From nobody Sun Apr 5 13:13:06 2026 Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1093E3F65EC for ; Tue, 24 Mar 2026 11:45:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.132 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774352743; cv=none; b=Oad5yt3sLJYKogOMr4RstRg2GvmJwuCdM3XNdJpYp/1BW09DYJvb3mhdWMJCZ8G7AUbax+ndxJSowV47KK8cI+RIFjQe9zTdEutflZG+yFjOFjXDl3Ah1pHDKjIer2WkGasGOvedmNEvvMQT7EU8lLu20S/t/gXx4cSb5S256ck= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774352743; c=relaxed/simple; bh=13wwAn/56zr31sHDdtFxthT3PZU59x99sW5T4jYrFAg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QtwZD5UzNKHs7PUjyeY9lU64UUcagHaoFF3TLnayQXHl4UrFJg+vm6DS0s1JjEAjdey2E9aBLXGHFeDvbn7JRszPWJrC7u6/y1QrAQJ5kQrCG9SS/IVzR3PnZ/5iIhkIyfJoyoDhEIk7RNKjrw0QAJd+5qWNlNH8Sy5WFknV/kM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=YKzP2YXG; arc=none smtp.client-ip=115.124.30.132 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="YKzP2YXG" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1774352740; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=jPF1Ju7Ns0lO+Yge9p5ER6y+YNSyxbvGG2vjrwoYHYQ=; b=YKzP2YXGuIFD4OAbbLCqlrCF4pIsnrXXJrztMSq9f1KP5wnQ40m5wvvJyQBNlGwwSVFe0rD1APyhsrA5gu/Bz6YeHVBl3KP7uGdUSY/6bVn8epbSaEfkui41jJa0inQ6FUUumMPl1iZAr4xHgcaVKplNW8ERmzwvVuhuCXZ/1no= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033032089153;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=17;SR=0;TI=SMTPD_---0X.eWVGD_1774352737; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X.eWVGD_1774352737 cluster:ay36) by smtp.aliyun-inc.com; Tue, 24 Mar 2026 19:45:38 +0800 From: fangyu.yu@linux.alibaba.com To: pjw@kernel.org, palmer@dabbelt.com, aou@eecs.berkeley.edu, alex@ghiti.fr, songshuaishuai@tinylab.org, bjorn@rivosinc.com, ardb@kernel.org, arnd@arndb.de, bhelgaas@google.com, richard.lyu@suse.com, tzimmermann@suse.de, nathan@kernel.org Cc: guoren@kernel.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, Fangyu Yu Subject: [PATCH 4/4] riscv: kexec: Switch to trampoline page table before norelocate Date: Tue, 24 Mar 2026 19:45:27 +0800 Message-Id: <20260324114527.91494-5-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260324114527.91494-1-fangyu.yu@linux.alibaba.com> References: <20260324114527.91494-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Make riscv_kexec_norelocate a two-pass trampoline so it can drop the kernel page tables while still executing from a mapped address. On the first entry, t3 is initialized to 0 by machine_kexec(). Loads the physical address of riscv_kexec_norelocate and the trampoline SATP value, switches to the trampoline page table, and jumps to the trampoline VA(=3DPA). On the second entry, t3 contains the physical address of riscv_kexec_norelocate, so the PC comparison matches and execution continues under trampoline VA(=3DPA). Since the trampoline page table is already active, replace the previous stvec-based handoff with a direct jump to the target entry (jr a2). Signed-off-by: Fangyu Yu --- arch/riscv/kernel/kexec_relocate.S | 32 +++++++++++++++++++++++++----- arch/riscv/kernel/machine_kexec.c | 13 ++++++++++++ 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index af6b99f5b0fd..2b9892bf04f2 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -147,13 +147,35 @@ riscv_kexec_relocate_end: =20 =20 /* Used for jumping to crashkernel */ +.extern kexec_tramp_satp +.extern riscv_kexec_norelocate_pa .section ".kexec.tramp.text", "ax" SYM_CODE_START(riscv_kexec_norelocate) + /* + * Two-pass entry: + * - 1st entry: t3 =3D=3D 0 (initialized by machine_kexec()). + * + * - 2nd entry: t3 holds the physical address of + * riscv_kexec_norelocate, so auipc matches t3 and we fall through + * to label 1 to continue execution under trampoline VA(=3DPA). + */ + auipc t0, 0 + beq t0, t3, 1f + + la t0, riscv_kexec_norelocate_pa + REG_L t3, 0(t0) + la t0, kexec_tramp_satp + REG_L t1, 0(t0) + csrw CSR_SATP, t1 + sfence.vma x0, x0 + + jr t3 /* * s0: (const) Phys address to jump to * s1: (const) Phys address of the FDT image * s2: (const) The hartid of the current hart */ +1: mv s0, a1 mv s1, a2 mv s2, a3 @@ -199,13 +221,13 @@ SYM_CODE_START(riscv_kexec_norelocate) csrw CSR_SSCRATCH, zero =20 /* - * Switch to physical addressing - * This will also trigger a jump to CSR_STVEC - * which in this case is the address of the new - * kernel. + * We are already executing from the trampoline VA with the trampoline + * page table installed, so there is no need to rely on the old flow + * of programming stvec and taking the implicit trap on SATP switch. + * Jump directly to the target entry instead. */ - csrw CSR_STVEC, a2 csrw CSR_SATP, zero + jr a2 =20 SYM_CODE_END(riscv_kexec_norelocate) =20 diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 4e522a64a614..d78e7928c6cf 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -18,6 +18,8 @@ #include #include =20 +unsigned long kexec_tramp_satp; +unsigned long riscv_kexec_norelocate_pa; static pgd_t kexec_tramp_pgd[PTRS_PER_PGD] __aligned(PAGE_SIZE); static p4d_t kexec_tramp_p4d[PTRS_PER_P4D] __aligned(PAGE_SIZE); static pud_t kexec_tramp_pud[PTRS_PER_PUD] __aligned(PAGE_SIZE); @@ -266,6 +268,8 @@ machine_kexec(struct kimage *image) */ riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, __pa_symbol(__kexec_tramp_text_start)); + riscv_kexec_norelocate_pa =3D __pa_symbol(&riscv_kexec_norelocate); + kexec_tramp_satp =3D PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode; } =20 pr_notice("Will call new kernel at %08lx from hart id %lx\n", @@ -277,6 +281,15 @@ machine_kexec(struct kimage *image) =20 /* Jump to the relocation code */ pr_notice("Bye...\n"); + /* + * Initialize t3 to 0 for riscv_kexec_norelocate(). + * + * The norelocate trampoline uses t3 as a scratch register to record/ + * compare against the current PC when switching to the trampoline + * page table. Keep t3 untouched from here until we branch into + * riscv_kexec_norelocate. + */ + asm volatile ("li t3, 0x0" ::: "t3"); kexec_method(first_ind_entry, jump_addr, fdt_addr, this_hart_id, kernel_map.va_pa_offset); unreachable(); --=20 2.50.1