From nobody Mon Jun 8 21:59:58 2026 Received: from out30-133.freemail.mail.aliyun.com (out30-133.freemail.mail.aliyun.com [115.124.30.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55B2E202C46; Tue, 26 May 2026 12:50:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.133 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799823; cv=none; b=cd2oJPRfemkXC2tIr8jVicmyYAMWN4VXcV8KrCsyo/ygMrH3c3Fa1tsCTF8w490yPo9m/zqhVO2ot4ilOJjUhGfcvQB2TeoUSNJqNbiKA+MwnhcnA1MwXe8YUWNLvqQ/YeMaEIrdlQr7uEjBfJEoBtBFyRTKvjxZVqLsAcnPHMs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799823; c=relaxed/simple; bh=egfNQSBf1Qu2mK+lLwDnemHrQkPtBEWsLzEju3StLqc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nGteE1sA6h5mycvYn3u4E/wCkAOwzKVDjKiuugk0A9sXH4KxbpsVtJ8hm//K3CDAKK9ak+UKT5hGjn90L/n1Qi1euFNupSP7n15k+/cY2NtTW5RwHiKGaIDUJdo3qTenARNxjTja+xywznk1NtcBiD1dy59sSHTO9Z7mxZnnUuw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=jgjm/ghw; arc=none smtp.client-ip=115.124.30.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="jgjm/ghw" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799817; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=4YSxzzA490KamtxaOd7dYYkwJkuqZylRfAB7NDmYOFI=; b=jgjm/ghwc2aLd//UjUZEbhWgOsofqTcaBKX1e9sfZA9cD3WImJ1gRY41rTTRyNjhohGmYV0ReQ+cFyv54kAE9Bt/OuRUuFSOonH2KVdbnTNiWYF3A1JJL76V3PEo3Yyg3Z0WWViy7OzyeFsQh6jcY3CTAt94oq3feAp6zvrDjKI= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R181e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNK2_1779799815; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNK2_1779799815 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:16 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 1/7] riscv: Add kexec trampoline text section to vmlinux.lds.S Date: Tue, 26 May 2026 20:50:03 +0800 Message-Id: <20260526125009.2404-2-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu When CONFIG_KEXEC_CORE is enabled, add a dedicated .kexec.tramp.text area to the RISC-V kernel linker script. This introduces a KEXEC_TRAMP_TEXT linker snippet in image-vars.h and uses it from vmlinux.lds.S to: - align both the start and the end to PAGE_SIZE - define __kexec_tramp_text_start/__kexec_tramp_text_end - KEEP all .kexec.tramp.text* input sections - ASSERT the trampoline text fits within one page The end-of-section page alignment guarantees that the trampoline page, which is later identity-mapped as PAGE_KERNEL_EXEC, contains nothing but the trampoline code and padding (no shared neighbour data). When kexec is disabled, KEXEC_TRAMP_TEXT expands to nothing. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/image-vars.h | 14 ++++++++++++++ arch/riscv/kernel/vmlinux.lds.S | 1 + 2 files changed, 15 insertions(+) diff --git a/arch/riscv/kernel/image-vars.h b/arch/riscv/kernel/image-vars.h index 3bd9d06a8b8f..35ee3f059afa 100644 --- a/arch/riscv/kernel/image-vars.h +++ b/arch/riscv/kernel/image-vars.h @@ -34,4 +34,18 @@ __efistub_sysfb_primary_display =3D sysfb_primary_displa= y; =20 #endif =20 +#ifdef CONFIG_KEXEC_CORE +#define KEXEC_TRAMP_TEXT \ + . =3D ALIGN(PAGE_SIZE); \ + __kexec_tramp_text_start =3D .; \ + KEEP(*(.kexec.tramp.text)) \ + KEEP(*(.kexec.tramp.text.*)) \ + __kexec_tramp_text_end =3D .; \ + ASSERT((__kexec_tramp_text_end - __kexec_tramp_text_start) <=3D PAGE_SIZ= E, \ + ".kexec.tramp.text exceeds 4K"); \ + . =3D ALIGN(PAGE_SIZE); +#else +#define KEXEC_TRAMP_TEXT /* nothing */ +#endif + #endif /* __RISCV_KERNEL_IMAGE_VARS_H */ diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.ld= s.S index 1f4f8496941a..fc7758e5b819 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -41,6 +41,7 @@ SECTIONS ENTRY_TEXT IRQENTRY_TEXT SOFTIRQENTRY_TEXT + KEXEC_TRAMP_TEXT _etext =3D .; } =20 --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-131.freemail.mail.aliyun.com (out30-131.freemail.mail.aliyun.com [115.124.30.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD932232367; Tue, 26 May 2026 12:50:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799828; cv=none; b=nYV0a+G0NVbxXft762h0b90ryhgR3CHhqkZi+P/QfABFF0NSKHoyIXkB/RI8laF8+BOHFJbLx7uqAcTHgEiB20jIsnu/A2WMGC5dBtJDeg9R6ecAlJqG2aRKXgi5YsqPyNUSiRiEG8A22Ipx5Ey6Rmusq68qFaQA4wFzlelY3SE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799828; c=relaxed/simple; bh=OabSIHlhBI+gs0l14rnJPaYDr6JxhQuybSZmq4WT3+g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=j86KGE1s5OnqOgwXNAisR7uneO9/9Q1b35N5v8MFqV8TDqXdw/GP+NY3Jw3yTcEfC561/kEjPKvb5b7YYT1nW10HlTwTX23mdtNqd2bdDGBro2LaWqf5lSd++DLvaYle9jWzuRMD2cKlur7SvEDSnvkb12bTuEYgxFDvw4BBZto= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=s9D7TcgS; arc=none smtp.client-ip=115.124.30.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="s9D7TcgS" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799819; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=4g9/cguTkXnZOmW3mc5bH5fjRguARWthM2VYsbDUHZY=; b=s9D7TcgSGll+fJ0dDaN5t5dXM5TCl/eoSWxoBazRsAILL0SQf2TkDnCA4+2+LB0WFLd5m2az7pl8+9O7o6OWYs780KNKuzNUxKzHjayKvgA8/yt5M7PrTCf4onXwIT0i/sqFfGjZUP6jQGRpEEaJ4bD1PEM0NSUBP8eIbtKm0yw= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R201e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045098064;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNKJ_1779799816; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNKJ_1779799816 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:17 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 2/7] riscv: kexec: Place norelocate trampoline into .kexec.tramp.text Date: Tue, 26 May 2026 20:50:04 +0800 Message-Id: <20260526125009.2404-3-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Move riscv_kexec_norelocate out of the generic .text section and into a dedicated executable trampoline section, .kexec.tramp.text. Signed-off-by: Fangyu Yu --- arch/riscv/include/asm/kexec.h | 4 ++++ arch/riscv/kernel/kexec_relocate.S | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/kexec.h b/arch/riscv/include/asm/kexec.h index b9ee8346cc8c..6466c1f00d41 100644 --- a/arch/riscv/include/asm/kexec.h +++ b/arch/riscv/include/asm/kexec.h @@ -75,4 +75,8 @@ int load_extra_segments(struct kimage *image, unsigned lo= ng kernel_start, unsigned long cmdline_len); #endif =20 +#ifndef __ASSEMBLY__ +extern char __kexec_tramp_text_start[]; +#endif + #endif diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index de0a4b35d01e..af6b99f5b0fd 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -147,7 +147,7 @@ riscv_kexec_relocate_end: =20 =20 /* Used for jumping to crashkernel */ -.section ".text" +.section ".kexec.tramp.text", "ax" SYM_CODE_START(riscv_kexec_norelocate) /* * s0: (const) Phys address to jump to --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-113.freemail.mail.aliyun.com (out30-113.freemail.mail.aliyun.com [115.124.30.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D875926D4E5; Tue, 26 May 2026 12:50:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.113 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799831; cv=none; b=Eb8R/q3ZpqHI73Y2JRupuTjP58h7x8Vf1E1SnK8p4JCjWuQ7OiKfV6XQ+eAbJnZXkGj5nG/p2g5r0is2Xv69trSGon/569ehsn9GCwB3k+Aud8D9XnrsyOgWLyyf0k8XWWaG5dNTbqqB3KvPzB0kOJglmRlxUpZMg7waH9EOoeg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799831; c=relaxed/simple; bh=8SiWvvz26bUS7Le3dEb+IIoIBojQj2wF/fSvXCq5FWc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FjIbR4a0+IXzhgF2ceJb0/issfcahldvgE+TbRFrvWc3Hn9yQC2IcyfzdAiPCO9nrw0HElqvoCsRw6T2pRjDc/nZN5E4rNtTDbTpkQgGnHYeW3fAlzPfOj5PxY064NLqbROc/1OhMh8H08MCPwgYRjZaEZlVzcjbByw7qvG2EYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=YFUxxZsE; arc=none smtp.client-ip=115.124.30.113 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="YFUxxZsE" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799821; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=DvfO0VeeEacS9q7ZhAuHErWFEWy3R6Vu+rVPY71B4m0=; b=YFUxxZsEg3TL69wygoYTOkVhurcT1GLGf+EVtPbndq37jUdyCOAb+JcgYwd3/cy4ED8dr3KKvuTTEf4wjCeKw5Qfa9bjd+bJ/Y0bGw58TfceU9uPkCt+WEY2lSqiIsNTi00uehdUp5UvvRuObjSU03YbCUvRBGTxqu3q8A5SsBw= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R561e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNKm_1779799818; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNKm_1779799818 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:19 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 3/7] riscv: kexec: Build trampoline page tables for crash kernel entry Date: Tue, 26 May 2026 20:50:05 +0800 Message-Id: <20260526125009.2404-4-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Crash kexec uses riscv_kexec_norelocate as a trampoline to jump into the crashkernel. Add a small helper to build dedicated 4KB page tables that map the trampoline page as executable. Two mappings are installed: - VA(__kexec_tramp_text_start) -> PA(__kexec_tramp_text_start) - PA(__kexec_tramp_text_start) -> PA(__kexec_tramp_text_start) This allows the trampoline to run regardless of whether it is entered via its linked virtual address or its physical address. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 67 +++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 2306ce3e5f22..9b4b495e7c15 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -18,6 +18,65 @@ #include #include =20 +static pgd_t kexec_tramp_pgd[PTRS_PER_PGD] __aligned(PAGE_SIZE); +static p4d_t kexec_tramp_p4d[PTRS_PER_P4D] __aligned(PAGE_SIZE); +static pud_t kexec_tramp_pud[PTRS_PER_PUD] __aligned(PAGE_SIZE); +static pmd_t kexec_tramp_pmd[PTRS_PER_PMD] __aligned(PAGE_SIZE); +static pte_t kexec_tramp_pte[PTRS_PER_PTE] __aligned(PAGE_SIZE); +static p4d_t kexec_tramp_p4d2[PTRS_PER_P4D] __aligned(PAGE_SIZE); +static pud_t kexec_tramp_pud2[PTRS_PER_PUD] __aligned(PAGE_SIZE); +static pmd_t kexec_tramp_pmd2[PTRS_PER_PMD] __aligned(PAGE_SIZE); +static pte_t kexec_tramp_pte2[PTRS_PER_PTE] __aligned(PAGE_SIZE); + +static void map_tramp_page(p4d_t *p4ds, pud_t *puds, pmd_t *pmds, pte_t *p= tes, + unsigned long va, unsigned long pa) +{ + pgd_t *pgd =3D (pgd_t *)kexec_tramp_pgd + pgd_index(va); + pmd_t *pmd; + + if (pgtable_l5_enabled) { + p4d_t *p4d; + + set_pgd(pgd, pfn_pgd(PFN_DOWN(__pa_symbol(p4ds)), PAGE_TABLE)); + p4d =3D (p4d_t *)p4ds + p4d_index(va); + if (pgtable_l4_enabled) + set_p4d(p4d, pfn_p4d(PFN_DOWN(__pa_symbol(puds)), + PAGE_TABLE)); + else + set_p4d(p4d, pfn_p4d(PFN_DOWN(__pa_symbol(pmds)), + PAGE_TABLE)); + } else { + set_pgd(pgd, pfn_pgd(PFN_DOWN(__pa_symbol(puds)), PAGE_TABLE)); + } + + if (pgtable_l4_enabled) { + pud_t *pud =3D (pud_t *)puds + pud_index(va); + + set_pud(pud, pfn_pud(PFN_DOWN(__pa_symbol(pmds)), PAGE_TABLE)); + pmd =3D (pmd_t *)pmds + pmd_index(va); + } else { + pmd =3D (pmd_t *)puds + pmd_index(va); + } + set_pmd(pmd, pfn_pmd(PFN_DOWN(__pa_symbol(ptes)), PAGE_TABLE)); + + set_pte((pte_t *)ptes + pte_index(va), + pfn_pte(PFN_DOWN(pa), PAGE_KERNEL_EXEC)); +} + +static void riscv_kexec_build_tramp(unsigned long va, unsigned long pa) +{ + /* VA -> PA: map the trampoline page via its kernel VA. */ + map_tramp_page(kexec_tramp_p4d, kexec_tramp_pud, + kexec_tramp_pmd, kexec_tramp_pte, va, pa); + + /* + * PA -> PA: identity-map the same page so the second-pass code + * can keep executing after the kernel VA mapping is dropped. + */ + map_tramp_page(kexec_tramp_p4d2, kexec_tramp_pud2, + kexec_tramp_pmd2, kexec_tramp_pte2, pa, pa); +} + /* * machine_kexec_prepare - Initialize kexec * @@ -73,6 +132,14 @@ machine_kexec_prepare(struct kimage *image) =20 /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); + } else { + /* + * Crash kexec uses riscv_kexec_norelocate as a trampoline. + * Pre-build the trampoline page tables here so the panic + * path only has to switch satp and jump. + */ + riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, + __pa_symbol(__kexec_tramp_text_start)); } =20 return 0; --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-99.freemail.mail.aliyun.com (out30-99.freemail.mail.aliyun.com [115.124.30.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 83AF825A655; Tue, 26 May 2026 12:50:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.99 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799832; cv=none; b=rNxbqPBvCmguuwKU4pg7xdPzTDQHeCZotmR1PFT5wbZbgLmJYWphton229LKii2gyT9NeNFYsDMTAz7ieT5O2dxa1P/swns791MLdt/uq6dP/kusUO0njHgC7wvLF1srM7cZz16zpWS6RNy2p4TqKw7fSEsxIpbL/pB5auJmLTE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799832; c=relaxed/simple; bh=G3iEzS5T+XgFJEdLgTUJOHg963K1PioJf0ckKQFuV3E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UU4UoNBTQyWq0VTKDXOiRMuKOOGffzdPaNpv+BJo8+1hwJyv1VwfKLqyqqxBOqOplNu7T9E6KxiqoN9jpxxFHJEINHqoxcXEp7Yi3YvYlrrmifxvpugxzyZzqrm6PWVzFVDTfCx6qTD97QnJC1AdnNM0wrY7ZGg+sc3CqcTQzRo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=XkIhN/s3; arc=none smtp.client-ip=115.124.30.99 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="XkIhN/s3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799822; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=SuvbXy8tCKoaaEmxKOJd/JDFjbPQ2Ub/UQ4G8mPM/Dg=; b=XkIhN/s3V7zYQNb279RKMiC5TT6iKCuEA4EpsbF9dKI5QgXvk5ZwTVYR2kxRoI4ehEqIwE8pKlgawNvKPJB2vvHtvQhYHe1puK6D6pPdwU/pMWpUKDq6KGViqz9MTYhdVhrxn3vEFAlZvPMEQQENJbsyfNGM8RWBnJQjTJ9OP1k= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R181e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037033178;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNLM_1779799819; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNLM_1779799819 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:20 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 4/7] riscv: kexec: Switch to trampoline page table before norelocate Date: Tue, 26 May 2026 20:50:06 +0800 Message-Id: <20260526125009.2404-5-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Make riscv_kexec_norelocate a two-pass trampoline so it can drop the kernel page tables while still executing from a mapped address. On the first entry, t3 is initialized to 0 by machine_kexec(). Loads the physical address of riscv_kexec_norelocate and the trampoline SATP value, switches to the trampoline page table, and jumps to the trampoline VA(=3DPA). On the second entry, t3 contains the physical address of riscv_kexec_norelocate, so the PC comparison matches and execution continues under trampoline VA(=3DPA). Since the trampoline page table is already active, replace the previous stvec-based handoff with a direct jump to the target entry (jr a2). Signed-off-by: Fangyu Yu --- arch/riscv/kernel/kexec_relocate.S | 32 ++++++++++++++++++---- arch/riscv/kernel/machine_kexec.c | 44 +++++++++++++++++++++++++++--- 2 files changed, 67 insertions(+), 9 deletions(-) diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index af6b99f5b0fd..2b9892bf04f2 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -147,13 +147,35 @@ riscv_kexec_relocate_end: =20 =20 /* Used for jumping to crashkernel */ +.extern kexec_tramp_satp +.extern riscv_kexec_norelocate_pa .section ".kexec.tramp.text", "ax" SYM_CODE_START(riscv_kexec_norelocate) + /* + * Two-pass entry: + * - 1st entry: t3 =3D=3D 0 (initialized by machine_kexec()). + * + * - 2nd entry: t3 holds the physical address of + * riscv_kexec_norelocate, so auipc matches t3 and we fall through + * to label 1 to continue execution under trampoline VA(=3DPA). + */ + auipc t0, 0 + beq t0, t3, 1f + + la t0, riscv_kexec_norelocate_pa + REG_L t3, 0(t0) + la t0, kexec_tramp_satp + REG_L t1, 0(t0) + csrw CSR_SATP, t1 + sfence.vma x0, x0 + + jr t3 /* * s0: (const) Phys address to jump to * s1: (const) Phys address of the FDT image * s2: (const) The hartid of the current hart */ +1: mv s0, a1 mv s1, a2 mv s2, a3 @@ -199,13 +221,13 @@ SYM_CODE_START(riscv_kexec_norelocate) csrw CSR_SSCRATCH, zero =20 /* - * Switch to physical addressing - * This will also trigger a jump to CSR_STVEC - * which in this case is the address of the new - * kernel. + * We are already executing from the trampoline VA with the trampoline + * page table installed, so there is no need to rely on the old flow + * of programming stvec and taking the implicit trap on SATP switch. + * Jump directly to the target entry instead. */ - csrw CSR_STVEC, a2 csrw CSR_SATP, zero + jr a2 =20 SYM_CODE_END(riscv_kexec_norelocate) =20 diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 9b4b495e7c15..00fdc42d650d 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -18,6 +18,8 @@ #include #include =20 +unsigned long kexec_tramp_satp; +unsigned long riscv_kexec_norelocate_pa; static pgd_t kexec_tramp_pgd[PTRS_PER_PGD] __aligned(PAGE_SIZE); static p4d_t kexec_tramp_p4d[PTRS_PER_P4D] __aligned(PAGE_SIZE); static pud_t kexec_tramp_pud[PTRS_PER_PUD] __aligned(PAGE_SIZE); @@ -135,11 +137,17 @@ machine_kexec_prepare(struct kimage *image) } else { /* * Crash kexec uses riscv_kexec_norelocate as a trampoline. - * Pre-build the trampoline page tables here so the panic - * path only has to switch satp and jump. + * Pre-build the trampoline page tables and capture the + * trampoline SATP value plus the physical address of + * riscv_kexec_norelocate so that the panic path only has + * to switch satp and jump. */ riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, __pa_symbol(__kexec_tramp_text_start)); + WRITE_ONCE(riscv_kexec_norelocate_pa, + __pa_symbol(&riscv_kexec_norelocate)); + WRITE_ONCE(kexec_tramp_satp, + PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); } =20 return 0; @@ -243,7 +251,35 @@ machine_kexec(struct kimage *image) =20 /* Jump to the relocation code */ pr_notice("Bye...\n"); - kexec_method(first_ind_entry, jump_addr, fdt_addr, - this_hart_id, kernel_map.va_pa_offset); + /* + * Hand off to the trampoline. For KEXEC_TYPE_CRASH we go into + * riscv_kexec_norelocate, which uses t3 as the 1st/2nd-pass + * discriminator (must be 0 on first entry). A bare + * asm volatile ("li t3, 0" ::: "t3") + * before the C call only declares t3 *modified*; the compiler is + * free to use t3 as scratch when materialising args. Pin t3 =3D 0 + * (and the args) via local register variables and perform the + * indirect jump inside the same inline asm so t3 =3D=3D 0 is + * guaranteed at the moment control leaves machine_kexec(). + */ + { + register unsigned long a0_val asm("a0") =3D first_ind_entry; + register unsigned long a1_val asm("a1") =3D jump_addr; + register unsigned long a2_val asm("a2") =3D fdt_addr; + register unsigned long a3_val asm("a3") =3D this_hart_id; + register unsigned long a4_val asm("a4") =3D kernel_map.va_pa_offset; + register unsigned long t3_zero asm("t3") =3D 0; + register riscv_kexec_method m asm("t6") =3D kexec_method; + + asm volatile ( + "jr %[m]" + : + : "r" (a0_val), "r" (a1_val), "r" (a2_val), + "r" (a3_val), "r" (a4_val), + "r" (t3_zero), + [m] "r" (m) + : "memory" + ); + } unreachable(); } --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-98.freemail.mail.aliyun.com (out30-98.freemail.mail.aliyun.com [115.124.30.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A9C737EFF3; Tue, 26 May 2026 12:50:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.98 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799835; cv=none; b=K436f5WQg1SI1i2jkDnY3itfcJ9rja0avwi/Jy41F9tdBn9yW1bCHh2Q6ukVey3mN7HrFqdOzp3A0HHgB1CJOc+5tKcDTGiaGXIFrlD8NcsbeaREwYEAciB9u7vE7hOucQlpxbmuSUPOsZP4No0WPNpeW6VAzI72sygZgyXAClo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799835; c=relaxed/simple; bh=VCUjDrsjVspkhuBEKcRPcCLnj7lk4umSF2Zo04XjNoU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OVAHixQGMbna5hcnvz8ErGLu0iFxC8ut+mUOp7xUl3Ju0r/DOCEcO1R+rSVRFNVti5DAUdROZEMlGlghSuhL5TfOLrnKvFZ/22woIyaqw3qoQ9l5EA0MxQbBnsctLId41hbkBejpSLRel7DdkO7tTFdWC0wwkdp2dzOITC42wgg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=WNWXyrAR; arc=none smtp.client-ip=115.124.30.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="WNWXyrAR" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799824; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=RmDJAqGKM/ksShAqBTWgLgvF5EBn9yG49TTpjD3uJ+Y=; b=WNWXyrARQsdBBg47jHy6N6xd+VIUzNOdSF8TFlE1pF7cc5Xq4+pF3bvnk97vnA7xjNYCZNyN2wWBfGClp9ls+6/qmnIvbNkS2Z/ZgYB+DXSXAmggeGOpKJRG2RT2K3Okzh214qiJMXRcO9VIJJZw1ic5gnbI/9Fc1XViVs5EZF8= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R291e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037033178;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNLy_1779799821; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNLy_1779799821 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:22 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 5/7] riscv: kexec: Always build the trampoline page table Date: Tue, 26 May 2026 20:50:07 +0800 Message-Id: <20260526125009.2404-6-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu The trampoline page table and the kexec_tramp_satp value are currently built only on the crash path. A follow-up patch needs the same infrastructure for the normal kexec path. Pull the trampoline build and the WRITE_ONCE() that publishes the SATP value out of the crash-only else branch in machine_kexec_prepare(). The crash path keeps recording its own riscv_kexec_norelocate_pa; the normal path keeps its existing control_code_buffer copy. No functional change. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 00fdc42d650d..556b76bcf96e 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -119,6 +119,16 @@ machine_kexec_prepare(struct kimage *image) return -EINVAL; } =20 + /* + * Build the trampoline page table and capture its SATP value. + * The crash path consumes it today; the non-crash kexec path + * will use the same setup as well. + */ + riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, + __pa_symbol(__kexec_tramp_text_start)); + WRITE_ONCE(kexec_tramp_satp, + PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); + /* Copy the assembler code for relocation to the control page */ if (image->type !=3D KEXEC_TYPE_CRASH) { control_code_buffer =3D page_address(image->control_code_page); @@ -135,19 +145,8 @@ machine_kexec_prepare(struct kimage *image) /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); } else { - /* - * Crash kexec uses riscv_kexec_norelocate as a trampoline. - * Pre-build the trampoline page tables and capture the - * trampoline SATP value plus the physical address of - * riscv_kexec_norelocate so that the panic path only has - * to switch satp and jump. - */ - riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, - __pa_symbol(__kexec_tramp_text_start)); WRITE_ONCE(riscv_kexec_norelocate_pa, __pa_symbol(&riscv_kexec_norelocate)); - WRITE_ONCE(kexec_tramp_satp, - PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); } =20 return 0; --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-100.freemail.mail.aliyun.com (out30-100.freemail.mail.aliyun.com [115.124.30.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6DCE73F9F38; Tue, 26 May 2026 12:50:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.100 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799840; cv=none; b=ORFSGeU6+HrDCz6icW92aW3YtSNl1pGw//TrYySUIgARdp+LTvlSWbDSwwZQr087RrETcb8R2AUd9Ql93gr/u/QzRVqYfid5gKPhjzyiHWmVa+r9E0nv2qVdz0EUgnokdKi5NnTXt6XTeVUeiLKwx4C0R9ci4kojzeHX8G/sAcI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799840; c=relaxed/simple; bh=6ApyXTA7g7W4J4BFFiv3aCiDu7w7MZ22v/2VG7XNi5k=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=LFcidP9ESXPPvpWC8wxv9usKWui3znqGd+75bYqcMP6a6OQlXy532gkd9eIfkt4whfo8w43Wgo1oR9YiqRkwa5KxjOcNaUSr2x00e+zgBngQ1JyeVQtJwrnG2hktoBBzvuUXGxX0onFC6gGeegt6F7Zw/uG6SGZhN+A8AZMqzJc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=a5PUtPn8; arc=none smtp.client-ip=115.124.30.100 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="a5PUtPn8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799827; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=CG77WpWSVnm3Eju7kwY3q1qRZqr7VASAGJnhObRcxEo=; b=a5PUtPn8EksWgzRsQ0O4kfVN6xO5Ah3UbDuYQvM6V5Mp78NomgjN20i9Cz1EYL1mcXZobIkV4t5xk6n/hzcT3ktOilOjBTAecxMC779P4J+WknReV8A+nT5kw8VmnlZVBGzdOr5zwXBd7NPeIf3wIbkS+70itg7nzJGPpz8l3O4= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R131e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNMZ_1779799822; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNMZ_1779799822 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:23 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 6/7] riscv: kexec: Add the relocate-trampoline wrapper Date: Tue, 26 May 2026 20:50:08 +0800 Message-Id: <20260526125009.2404-7-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Add riscv_kexec_relocate_entry to .kexec.tramp.text and the two asm-visible globals (riscv_kexec_relocate_entry_pa and riscv_kexec_cc_buffer_pa) that the wrapper consumes. The wrapper performs the same two-step transition used by the crash path: switch to the trampoline pgd, jump to the PA of self, then drop the MMU with PC already on a PA. It finally jumps to the PA of control_code_buffer. machine_kexec_prepare() publishes the wrapper PA and the control_code_buffer PA via WRITE_ONCE for non-crash images. Nothing routes to the wrapper yet; the switchover happens in the follow-up patch. Signed-off-by: Fangyu Yu --- arch/riscv/include/asm/kexec.h | 1 + arch/riscv/kernel/kexec_relocate.S | 37 ++++++++++++++++++++++++++++++ arch/riscv/kernel/machine_kexec.c | 7 ++++++ 3 files changed, 45 insertions(+) diff --git a/arch/riscv/include/asm/kexec.h b/arch/riscv/include/asm/kexec.h index 6466c1f00d41..b75cab959e53 100644 --- a/arch/riscv/include/asm/kexec.h +++ b/arch/riscv/include/asm/kexec.h @@ -53,6 +53,7 @@ typedef void (*riscv_kexec_method)(unsigned long first_in= d_entry, unsigned long va_pa_off); =20 extern riscv_kexec_method riscv_kexec_norelocate; +extern riscv_kexec_method riscv_kexec_relocate_entry; =20 #ifdef CONFIG_KEXEC_FILE extern const struct kexec_file_ops elf_kexec_ops; diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index 2b9892bf04f2..1baadad1b546 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -231,6 +231,43 @@ SYM_CODE_START(riscv_kexec_norelocate) =20 SYM_CODE_END(riscv_kexec_norelocate) =20 +.extern riscv_kexec_relocate_entry_pa +.extern riscv_kexec_cc_buffer_pa +.section ".kexec.tramp.text", "ax" +SYM_CODE_START(riscv_kexec_relocate_entry) + /* + * Two-pass entry, identical in shape to riscv_kexec_norelocate: + * - 1st entry: t3 =3D=3D 0 (initialized by machine_kexec()). + * - 2nd entry: t3 =3D=3D PA of riscv_kexec_relocate_entry, so auipc + * matches t3 and we fall through to label 1. + * Args a0..a4 are passed through unchanged to riscv_kexec_relocate. + */ + auipc t0, 0 + beq t0, t3, 1f + + la t0, riscv_kexec_relocate_entry_pa + REG_L t3, 0(t0) + la t0, kexec_tramp_satp + REG_L t1, 0(t0) + csrw CSR_SATP, t1 + sfence.vma x0, x0 + + jr t3 +1: + /* + * Now executing at the PA of this wrapper with the trampoline pgd + * installed (identity-mapped). Drop the MMU; PC stays valid because + * it is already a PA. + */ + csrw CSR_SATP, zero + sfence.vma x0, x0 + + /* Jump to the PA of control_code_buffer to run the relocate body. */ + la t0, riscv_kexec_cc_buffer_pa + REG_L t0, 0(t0) + jr t0 +SYM_CODE_END(riscv_kexec_relocate_entry) + .section ".rodata" SYM_DATA(riscv_kexec_relocate_size, .long riscv_kexec_relocate_end - riscv_kexec_relocate) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 556b76bcf96e..e3eb1e71920a 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -20,6 +20,8 @@ =20 unsigned long kexec_tramp_satp; unsigned long riscv_kexec_norelocate_pa; +unsigned long riscv_kexec_relocate_entry_pa; +unsigned long riscv_kexec_cc_buffer_pa; static pgd_t kexec_tramp_pgd[PTRS_PER_PGD] __aligned(PAGE_SIZE); static p4d_t kexec_tramp_p4d[PTRS_PER_P4D] __aligned(PAGE_SIZE); static pud_t kexec_tramp_pud[PTRS_PER_PUD] __aligned(PAGE_SIZE); @@ -144,6 +146,11 @@ machine_kexec_prepare(struct kimage *image) =20 /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); + + WRITE_ONCE(riscv_kexec_relocate_entry_pa, + __pa_symbol(&riscv_kexec_relocate_entry)); + WRITE_ONCE(riscv_kexec_cc_buffer_pa, + __pa(control_code_buffer)); } else { WRITE_ONCE(riscv_kexec_norelocate_pa, __pa_symbol(&riscv_kexec_norelocate)); --=20 2.50.1 From nobody Mon Jun 8 21:59:58 2026 Received: from out30-98.freemail.mail.aliyun.com (out30-98.freemail.mail.aliyun.com [115.124.30.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CF9C325A655; Tue, 26 May 2026 12:50:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.98 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799838; cv=none; b=eIhHyd6u3TBFZpEGquPicBmmhAwuxFW/N53zbWi2+3eNa+4bBG7Af7YHh6b7VCgJwM9hhUyoXdRzJmR07EkV8qnOY6PQTg6+c0peWfONACHfn9joU2sw5qYEjJi6T2o/ufXydSAuZF7BNUsS6w23NPMNOz3T6FUj3Yryys4LveE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779799838; c=relaxed/simple; bh=BjtBSBWyy5bnHkYzlCFqD9QFWKPcMRF5SKsAmW9n+2o=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=r/Ejdhiz3fkndQpyd+VYkiHJwps28eNpIdgEYwraYe2NFjzAvhzPctr8mYXY/ZBhe1yR0KyZsMDcqF9tuOHXE5t1PDpC0WTs4PGFid97sajH7Uwj/Tb4kZAyJYI7shI+GsaOOK+G98NWrUmWTCn2DOJHH17OjViywmSviN1f2RA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=CdQ86Ywa; arc=none smtp.client-ip=115.124.30.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="CdQ86Ywa" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1779799828; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=4O/AJryMQ9T9OTSkYrEaZ42+vviQ81VgiXQiB0NE6IU=; b=CdQ86YwaSU+AotWxqnMqwTnqmpcZMyt1F2tBSf3Aat5CrageH/xgGUajE36dn5Aih3AezrZpOJh92QKmTaElZTQda29i+u2Wyo9YdrpJsypQWpVTfWSP3CrU2YZmtYmXOXSW7t29NtKq/CQ+XOmk/CdDAPco3KjAiqXhtWuV0nA= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R211e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam011083073210;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X3gDNMu_1779799824; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X3gDNMu_1779799824 cluster:ay36) by smtp.aliyun-inc.com; Tue, 26 May 2026 20:50:25 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v2 7/7] riscv: kexec: Route normal kexec through the trampoline page table Date: Tue, 26 May 2026 20:50:09 +0800 Message-Id: <20260526125009.2404-8-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> References: <20260526125009.2404-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu riscv_kexec_relocate (copied into control_code_buffer) uses an stvec trick to drop the MMU and land on the PA of the next loop label. Under VS-mode KVM cannot emulate this single-step transition and the VCPU dies with "kvm run failed Operation not supported". Route normal kexec through riscv_kexec_relocate_entry, the trampoline wrapper added in the previous patch. It drops SATP with PC already on a PA, then hands off to control_code_buffer where the relocate body runs with SATP=3D0. Drop the stvec trick from the relocate body and pass first_ind_entry as a physical address since the body now starts with SATP=3D0. The ".align 2" plus filler "nop" that ensured the PA of the loop top was 4-byte aligned -- required because the legacy stvec trick wrote that PA into stvec.BASE, whose low two bits are MODE and are discarded by the hardware -- is no longer load-bearing and is removed as well. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/kexec_relocate.S | 26 ++++++-------------------- arch/riscv/kernel/machine_kexec.c | 10 +++++++--- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index 1baadad1b546..29392f457f42 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -34,27 +34,13 @@ SYM_CODE_START(riscv_kexec_relocate) csrw CSR_SIP, zero =20 /* - * When we switch SATP.MODE to "Bare" we'll only - * play with physical addresses. However the first time - * we try to jump somewhere, the offset on the jump - * will be relative to pc which will still be on VA. To - * deal with this we set stvec to the physical address at - * the start of the loop below so that we jump there in - * any case. + * The trampoline wrapper (riscv_kexec_relocate_entry) has already + * dropped the MMU and handed control to us at this PA copy of the + * relocate code. From here on the entire loop runs with SATP=3D0 and + * every address (s0, s5, source/dest pointers) is a physical one. */ - la s6, 1f - sub s6, s6, s4 - csrw CSR_STVEC, s6 - - /* - * With C-extension, here we get 42 Bytes and the next - * .align directive would pad zeros here up to 44 Bytes. - * So manually put a nop here to avoid zeros padding. - */ - nop =20 /* Process entries in a loop */ -.align 2 1: REG_L t0, 0(s0) /* t0 =3D *image->entry */ addi s0, s0, RISCV_SZPTR /* image->entry++ */ @@ -70,8 +56,8 @@ SYM_CODE_START(riscv_kexec_relocate) andi t1, t0, 0x2 beqz t1, 2f andi s0, t0, ~0x2 - csrw CSR_SATP, zero - jr s6 + /* MMU is already off; the entry wrapper handled the transition. */ + j 1b =20 2: /* IND_DONE entry ? -> jump to done label */ diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index e3eb1e71920a..99cc251f971c 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -231,11 +231,15 @@ machine_kexec(struct kimage *image) { struct kimage_arch *internal =3D &image->arch; unsigned long jump_addr =3D (unsigned long) image->start; - unsigned long first_ind_entry =3D (unsigned long) &image->head; + /* + * The relocate body runs entirely with the MMU off (the wrapper + * drops SATP before jumping into control_code_buffer), so the very + * first entry must be a physical address. + */ + unsigned long first_ind_entry =3D __pa(&image->head); unsigned long this_cpu_id =3D __smp_processor_id(); unsigned long this_hart_id =3D cpuid_to_hartid_map(this_cpu_id); unsigned long fdt_addr =3D internal->fdt_addr; - void *control_code_buffer =3D page_address(image->control_code_page); riscv_kexec_method kexec_method =3D NULL; =20 #ifdef CONFIG_SMP @@ -244,7 +248,7 @@ machine_kexec(struct kimage *image) #endif =20 if (image->type !=3D KEXEC_TYPE_CRASH) - kexec_method =3D control_code_buffer; + kexec_method =3D (riscv_kexec_method) &riscv_kexec_relocate_entry; else kexec_method =3D (riscv_kexec_method) &riscv_kexec_norelocate; =20 --=20 2.50.1