) == 0) { + physmem_exclude_regions(mem_regions, mem_regions_sz, + EXFLAG_NODUMP | EXFLAG_NOALLOC); + } + /* Grab physical memory regions information from device tree. */ if (fdt_get_mem_regions(mem_regions, &mem_regions_sz, NULL) != 0) { panic("Cannot get physical memory regions"); @@ -843,6 +853,21 @@ initriscv(struct riscv_bootparams *rvbp) kernlen = (lastaddr - KERNBASE); pmap_bootstrap(rvbp->kern_l1pt, mem_regions[0].mr_start, kernlen); +#ifdef FDT + /* + * XXX: Exclude the lowest 2MB of physical memory, if it hasn't been + * already, as this area is assumed to contain the SBI firmware. This + * is a little fragile, but it is consistent with the platforms we + * support so far. + * + * TODO: remove this when the all regular booting methods properly + * report their reserved memory in the device tree. + */ + if (mem_regions[0].mr_start == physmap[0]) { + physmem_exclude_region(mem_regions[0].mr_start, L2_SIZE, + EXFLAG_NODUMP | EXFLAG_NOALLOC); + } +#endif physmem_init_kernel_globals(); /* Establish static device mappings */