From nobody Mon Jun 8 08:35:57 2026 Received: from out30-124.freemail.mail.aliyun.com (out30-124.freemail.mail.aliyun.com [115.124.30.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09A4543C061; Thu, 4 Jun 2026 13:24:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579480; cv=none; b=u6nFnO7UPzLXHpiHxZOuDcFMOfsNm11brLZatOzlGEz9Di2dnsXffAUzTzu/B7SQkPkOayUgZIz9vItcbu+zDUBFY6+B47eX03ss6lfpU0l5jMoJlEbgEU0dX+Vjq7hmM7R99ukXpnDcH/4o1lf8siVo/eJw691Qh6Xkx/WCGfc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579480; c=relaxed/simple; bh=nu8W7twZjz5nIDlkKua2W3bKJV/ysCREgtclmrGqtW8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BViTPKCoq2RK11potvfMd2sqtP8x876/hlNhXgb4TcW0ruLbVeaighLPCiBJ5041wFlhFzwzjndajlFnVtjdnWjUweNk8VEW/iHX8EI7YRhoZcuYRoZFh7XHnQzEp6XFV1ptpND7YI9jtNyZrrDTVASPFyXMENpY/8+w2vTQpmg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=S8zh3jHO; arc=none smtp.client-ip=115.124.30.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="S8zh3jHO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579466; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=/yMhiuP+Blm+ANy4YIKSZBeqw55+G0nlxi+JWHCA5d8=; b=S8zh3jHOwUiHsWACoJKv6JVNLtLsvCrJhu7d8rU5vx/KF3zGLtb1Nh/hf6/HYTJmmzWegcdwPEau4KHnNF3l1Xxyhj+9K3FduVHeyyfmU6dueM48fHSNdOk3/ywVcZ0Iit+2ojKOwysy2GBLUO+DEo08Pa3Uz/zg0hwt/OWsYRg= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037009110;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnWu_1780579463; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnWu_1780579463 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:24 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 1/9] riscv: kexec: Reset executable bit on the control code page in cleanup Date: Thu, 4 Jun 2026 21:24:10 +0800 Message-Id: <20260604132418.15725-2-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu machine_kexec_prepare() calls set_memory_x() on the per-image control_code_page so the relocate stub copied into it can be executed during a normal kexec. machine_kexec_cleanup() is empty, so when the image is freed (via kexec -u, or because a later step in load failed) the page is returned to the buddy allocator with its executable bit still set. Once the page is reallocated for arbitrary kernel data, the W^X invariant is broken: a writable page also marked executable. Implement the architecture cleanup hook to call set_memory_nx() on the control code page for non-crash images, mirroring the set_memory_x() in prepare(). The crash path does not call set_memory_x() (the crash kernel is loaded into the reserved crashkernel region whose pages are not in the buddy allocator) and so does not need the cleanup. Fixes: fba8a8674f68 ("RISC-V: Add kexec support") Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 2306ce3e5f22..ea6794c9f4c2 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -91,6 +91,19 @@ machine_kexec_prepare(struct kimage *image) void machine_kexec_cleanup(struct kimage *image) { + void *control_code_buffer; + + if (image->type =3D=3D KEXEC_TYPE_CRASH || !image->control_code_page) + return; + + /* + * machine_kexec_prepare() called set_memory_x() on the control + * code page for non-crash images. Revert it before kimage_free() + * returns the page to the buddy allocator, so we do not leak an + * executable page back into general allocation. + */ + control_code_buffer =3D page_address(image->control_code_page); + set_memory_nx((unsigned long)control_code_buffer, 1); } =20 =20 --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-100.freemail.mail.aliyun.com (out30-100.freemail.mail.aliyun.com [115.124.30.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 06165413249; Thu, 4 Jun 2026 13:24:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.100 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579473; cv=none; b=TVjowMjLo/4BY91fLLRsaItBodtjfTGyl8IUEnFQz/Wa/x7rARbPv8LRI+wTbMwS2DfmZw6fTZyTjNyMiI8LmvktjAq7cDpM0pKb/mXQRXFmeKxtWWW9mN9INQ6B10ZFq92EJAFLEYNP++mOdRK37X4bSdDoJGFxOgKTEm9HO90= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579473; c=relaxed/simple; bh=pMTKys86GxKDFNgEwsQfuE/mmVXtSkokNA5fOFy507s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mRrOsm4oK5qpzOYrzhC7aA69RP7FcxdrUrsCWwG3RjAJgnz6PhON4S5+Fj7bEoWBwZXt37cKQae1Os5msiNrcjA8KgVASKnG1zlI5g76pjxTSF/hBFh8ANfk8TEhXrm83Nkol40QDuvPer/Oc8Pzs+yjwZQT475hC/nlgIkCKOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=gv387/lI; arc=none smtp.client-ip=115.124.30.100 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="gv387/lI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579467; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=hnfOs1moHlmKQb6ZUmVUxruUKOqYR4tMlxRWD85j61U=; b=gv387/lI93YGi5suqcoP9YqUaspV2zSgGvO1xWDbPe0wEyOXkwaeFEPA3TcYDGDl8iUUyVa7NPv1npX1C2Gb57dtAno45T0SpXgEKXpZ3w/XUzxmFgoESTKlWxj7fB7d7TZrNxiuXBR+e2WAimVhEqm1wIreLREaGeLDijqXKTs= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037033178;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnXP_1780579465; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnXP_1780579465 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:26 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 2/9] riscv: kexec: Bound FDT search by source buffer size, not destination Date: Thu, 4 Jun 2026 21:24:11 +0800 Message-Id: <20260604132418.15725-3-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu The FDT search loop in machine_kexec_prepare() reads sizeof(fdt) bytes from segment[i].buf to identify the device tree, but it gates the read on segment[i].memsz, which is the destination size in the next kernel. kexec allows bufsz < memsz (the loaded image is zero-padded at the destination), so a caller can craft a segment with bufsz=3D10 and memsz=3D1MB: if (image->segment[i].memsz <=3D sizeof(fdt)) /* 1MB > 40, OK */ continue; memcpy(&fdt, image->segment[i].buf, sizeof(fdt)); /* reads 40 from a 10-byte kbuf */ For kexec_file_load (image->file_mode), the read walks 30 bytes past the kernel-allocated kbuf. In the worst case the trailing bytes fall in an unmapped guard page and the read faults the kernel; in the common case the read returns garbage which fdt_check_header() rejects and the loop continues. The plain kexec_load path is shielded by copy_from_user(), which validates the read against the user mapping. Replace the memsz check with the bufsz check, which is the right bound for the read site. Fixes: fba8a8674f68 ("RISC-V: Add kexec support") Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index ea6794c9f4c2..e6e179cffc44 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -38,7 +38,7 @@ machine_kexec_prepare(struct kimage *image) =20 /* Find the Flattened Device Tree and save its physical address */ for (i =3D 0; i < image->nr_segments; i++) { - if (image->segment[i].memsz <=3D sizeof(fdt)) + if (image->segment[i].bufsz < sizeof(fdt)) continue; =20 if (image->file_mode) --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-113.freemail.mail.aliyun.com (out30-113.freemail.mail.aliyun.com [115.124.30.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76D7E44E037; Thu, 4 Jun 2026 13:24:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.113 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579476; cv=none; b=By7BQrj6T4xGwr0/myC1DgGD7UmLewIQ+3LcP3gljPEX7qPKUT9PhBRSlo5BQ/FqaWg71Ov0SRvejqL0BbYjHUdH/l6g9TFCrws9MUJ/RvEfRvnioXk++QUUUPSvYzbY3jYRjMMUpWb/3+L8SJJisS3xt7yDAwmv1Zk595Qie2c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579476; c=relaxed/simple; bh=yrZGRcgpP+586LXh4ul6G5gBazpZXUgTFN4htF8QiJU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Vu46IVW9RhUOGHp4ebGJ8yHAqXIoh2fVz6qWz3/e0TRrZv98Ka0MUg02dJ5RJtO33rlPVw4ly0GslD1WY7Ailds/GjzLctbxsqNkiDLGQrGEZCtgLNOJfkwqwOaHnaXyr5JcYBj7q9T4erbadu1M9ChMO8hbbPaNGt9CrsVlAqU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=hePjELNL; arc=none smtp.client-ip=115.124.30.113 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="hePjELNL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579469; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=wGJTJ/FaZhfGglBz44gxrkrG5R80OdCp7c0qc5/blwo=; b=hePjELNLQCnP7kuoBUge4nzvf0lfBjeKOuWzWw7K664wXv9h8aYjndJzIumjfRXgzw1/417tQJGVKlsFfY1uMXjefrRz+y5lqXI2EGII6goDdMLUbnFwRm4t2UCASEapFAgpusuIbTIszTM4l3sptN8y2nSB3s27YtqPx6arqMo= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R721e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnXk_1780579466; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnXk_1780579466 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:27 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 3/9] riscv: Add kexec trampoline text section to vmlinux.lds.S Date: Thu, 4 Jun 2026 21:24:12 +0800 Message-Id: <20260604132418.15725-4-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu When CONFIG_KEXEC_CORE is enabled, add a dedicated .kexec.tramp.text area to the RISC-V kernel linker script. Extend vmlinux.lds.S to: - align both the start and the end to PAGE_SIZE - define __kexec_tramp_text_start/__kexec_tramp_text_end - KEEP all .kexec.tramp.text* input sections - ASSERT the trampoline text fits within one page The end-of-section page alignment guarantees that the trampoline page, which is later identity-mapped as PAGE_KERNEL_EXEC, contains nothing but the trampoline code and padding (no shared neighbour data). When kexec is disabled, the whole block is excluded via #ifdef CONFIG_KEXEC_CORE. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/vmlinux.lds.S | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.ld= s.S index 1f4f8496941a..bc615f7b702f 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -41,6 +41,16 @@ SECTIONS ENTRY_TEXT IRQENTRY_TEXT SOFTIRQENTRY_TEXT +#ifdef CONFIG_KEXEC_CORE + . =3D ALIGN(PAGE_SIZE); + __kexec_tramp_text_start =3D .; + KEEP(*(.kexec.tramp.text)) + KEEP(*(.kexec.tramp.text.*)) + __kexec_tramp_text_end =3D .; + ASSERT((__kexec_tramp_text_end - __kexec_tramp_text_start) <=3D PAGE_SIZ= E, + ".kexec.tramp.text exceeds PAGE_SIZE"); + . =3D ALIGN(PAGE_SIZE); +#endif _etext =3D .; } =20 --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-98.freemail.mail.aliyun.com (out30-98.freemail.mail.aliyun.com [115.124.30.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0B6940F8D8; Thu, 4 Jun 2026 13:24:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.98 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579475; cv=none; b=EAmDIdNfUE6qjHxgFgJfPo34Kyi4kvz76nKX3fni4dFYjdLAYZGPeA0JOC8dcZa2OodcNjOB6qR89SoX8sBMPOpVQUltmvDsykGg6A8QYoYtmEVVFJBY40400MQ4uuvwjTJmlU8K0Wi4kUUcwQW/5TJC0hEQhUGab88GpJ0iFGw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579475; c=relaxed/simple; bh=OabSIHlhBI+gs0l14rnJPaYDr6JxhQuybSZmq4WT3+g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lO77rj+/tZvW3kA021IUiVC+lYbJGqndiS8vOjLS6WISXVPIMabhFYckBZQ3GmXnqeg2fx8PeNpknuvEbZihKn2dXDnc8F0C/dLN4oVJ6jsbxvSTZ4L9Z+XW2vN5nsPOeNSTxFj6lOZkZVJznoyLpqEueICLP7sDEU5YxRLBKiM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=t6IZNhSq; arc=none smtp.client-ip=115.124.30.98 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="t6IZNhSq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579470; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=4g9/cguTkXnZOmW3mc5bH5fjRguARWthM2VYsbDUHZY=; b=t6IZNhSqWNOrU9gFI2mLRkTkWVqtkgU/Y9fZdkP+1pAbkrzGFFDH0d9DjyX0bTT6GWJZVbcjdIwL6hnRhxChgWTDAEUpsjKm6EnhfHMttvJdtV/UsV9RMtJVrUbmXLMnGMbwHSnXg16ZnwuM0FRxU3Ol81fgXFzPV3ctvwZxJ9g= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R191e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037033178;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnYF_1780579468; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnYF_1780579468 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:29 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 4/9] riscv: kexec: Place norelocate trampoline into .kexec.tramp.text Date: Thu, 4 Jun 2026 21:24:13 +0800 Message-Id: <20260604132418.15725-5-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Move riscv_kexec_norelocate out of the generic .text section and into a dedicated executable trampoline section, .kexec.tramp.text. Signed-off-by: Fangyu Yu --- arch/riscv/include/asm/kexec.h | 4 ++++ arch/riscv/kernel/kexec_relocate.S | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/riscv/include/asm/kexec.h b/arch/riscv/include/asm/kexec.h index b9ee8346cc8c..6466c1f00d41 100644 --- a/arch/riscv/include/asm/kexec.h +++ b/arch/riscv/include/asm/kexec.h @@ -75,4 +75,8 @@ int load_extra_segments(struct kimage *image, unsigned lo= ng kernel_start, unsigned long cmdline_len); #endif =20 +#ifndef __ASSEMBLY__ +extern char __kexec_tramp_text_start[]; +#endif + #endif diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index de0a4b35d01e..af6b99f5b0fd 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -147,7 +147,7 @@ riscv_kexec_relocate_end: =20 =20 /* Used for jumping to crashkernel */ -.section ".text" +.section ".kexec.tramp.text", "ax" SYM_CODE_START(riscv_kexec_norelocate) /* * s0: (const) Phys address to jump to --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-111.freemail.mail.aliyun.com (out30-111.freemail.mail.aliyun.com [115.124.30.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0EF4647DD47; Thu, 4 Jun 2026 13:24:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.111 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579480; cv=none; b=E6RfTiza2lO4t3XbZddm8gcCO90S8ma2YWyR2Q8+Lzh+xcTpfiTOHgxBLEMy6BcU1IO2V9juRv/mRo2w5ZLyPcvFI7GMZEUYQfzlwcJPWs7NWoIUfGN5JpJJNVnVJ9hnHCJlQ4GIYfugjdoS1b7OvnRKiRKxpyqnNtgEqwmQvmk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579480; c=relaxed/simple; bh=1/68anwHwJcr/r4neQJTEVtQ22cYwpuKahuDCH+4RVw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jtHadFNkZrWPUcxUzxbeYcqiGXgob6RgUCHBBtYsV7HON4m4jUQZsW6kC6PzJxZBUSSFz/orAferoZSKaFEYQ4dN+IYLbMy6M6XgweLDxqeneQ0bRc114TlRYqB52SChF/bKls45eSvfBd4awT+QduLEDAfFkypqKm7k9nYDbkY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=au/XwxPd; arc=none smtp.client-ip=115.124.30.111 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="au/XwxPd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579472; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=vVBcY3pGKXN86VwrQOSMTZKS6zJWPeD7faRkNJrB9t8=; b=au/XwxPdWdKXzkgD6Eoi2HOous1L76Pe0ybtfl9cAn7YUiABPg9tBKErNBif1Kl3luCvDE5jq13gqyRibSp2UWH2EIYBIXZBe6XXFJP44SZs+jz//llmoERLGTTnWFdddCBsCdQTOwf9lsc8kLzyd1l2xNBJ5ILvLsTANNBnBU4= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R111e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037009110;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnYU_1780579469; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnYU_1780579469 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:30 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 5/9] riscv: kexec: Build trampoline page tables for crash kernel entry Date: Thu, 4 Jun 2026 21:24:14 +0800 Message-Id: <20260604132418.15725-6-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Crash kexec uses riscv_kexec_norelocate as a trampoline to jump into the crashkernel. Pre-build dedicated 4 KB page tables in machine_kexec_prepare() that map the trampoline page as executable, so the panic path only has to switch satp and jump. Two mappings are installed into a shared pgd: - VA(__kexec_tramp_text_start) -> PA(__kexec_tramp_text_start) - PA(__kexec_tramp_text_start) -> PA(__kexec_tramp_text_start) The lower-level tables (p4d/pud/pmd/pte) are shared between both mappings; map_tramp_page() walks the existing tree and only populates entries that are still zero, so the two installs coexist even when their indices happen to collide at any level. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 87 +++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index e6e179cffc44..1947b7bdf5c4 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -18,6 +18,85 @@ #include #include =20 +/* + * Trampoline page tables. Both the VA(trampoline)->PA and the + * PA(trampoline)->PA identity mapping are installed in this single + * pgd; the lower-level tables are shared so the two mappings can + * coexist even if they happen to collide at any level (the walker + * only populates entries that are still zero). + * + * Pre-allocate for the largest paging mode (Sv57). Levels that the + * runtime mode does not use simply waste a page or two of BSS, in + * exchange for a builder that is infallible and safe to run from + * the panic path. + */ +static pgd_t kexec_tramp_pgd[PTRS_PER_PGD] __aligned(PAGE_SIZE); +#ifdef CONFIG_64BIT +static p4d_t kexec_tramp_p4d[PTRS_PER_P4D] __aligned(PAGE_SIZE); +static pud_t kexec_tramp_pud[PTRS_PER_PUD] __aligned(PAGE_SIZE); +static pmd_t kexec_tramp_pmd[PTRS_PER_PMD] __aligned(PAGE_SIZE); +#endif +static pte_t kexec_tramp_pte[PTRS_PER_PTE] __aligned(PAGE_SIZE); + +static void map_tramp_page(unsigned long va, unsigned long pa) +{ + pgd_t *pgd =3D kexec_tramp_pgd + pgd_index(va); + +#ifdef CONFIG_64BIT + p4d_t *p4d; + pud_t *pud; + pmd_t *pmd; + + if (pgtable_l5_enabled) { + if (pgd_val(*pgd) =3D=3D 0) + set_pgd(pgd, pfn_pgd(PFN_DOWN(__pa_symbol(kexec_tramp_p4d)), + PAGE_TABLE)); + p4d =3D kexec_tramp_p4d + p4d_index(va); + } else { + p4d =3D (p4d_t *)pgd; + } + + if (pgtable_l4_enabled) { + if (p4d_val(*p4d) =3D=3D 0) + set_p4d(p4d, pfn_p4d(PFN_DOWN(__pa_symbol(kexec_tramp_pud)), + PAGE_TABLE)); + pud =3D kexec_tramp_pud + pud_index(va); + } else { + pud =3D (pud_t *)p4d; + } + + if (pud_val(*pud) =3D=3D 0) + set_pud(pud, pfn_pud(PFN_DOWN(__pa_symbol(kexec_tramp_pmd)), + PAGE_TABLE)); + pmd =3D kexec_tramp_pmd + pmd_index(va); + + if (pmd_val(*pmd) =3D=3D 0) + set_pmd(pmd, pfn_pmd(PFN_DOWN(__pa_symbol(kexec_tramp_pte)), + PAGE_TABLE)); +#else + /* Sv32: PGD points directly to the PTE table. */ + if (pgd_val(*pgd) =3D=3D 0) + set_pgd(pgd, pfn_pgd(PFN_DOWN(__pa_symbol(kexec_tramp_pte)), + PAGE_TABLE)); +#endif + + set_pte(kexec_tramp_pte + pte_index(va), + pfn_pte(PFN_DOWN(pa), PAGE_KERNEL_EXEC)); +} + +static void riscv_kexec_build_tramp(unsigned long va, unsigned long pa) +{ + /* VA -> PA: map the trampoline page via its kernel VA. */ + map_tramp_page(va, pa); + + /* + * PA -> PA: identity-map the same page so the second-pass code + * can keep executing after the kernel VA mapping is dropped. + */ + map_tramp_page(pa, pa); +} + + /* * machine_kexec_prepare - Initialize kexec * @@ -73,6 +152,14 @@ machine_kexec_prepare(struct kimage *image) =20 /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); + } else { + /* + * Crash kexec uses riscv_kexec_norelocate as a trampoline. + * Pre-build the trampoline page tables here so the panic + * path only has to switch satp and jump. + */ + riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, + __pa_symbol(__kexec_tramp_text_start)); } =20 return 0; --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E53947B437; Thu, 4 Jun 2026 13:24:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.132 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579481; cv=none; b=Sby+Ee8rwSqnsQtklkiWIUQlyrcq89hs/lrlafexdQ31COV+68X80cEKapBy8P2oY22BeGxrpdYsYidppb+w5RHXZ0X/Bt/1rNjbGkK0d/rXXjG82+EePYO7eDYL7PLe4gb+ZJrBHjJWeZT8f4oAnYb2dqsv4dtJJUnW2VkqEps= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579481; c=relaxed/simple; bh=9Wtdo9q2x/YLBdHjLhT0ftIm6rLdKDB7Y1P8T76d+rY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TNzhvzh7X4KcM8WuwWt5zC56KRXeCKuNbrC+QF7sJH+ZKsDnubjeXOH5pre2BVah0lTOmW0+CRDvwqPryjNcAWukF+4gEhXwCttm3N+wt+RoHcjWmsm57OUt2h0uk82F5AmN9nVRJL9EuHtvlDsJkKbOQhHP825RQBeqyonN9cA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=rENG16V0; arc=none smtp.client-ip=115.124.30.132 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="rENG16V0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579474; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=xMjkegraM71k9IHLeInMqEHvX6Vd1PM238tDiWPW/3k=; b=rENG16V0SCZoaXwm67GQtRvX47z75DqvoHuqoOpNjpH+YuFQc0Dq0dFJ25aMmPGUbozTP+HHvu6mXVFBdDrEhrIgI5a6DWp3fjMFFLoupi0p7sKrmsFIhoIf8X/V6g05c48K3OlcDAIIwoxe1yPyuC9jkahvZtP2PK5JkS2z7tg= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R181e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045133197;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnZO_1780579471; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnZO_1780579471 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:32 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 6/9] riscv: kexec: Switch to trampoline page table before norelocate Date: Thu, 4 Jun 2026 21:24:15 +0800 Message-Id: <20260604132418.15725-7-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Make riscv_kexec_norelocate a two-pass trampoline so it can drop the kernel page tables while still executing from a mapped address. On the first entry, t3 is initialized to 0 by machine_kexec(). Loads the physical address of riscv_kexec_norelocate and the trampoline SATP value, switches to the trampoline page table, and jumps to the trampoline VA(=3DPA). On the second entry, t3 contains the physical address of riscv_kexec_norelocate, so the PC comparison matches and execution continues under trampoline VA(=3DPA). Since the trampoline page table is already active, replace the previous stvec-based handoff with a direct jump to the target entry (jr a2). Signed-off-by: Fangyu Yu --- arch/riscv/kernel/kexec_relocate.S | 30 +++++++++++++++----- arch/riscv/kernel/machine_kexec.c | 44 +++++++++++++++++++++++++++--- 2 files changed, 63 insertions(+), 11 deletions(-) diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index af6b99f5b0fd..8cfdf6f4032a 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -147,13 +147,35 @@ riscv_kexec_relocate_end: =20 =20 /* Used for jumping to crashkernel */ +.extern kexec_tramp_satp +.extern riscv_kexec_norelocate_pa .section ".kexec.tramp.text", "ax" SYM_CODE_START(riscv_kexec_norelocate) + /* + * Two-pass entry: + * - 1st entry: t3 =3D=3D 0 (initialized by machine_kexec()). + * + * - 2nd entry: t3 holds the physical address of + * riscv_kexec_norelocate, so auipc matches t3 and we fall through + * to label 1 to continue execution under trampoline VA(=3DPA). + */ + auipc t0, 0 + beq t0, t3, 1f + + la t0, riscv_kexec_norelocate_pa + REG_L t3, 0(t0) + la t0, kexec_tramp_satp + REG_L t1, 0(t0) + csrw CSR_SATP, t1 + sfence.vma x0, x0 + + jr t3 /* * s0: (const) Phys address to jump to * s1: (const) Phys address of the FDT image * s2: (const) The hartid of the current hart */ +1: mv s0, a1 mv s1, a2 mv s2, a3 @@ -198,14 +220,8 @@ SYM_CODE_START(riscv_kexec_norelocate) csrw CSR_SCAUSE, zero csrw CSR_SSCRATCH, zero =20 - /* - * Switch to physical addressing - * This will also trigger a jump to CSR_STVEC - * which in this case is the address of the new - * kernel. - */ - csrw CSR_STVEC, a2 csrw CSR_SATP, zero + jr a2 =20 SYM_CODE_END(riscv_kexec_norelocate) =20 diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 1947b7bdf5c4..72817bba5d3b 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -18,6 +18,8 @@ #include #include =20 +unsigned long kexec_tramp_satp; +unsigned long riscv_kexec_norelocate_pa; /* * Trampoline page tables. Both the VA(trampoline)->PA and the * PA(trampoline)->PA identity mapping are installed in this single @@ -155,11 +157,17 @@ machine_kexec_prepare(struct kimage *image) } else { /* * Crash kexec uses riscv_kexec_norelocate as a trampoline. - * Pre-build the trampoline page tables here so the panic - * path only has to switch satp and jump. + * Pre-build the trampoline page tables and capture the + * trampoline SATP value plus the physical address of + * riscv_kexec_norelocate so that the panic path only has + * to switch satp and jump. */ riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, __pa_symbol(__kexec_tramp_text_start)); + WRITE_ONCE(riscv_kexec_norelocate_pa, + __pa_symbol(&riscv_kexec_norelocate)); + WRITE_ONCE(kexec_tramp_satp, + PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); } =20 return 0; @@ -276,7 +284,35 @@ machine_kexec(struct kimage *image) =20 /* Jump to the relocation code */ pr_notice("Bye...\n"); - kexec_method(first_ind_entry, jump_addr, fdt_addr, - this_hart_id, kernel_map.va_pa_offset); + /* + * Hand off to the trampoline. For KEXEC_TYPE_CRASH we go into + * riscv_kexec_norelocate, which uses t3 as the 1st/2nd-pass + * discriminator (must be 0 on first entry). A bare + * asm volatile ("li t3, 0" ::: "t3") + * before the C call only declares t3 *modified*; the compiler is + * free to use t3 as scratch when materialising args. Pin t3 =3D 0 + * (and the args) via local register variables and perform the + * indirect jump inside the same inline asm so t3 =3D=3D 0 is + * guaranteed at the moment control leaves machine_kexec(). + */ + { + register unsigned long a0_val asm("a0") =3D first_ind_entry; + register unsigned long a1_val asm("a1") =3D jump_addr; + register unsigned long a2_val asm("a2") =3D fdt_addr; + register unsigned long a3_val asm("a3") =3D this_hart_id; + register unsigned long a4_val asm("a4") =3D kernel_map.va_pa_offset; + register unsigned long t3_zero asm("t3") =3D 0; + register riscv_kexec_method m asm("t6") =3D kexec_method; + + asm volatile ( + "jr %[m]" + : + : "r" (a0_val), "r" (a1_val), "r" (a2_val), + "r" (a3_val), "r" (a4_val), + "r" (t3_zero), + [m] "r" (m) + : "memory" + ); + } unreachable(); } --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-111.freemail.mail.aliyun.com (out30-111.freemail.mail.aliyun.com [115.124.30.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99EE247DD6F; Thu, 4 Jun 2026 13:24:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.111 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579482; cv=none; b=H7VBuBvYKtC9nqo/yZKymvBkgIazv6PBftIaeuHF/pYeclFrRFeo3OwbSw5lrQhjfeup5q7Q4GbbdtIRjwjfIrh9Tch+zCSoZAKxat+jHN8G+RfoiqORiR7b4SwlRjk9mIknB5azVr7GnTSIjyGBk7RrJdbLXwMyZ4h59XaOH0E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579482; c=relaxed/simple; bh=u48pwSZNIjqAN1SfzirfvnQWMwy9RjHrinB0ySP9r6I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gi9dLQRdfAYSIR6ZstyLU3I9iBdTOvx64rEITK5kPpz8Kj6NmtUuBIgyEJUylk8QnyTBQ+jN28OaFRYNkkypSElzrklCzH64PtrU6E7aDcbSQWsVeuNVwfugLr+la4i56IQWN2pwYH6wk/1BHN4PLWXIwT/P3MmEwD0B+YA3hdI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=cuLVNW+Y; arc=none smtp.client-ip=115.124.30.111 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="cuLVNW+Y" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579475; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=ty4UCAjaMaaFpW8tBxA2htrUnTdUo90caPb79emu5xY=; b=cuLVNW+YByY/txgJulUVZNv71Nmwnvq1nq4IIzu3DLNPa/gqQjH88JKn1Ro+LxmzlqxyX8MPSeU+LqvGJPcYdpNrsG2eUo+kKrvI5qq3CpiGmwrJG/kaPY21Ig6p0B2CrDYzrLt3E+z0vNYHgiENnsKG4m5Or1cXir/W35vvqTs= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R101e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033045098064;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnZm_1780579472; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnZm_1780579472 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:33 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 7/9] riscv: kexec: Always build the trampoline page table Date: Thu, 4 Jun 2026 21:24:16 +0800 Message-Id: <20260604132418.15725-8-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu The trampoline page table and the kexec_tramp_satp value are currently built only on the crash path. A follow-up patch needs the same infrastructure for the normal kexec path. Pull the trampoline build and the WRITE_ONCE() that publishes the SATP value out of the crash-only else branch in machine_kexec_prepare(). The crash path keeps recording its own riscv_kexec_norelocate_pa; the normal path keeps its existing control_code_buffer copy. No functional change. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/machine_kexec.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 72817bba5d3b..d82f45fb44b6 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -139,6 +139,16 @@ machine_kexec_prepare(struct kimage *image) return -EINVAL; } =20 + /* + * Build the trampoline page table and capture its SATP value. + * The crash path consumes it today; the non-crash kexec path + * will use the same setup as well. + */ + riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, + __pa_symbol(__kexec_tramp_text_start)); + WRITE_ONCE(kexec_tramp_satp, + PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); + /* Copy the assembler code for relocation to the control page */ if (image->type !=3D KEXEC_TYPE_CRASH) { control_code_buffer =3D page_address(image->control_code_page); @@ -155,19 +165,8 @@ machine_kexec_prepare(struct kimage *image) /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); } else { - /* - * Crash kexec uses riscv_kexec_norelocate as a trampoline. - * Pre-build the trampoline page tables and capture the - * trampoline SATP value plus the physical address of - * riscv_kexec_norelocate so that the panic path only has - * to switch satp and jump. - */ - riscv_kexec_build_tramp((unsigned long)__kexec_tramp_text_start, - __pa_symbol(__kexec_tramp_text_start)); WRITE_ONCE(riscv_kexec_norelocate_pa, __pa_symbol(&riscv_kexec_norelocate)); - WRITE_ONCE(kexec_tramp_satp, - PFN_DOWN(__pa_symbol(kexec_tramp_pgd)) | satp_mode); } =20 return 0; --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-131.freemail.mail.aliyun.com (out30-131.freemail.mail.aliyun.com [115.124.30.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78E9F47DD47; Thu, 4 Jun 2026 13:24:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.131 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579485; cv=none; b=lR9NOfJRyNaFzAhZNgndsxxTbDv3pqaWNUE/fr7VTPilpr9btLyHY2SCny/XgGj3oEP8rC8XvtcTYqZDPE2joT5umm/+l8oHbklYEfhznomnM6VmJebhOFHEumy84NfF3bfqEabcCp49Zv/QEuMtxK9327vioQqDJ4/BjgbyPrU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579485; c=relaxed/simple; bh=mt6ccfxhzw2pzHfFjv/KPNuIPAOBrZOy3Mkk72W6BT0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=NwDx7w0c/SFU5U52QqO9JAPXGYCpCD+ThLlzO7h77YUCiVQ8ZJ/x9I0NNEKNLdmwLktxujXtKGbOAgL2Q3WUdV53e+Y8E4wWsgGnaU75M0iS153GsfZZrM2qk/n5ib+SzUxU7CpzU+vRTIIbwQAgUkKG9mvbv9mJ3If7LPrTN5Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=AocazI/m; arc=none smtp.client-ip=115.124.30.131 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="AocazI/m" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579478; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=3+qPiQ2Gl/TMinxrqx2qmds9VgNiXB+sPEFSqxECM+0=; b=AocazI/mJuBopEpVeKeQG5wkwm1KKwywm2ewQNdJLudCqad4K/edRcANsThxBufZ5CMEA8aeezpbkYZbEtdJ12HewTGDU9Io17abZHCQFEXgIEB3nG31xaUtHvTbbapuY0v39WVpmKZkDFrJJxu9NpkHxokfKhwpvSYUxvoK6tI= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R961e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037009110;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnaT_1780579474; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnaT_1780579474 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:35 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 8/9] riscv: kexec: Add the relocate-trampoline wrapper Date: Thu, 4 Jun 2026 21:24:17 +0800 Message-Id: <20260604132418.15725-9-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu Add riscv_kexec_relocate_entry to .kexec.tramp.text and the two asm-visible globals (riscv_kexec_relocate_entry_pa and riscv_kexec_cc_buffer_pa) that the wrapper consumes. The wrapper performs the same two-step transition used by the crash path: switch to the trampoline pgd, jump to the PA of self, then drop the MMU with PC already on a PA. It finally jumps to the PA of control_code_buffer. machine_kexec_prepare() publishes the wrapper PA via WRITE_ONCE for non-crash images. The per-image control_code_buffer PA is published later, at dispatch time, so a load failure between prepare() and the kexec_image swap cannot leave the global pointing at a freed page. Nothing routes to the wrapper yet; the switchover happens in the follow-up patch. Signed-off-by: Fangyu Yu --- arch/riscv/include/asm/kexec.h | 1 + arch/riscv/kernel/kexec_relocate.S | 36 ++++++++++++++++++++++++++++++ arch/riscv/kernel/machine_kexec.c | 5 +++++ 3 files changed, 42 insertions(+) diff --git a/arch/riscv/include/asm/kexec.h b/arch/riscv/include/asm/kexec.h index 6466c1f00d41..b75cab959e53 100644 --- a/arch/riscv/include/asm/kexec.h +++ b/arch/riscv/include/asm/kexec.h @@ -53,6 +53,7 @@ typedef void (*riscv_kexec_method)(unsigned long first_in= d_entry, unsigned long va_pa_off); =20 extern riscv_kexec_method riscv_kexec_norelocate; +extern riscv_kexec_method riscv_kexec_relocate_entry; =20 #ifdef CONFIG_KEXEC_FILE extern const struct kexec_file_ops elf_kexec_ops; diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index 8cfdf6f4032a..6c624560c9ac 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -225,6 +225,42 @@ SYM_CODE_START(riscv_kexec_norelocate) =20 SYM_CODE_END(riscv_kexec_norelocate) =20 +.extern riscv_kexec_relocate_entry_pa +.extern riscv_kexec_cc_buffer_pa +.section ".kexec.tramp.text", "ax" +SYM_CODE_START(riscv_kexec_relocate_entry) + /* + * Two-pass entry, identical in shape to riscv_kexec_norelocate: + * - 1st entry: t3 =3D=3D 0 (initialized by machine_kexec()). + * - 2nd entry: t3 =3D=3D PA of riscv_kexec_relocate_entry, so auipc + * matches t3 and we fall through to label 1. + * Args a0..a4 are passed through unchanged to riscv_kexec_relocate. + */ + auipc t0, 0 + beq t0, t3, 1f + + la t0, riscv_kexec_relocate_entry_pa + REG_L t3, 0(t0) + la t0, kexec_tramp_satp + REG_L t1, 0(t0) + csrw CSR_SATP, t1 + sfence.vma x0, x0 + + jr t3 +1: + /* + * Now executing at the PA of this wrapper with the trampoline pgd + * installed (identity-mapped). Drop the MMU; PC stays valid because + * it is already a PA. + */ + csrw CSR_SATP, zero + + /* Jump to the PA of control_code_buffer to run the relocate body. */ + la t0, riscv_kexec_cc_buffer_pa + REG_L t0, 0(t0) + jr t0 +SYM_CODE_END(riscv_kexec_relocate_entry) + .section ".rodata" SYM_DATA(riscv_kexec_relocate_size, .long riscv_kexec_relocate_end - riscv_kexec_relocate) diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index d82f45fb44b6..71688c63af65 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -20,6 +20,8 @@ =20 unsigned long kexec_tramp_satp; unsigned long riscv_kexec_norelocate_pa; +unsigned long riscv_kexec_relocate_entry_pa; +unsigned long riscv_kexec_cc_buffer_pa; /* * Trampoline page tables. Both the VA(trampoline)->PA and the * PA(trampoline)->PA identity mapping are installed in this single @@ -164,6 +166,9 @@ machine_kexec_prepare(struct kimage *image) =20 /* Mark the control page executable */ set_memory_x((unsigned long) control_code_buffer, 1); + + WRITE_ONCE(riscv_kexec_relocate_entry_pa, + __pa_symbol(&riscv_kexec_relocate_entry)); } else { WRITE_ONCE(riscv_kexec_norelocate_pa, __pa_symbol(&riscv_kexec_norelocate)); --=20 2.50.1 From nobody Mon Jun 8 08:35:57 2026 Received: from out30-133.freemail.mail.aliyun.com (out30-133.freemail.mail.aliyun.com [115.124.30.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28A9C47ECC9; Thu, 4 Jun 2026 13:24:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.133 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579483; cv=none; b=pLtaVXdYN+jCbpp8eBNPv6TexKj4IjHjs9drIMdD/NnJT90A4yQnNunMhUleMq3EKi1fblv/j4/k2PFScxUMx781seai41DlV2GYs4szLYlO8eMFdhVVg+gfhGYWWcz8eZEV/cEXE3GsgZI1UKBCEDppkEZ3jjv57+uG99JEpG8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780579483; c=relaxed/simple; bh=KY32rvMHm5LppkAURC1cDto8ibG1pkfunFWTaQUobmI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=dXcCRdxB83Y2MEZdvrwe+o5GUudtksaT12Ybu9QtN2RXh+twbWig5RlQz5GgxXOrt/9zwdPBVshmGbNjIYWPIRZM0VBXtq2Btic00qqqA/evq29qYz/BPeQTgUCjZq/yJcMWX8WH0SyB64mofhkdgRjq12OVa1UFsZIaEQnuxs4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=EycApPwJ; arc=none smtp.client-ip=115.124.30.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="EycApPwJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1780579479; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=J7s4VhYWDzfgsMhyPuOD4XJGNCr8wTQOFNPdHWvxnVw=; b=EycApPwJf7KowZZJnlu15YhSddf6JdnNea3ETRq6Rr+gGckCyQr+EHt2ga7AjUvZDM5w5hXdgBqY69DzMVbmf8s78z4X8wsJt6B0qVcZEikWUnx2p/yaBkBW94sJdWd5pBoH2M+gIrBGOwOF129l78oOuyRpYVI6Nt0ZrjD3h08= X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=maildocker-contentspam033037026112;MF=fangyu.yu@linux.alibaba.com;NM=1;PH=DS;RN=24;SR=0;TI=SMTPD_---0X4AKnau_1780579475; Received: from localhost.localdomain(mailfrom:fangyu.yu@linux.alibaba.com fp:SMTPD_---0X4AKnau_1780579475 cluster:ay36) by smtp.aliyun-inc.com; Thu, 04 Jun 2026 21:24:36 +0800 From: fangyu.yu@linux.alibaba.com To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Anup Patel , Atish Patra , Nick Kossifidis Cc: Song Shuai , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Ard Biesheuvel , Conor Dooley , Arnd Bergmann , Thomas Zimmermann , Richard Lyu , Nam Cao , Jisheng Zhang , Nathan Chancellor , guoren@kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, kexec@lists.infradead.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, Fangyu Yu Subject: [PATCH v3 9/9] riscv: kexec: Route normal kexec through the trampoline page table Date: Thu, 4 Jun 2026 21:24:18 +0800 Message-Id: <20260604132418.15725-10-fangyu.yu@linux.alibaba.com> X-Mailer: git-send-email 2.39.3 (Apple Git-146) In-Reply-To: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> References: <20260604132418.15725-1-fangyu.yu@linux.alibaba.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Fangyu Yu riscv_kexec_relocate (copied into control_code_buffer) uses an stvec trick to drop the MMU and land on the PA of the next loop label. Under VS-mode KVM cannot emulate this single-step transition and the VCPU dies with "kvm run failed Operation not supported". Route normal kexec through riscv_kexec_relocate_entry, the trampoline wrapper added in the previous patch. It drops SATP with PC already on a PA, then hands off to control_code_buffer where the relocate body runs with SATP=3D0. Drop the stvec trick from the relocate body and pass first_ind_entry as a physical address since the body now starts with SATP=3D0. The ".align 2" plus filler "nop" that ensured the PA of the loop top was 4-byte aligned -- required because the legacy stvec trick wrote that PA into stvec.BASE, whose low two bits are MODE and are discarded by the hardware -- is no longer load-bearing and is removed as well. Signed-off-by: Fangyu Yu --- arch/riscv/kernel/kexec_relocate.S | 26 ++++++-------------------- arch/riscv/kernel/machine_kexec.c | 27 +++++++++++++++++++-------- 2 files changed, 25 insertions(+), 28 deletions(-) diff --git a/arch/riscv/kernel/kexec_relocate.S b/arch/riscv/kernel/kexec_r= elocate.S index 6c624560c9ac..7ffb83ea45fc 100644 --- a/arch/riscv/kernel/kexec_relocate.S +++ b/arch/riscv/kernel/kexec_relocate.S @@ -34,27 +34,13 @@ SYM_CODE_START(riscv_kexec_relocate) csrw CSR_SIP, zero =20 /* - * When we switch SATP.MODE to "Bare" we'll only - * play with physical addresses. However the first time - * we try to jump somewhere, the offset on the jump - * will be relative to pc which will still be on VA. To - * deal with this we set stvec to the physical address at - * the start of the loop below so that we jump there in - * any case. + * The trampoline wrapper (riscv_kexec_relocate_entry) has already + * dropped the MMU and handed control to us at this PA copy of the + * relocate code. From here on the entire loop runs with SATP=3D0 and + * every address (s0, s5, source/dest pointers) is a physical one. */ - la s6, 1f - sub s6, s6, s4 - csrw CSR_STVEC, s6 - - /* - * With C-extension, here we get 42 Bytes and the next - * .align directive would pad zeros here up to 44 Bytes. - * So manually put a nop here to avoid zeros padding. - */ - nop =20 /* Process entries in a loop */ -.align 2 1: REG_L t0, 0(s0) /* t0 =3D *image->entry */ addi s0, s0, RISCV_SZPTR /* image->entry++ */ @@ -70,8 +56,8 @@ SYM_CODE_START(riscv_kexec_relocate) andi t1, t0, 0x2 beqz t1, 2f andi s0, t0, ~0x2 - csrw CSR_SATP, zero - jr s6 + /* MMU is already off; the entry wrapper handled the transition. */ + j 1b =20 2: /* IND_DONE entry ? -> jump to done label */ diff --git a/arch/riscv/kernel/machine_kexec.c b/arch/riscv/kernel/machine_= kexec.c index 71688c63af65..82fcb84a03ec 100644 --- a/arch/riscv/kernel/machine_kexec.c +++ b/arch/riscv/kernel/machine_kexec.c @@ -164,9 +164,6 @@ machine_kexec_prepare(struct kimage *image) memcpy(control_code_buffer, riscv_kexec_relocate, riscv_kexec_relocate_size); =20 - /* Mark the control page executable */ - set_memory_x((unsigned long) control_code_buffer, 1); - WRITE_ONCE(riscv_kexec_relocate_entry_pa, __pa_symbol(&riscv_kexec_relocate_entry)); } else { @@ -262,11 +259,15 @@ machine_kexec(struct kimage *image) { struct kimage_arch *internal =3D &image->arch; unsigned long jump_addr =3D (unsigned long) image->start; - unsigned long first_ind_entry =3D (unsigned long) &image->head; + /* + * The relocate body runs entirely with the MMU off (the wrapper + * drops SATP before jumping into control_code_buffer), so the very + * first entry must be a physical address. + */ + unsigned long first_ind_entry =3D __pa(&image->head); unsigned long this_cpu_id =3D __smp_processor_id(); unsigned long this_hart_id =3D cpuid_to_hartid_map(this_cpu_id); unsigned long fdt_addr =3D internal->fdt_addr; - void *control_code_buffer =3D page_address(image->control_code_page); riscv_kexec_method kexec_method =3D NULL; =20 #ifdef CONFIG_SMP @@ -274,10 +275,20 @@ machine_kexec(struct kimage *image) "Some CPUs may be stale, kdump will be unreliable.\n"); #endif =20 - if (image->type !=3D KEXEC_TYPE_CRASH) - kexec_method =3D control_code_buffer; - else + if (image->type !=3D KEXEC_TYPE_CRASH) { + kexec_method =3D (riscv_kexec_method) &riscv_kexec_relocate_entry; + /* + * Publish the per-image control_code_buffer PA at dispatch + * time rather than in machine_kexec_prepare(). machine_kexec() + * only runs once the image has been fully loaded and committed + * as kexec_image, so the global cannot be left pointing at a + * page freed by a failed load. + */ + WRITE_ONCE(riscv_kexec_cc_buffer_pa, + __pa(page_address(image->control_code_page))); + } else { kexec_method =3D (riscv_kexec_method) &riscv_kexec_norelocate; + } =20 pr_notice("Will call new kernel at %08lx from hart id %lx\n", jump_addr, this_hart_id); --=20 2.50.1