[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 05/12] xen/riscv: add kernel loading support

  • To: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 22 Apr 2026 13:57:43 +0200
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Romain Caritey <Romain.Caritey@xxxxxxxxxxxxx>, Alistair Francis <alistair.francis@xxxxxxx>, Connor Davis <connojdavis@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 22 Apr 2026 11:57:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 22.04.2026 13:45, Oleksii Kurochko wrote:
> On 4/21/26 10:57 AM, Jan Beulich wrote:
>> On 10.04.2026 17:54, Oleksii Kurochko wrote:
>>> +static paddr_t __init kernel_image_place(struct kernel_info *info)
>>> +{
>>> +    paddr_t load_addr = INVALID_PADDR;
>>> +    uint64_t image_size = info->image.image_size ?: info->image.len;
>>> +    const struct membanks *banks = kernel_info_get_mem_const(info);
>>> +    unsigned int nr_banks = banks->nr_banks;
>>> +    unsigned int bi;
>>> +
>>> +    dprintk(XENLOG_DEBUG, "nr_banks(%u)\n", nr_banks);
>>> +
>>> +    /*
>>> +     * At the moment, RISC-V's Linux kernel should be always position
>>> +     * independent based on "Per-MMU execution" of boot.rst:
>>> +     *   https://docs.kernel.org/arch/riscv/boot.html#pre-mmu-execution
>>> +     *
>>> +     * But just for the case when RISC-V's Linux kernel isn't position
>>> +     * independent it is needed to take load address from
>>> +     * info->image.start.
>>> +     *
>>> +     * If `start` is zero, the Image is position independent.
>>> +     */
>>> +    if ( likely(!info->image.start) )
>>> +    {
>>> +        for ( bi = 0; bi != nr_banks; bi++ )
>>> +        {
>>> +            const struct membank *bank = &banks->bank[bi];
>>> +            paddr_t bank_start = bank->start;
>>> +            /*
>>> +             * According to boot.rst kernel load address should be properly
>>> +             * aligned:
>>> +             *   
>>> https://docs.kernel.org/arch/riscv/boot.html#kernel-location
>>> +             *
>>> +             * As Image in this case is PIC we can ignore
>>> +             * info->image.text_offset.
>>> +             */
>>> +            paddr_t aligned_start = ROUNDUP(bank_start, 
>>> KERNEL_LOAD_ADDR_ALIGNMENT);
>>> +            paddr_t bank_end = bank_start + bank->size;
>>> +            paddr_t bank_size;
>>> +
>>> +            if ( aligned_start > bank_end )
>>> +                continue;
>>> +
>>> +            bank_size = bank_end - aligned_start;
>>> +
>>> +            dprintk(XENLOG_DEBUG, "bank[%u].start=%"PRIpaddr"\n", bi, 
>>> bank->start);
>>> +
>>> +            if ( image_size <= bank_size )
>>> +            {
>>> +                load_addr = aligned_start;
>>> +                break;
>>> +            }
>>> +        }
>>> +    }
>>> +    else
>>> +    {
>>> +        load_addr = info->image.start + info->image.text_offset;
>>
>> Why does stuff ahead of text_offset not need loading?
> 
> Here we just calculating only a place where kernel will be loaded. The 
> full kernel image will be loaded in kernel_image_load().

Okay, but if you calculate an address where the full image won't fit,
how are things going to work?

>>> +        WARN_ON(!IS_ALIGNED(load_addr, KERNEL_LOAD_ADDR_ALIGNMENT));
>>> +
>>> +        for ( bi = 0; bi != nr_banks; bi++ )
>>> +        {
>>> +            const struct membank *bank = &banks->bank[bi];
>>> +            paddr_t bank_start = bank->start;
>>> +            paddr_t bank_end = bank_start + bank->size;
>>> +
>>> +            if ( (load_addr >= bank_start) && (load_addr < bank_end) &&
>>> +                 (bank_end - load_addr) >= image_size )
>>
>> Do we have to fear overflow? (If so, shouldn't such an image be rejected
>> rather than an attempt being made to place it?) If not, simply:
> 
> Just for a case. As a user may control load_addr and image_size it could 
> be some combination which will lead to overflow here.
> 
>>
>>              if ( (load_addr >= bank_start) &&
>>                   (load_addr + image_size <= bank_end) )
> 
> I will add the following:
>          /*
>           * Reject a malformed image before the loop to avoid wrapping
>           * load_addr + image_size in the per-bank check below.
>           *
>           * image_size covers the kernel from _start (placed at load_addr =
>           * start + text_offset) through _end.  The alignment gap
>           * [start, load_addr) is padding and need not lie within a bank.
>           */
>          if ( image_size > (paddr_t)-1 - load_addr )
>              bi = nr_banks;
>          else
>              for ( bi = 0; bi != nr_banks; bi++ )
>              {
>                  const struct membank *bank = &banks->bank[bi];
>                  paddr_t bank_start = bank->start;
>                  paddr_t bank_end = bank_start + bank->size;
> 
>                  if ( (load_addr >= bank_start) &&
>                       (load_addr + image_size <= bank_end) )
>                      break;
>              }

Please consider getting away without "else" (and hence with one level
less of indentation):

         bi = image_size <= (paddr_t)-1 - load_addr ? 0 : nr_banks;
         for ( ; bi != nr_banks; bi++ )
         ...

>> Also, does image_size really only cover space starting from .text_offset,
>> rather than from .start?
> 
> image_size covers total memory the kernel occupies at runtime.

Which emphasizes the remark further up.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.