e79be4bea5
This document describes the constraints and requirements of the early boot process in a RISC-V kernel. Signed-off-by: Alexandre Ghiti <alexghiti@rivosinc.com> Reviewed-by: Björn Töpel <bjorn@rivosinc.com> Reviewed-by: Conor Dooley <conor.dooley@microchip.com> Reviewed-by: Sunil V L <sunilvl@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com> Reviewed-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Song Shuai <songshuaishuai@tinylab.org> Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Palmer Dabbelt <palmer@rivosinc.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> Link: https://lore.kernel.org/r/20230817130734.10387-2-alexghiti@rivosinc.com
170 lines
6.6 KiB
ReStructuredText
170 lines
6.6 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
||
|
||
===============================================
|
||
RISC-V Kernel Boot Requirements and Constraints
|
||
===============================================
|
||
|
||
:Author: Alexandre Ghiti <alexghiti@rivosinc.com>
|
||
:Date: 23 May 2023
|
||
|
||
This document describes what the RISC-V kernel expects from bootloaders and
|
||
firmware, and also the constraints that any developer must have in mind when
|
||
touching the early boot process. For the purposes of this document, the
|
||
``early boot process`` refers to any code that runs before the final virtual
|
||
mapping is set up.
|
||
|
||
Pre-kernel Requirements and Constraints
|
||
=======================================
|
||
|
||
The RISC-V kernel expects the following of bootloaders and platform firmware:
|
||
|
||
Register state
|
||
--------------
|
||
|
||
The RISC-V kernel expects:
|
||
|
||
* ``$a0`` to contain the hartid of the current core.
|
||
* ``$a1`` to contain the address of the devicetree in memory.
|
||
|
||
CSR state
|
||
---------
|
||
|
||
The RISC-V kernel expects:
|
||
|
||
* ``$satp = 0``: the MMU, if present, must be disabled.
|
||
|
||
Reserved memory for resident firmware
|
||
-------------------------------------
|
||
|
||
The RISC-V kernel must not map any resident memory, or memory protected with
|
||
PMPs, in the direct mapping, so the firmware must correctly mark those regions
|
||
as per the devicetree specification and/or the UEFI specification.
|
||
|
||
Kernel location
|
||
---------------
|
||
|
||
The RISC-V kernel expects to be placed at a PMD boundary (2MB aligned for rv64
|
||
and 4MB aligned for rv32). Note that the EFI stub will physically relocate the
|
||
kernel if that's not the case.
|
||
|
||
Hardware description
|
||
--------------------
|
||
|
||
The firmware can pass either a devicetree or ACPI tables to the RISC-V kernel.
|
||
|
||
The devicetree is either passed directly to the kernel from the previous stage
|
||
using the ``$a1`` register, or when booting with UEFI, it can be passed using the
|
||
EFI configuration table.
|
||
|
||
The ACPI tables are passed to the kernel using the EFI configuration table. In
|
||
this case, a tiny devicetree is still created by the EFI stub. Please refer to
|
||
"EFI stub and devicetree" section below for details about this devicetree.
|
||
|
||
Kernel entry
|
||
------------
|
||
|
||
On SMP systems, there are 2 methods to enter the kernel:
|
||
|
||
- ``RISCV_BOOT_SPINWAIT``: the firmware releases all harts in the kernel, one hart
|
||
wins a lottery and executes the early boot code while the other harts are
|
||
parked waiting for the initialization to finish. This method is mostly used to
|
||
support older firmwares without SBI HSM extension and M-mode RISC-V kernel.
|
||
- ``Ordered booting``: the firmware releases only one hart that will execute the
|
||
initialization phase and then will start all other harts using the SBI HSM
|
||
extension. The ordered booting method is the preferred booting method for
|
||
booting the RISC-V kernel because it can support CPU hotplug and kexec.
|
||
|
||
UEFI
|
||
----
|
||
|
||
UEFI memory map
|
||
~~~~~~~~~~~~~~~
|
||
|
||
When booting with UEFI, the RISC-V kernel will use only the EFI memory map to
|
||
populate the system memory.
|
||
|
||
The UEFI firmware must parse the subnodes of the ``/reserved-memory`` devicetree
|
||
node and abide by the devicetree specification to convert the attributes of
|
||
those subnodes (``no-map`` and ``reusable``) into their correct EFI equivalent
|
||
(refer to section "3.5.4 /reserved-memory and UEFI" of the devicetree
|
||
specification v0.4-rc1).
|
||
|
||
RISCV_EFI_BOOT_PROTOCOL
|
||
~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
When booting with UEFI, the EFI stub requires the boot hartid in order to pass
|
||
it to the RISC-V kernel in ``$a1``. The EFI stub retrieves the boot hartid using
|
||
one of the following methods:
|
||
|
||
- ``RISCV_EFI_BOOT_PROTOCOL`` (**preferred**).
|
||
- ``boot-hartid`` devicetree subnode (**deprecated**).
|
||
|
||
Any new firmware must implement ``RISCV_EFI_BOOT_PROTOCOL`` as the devicetree
|
||
based approach is deprecated now.
|
||
|
||
Early Boot Requirements and Constraints
|
||
=======================================
|
||
|
||
The RISC-V kernel's early boot process operates under the following constraints:
|
||
|
||
EFI stub and devicetree
|
||
-----------------------
|
||
|
||
When booting with UEFI, the devicetree is supplemented (or created) by the EFI
|
||
stub with the same parameters as arm64 which are described at the paragraph
|
||
"UEFI kernel support on ARM" in Documentation/arch/arm/uefi.rst.
|
||
|
||
Virtual mapping installation
|
||
----------------------------
|
||
|
||
The installation of the virtual mapping is done in 2 steps in the RISC-V kernel:
|
||
|
||
1. ``setup_vm()`` installs a temporary kernel mapping in ``early_pg_dir`` which
|
||
allows discovery of the system memory. Only the kernel text/data are mapped
|
||
at this point. When establishing this mapping, no allocation can be done
|
||
(since the system memory is not known yet), so ``early_pg_dir`` page table is
|
||
statically allocated (using only one table for each level).
|
||
|
||
2. ``setup_vm_final()`` creates the final kernel mapping in ``swapper_pg_dir``
|
||
and takes advantage of the discovered system memory to create the linear
|
||
mapping. When establishing this mapping, the kernel can allocate memory but
|
||
cannot access it directly (since the direct mapping is not present yet), so
|
||
it uses temporary mappings in the fixmap region to be able to access the
|
||
newly allocated page table levels.
|
||
|
||
For ``virt_to_phys()`` and ``phys_to_virt()`` to be able to correctly convert
|
||
direct mapping addresses to physical addresses, they need to know the start of
|
||
the DRAM. This happens after step 1, right before step 2 installs the direct
|
||
mapping (see ``setup_bootmem()`` function in arch/riscv/mm/init.c). Any usage of
|
||
those macros before the final virtual mapping is installed must be carefully
|
||
examined.
|
||
|
||
Devicetree mapping via fixmap
|
||
-----------------------------
|
||
|
||
As the ``reserved_mem`` array is initialized with virtual addresses established
|
||
by ``setup_vm()``, and used with the mapping established by
|
||
``setup_vm_final()``, the RISC-V kernel uses the fixmap region to map the
|
||
devicetree. This ensures that the devicetree remains accessible by both virtual
|
||
mappings.
|
||
|
||
Pre-MMU execution
|
||
-----------------
|
||
|
||
A few pieces of code need to run before even the first virtual mapping is
|
||
established. These are the installation of the first virtual mapping itself,
|
||
patching of early alternatives and the early parsing of the kernel command line.
|
||
That code must be very carefully compiled as:
|
||
|
||
- ``-fno-pie``: This is needed for relocatable kernels which use ``-fPIE``,
|
||
since otherwise, any access to a global symbol would go through the GOT which
|
||
is only relocated virtually.
|
||
- ``-mcmodel=medany``: Any access to a global symbol must be PC-relative to
|
||
avoid any relocations to happen before the MMU is setup.
|
||
- *all* instrumentation must also be disabled (that includes KASAN, ftrace and
|
||
others).
|
||
|
||
As using a symbol from a different compilation unit requires this unit to be
|
||
compiled with those flags, we advise, as much as possible, not to use external
|
||
symbols.
|