From: Deepak Gupta <debug@rivosinc.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Christian Brauner <brauner@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
Kees Cook <kees@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Shuah Khan <shuah@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-riscv@lists.infradead.org,
devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
alistair.francis@wdc.com, richard.henderson@linaro.org,
jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com,
charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com,
cleger@rivosinc.com, alexghiti@rivosinc.com,
samitolvanen@google.com, broonie@kernel.org,
rick.p.edgecombe@intel.com,
Samuel Holland <samuel.holland@sifive.com>,
Andrew Jones <ajones@ventanamicro.com>,
Deepak Gupta <debug@rivosinc.com>
Subject: [PATCH v7 04/32] riscv: Add support for per-thread envcfg CSR values
Date: Tue, 29 Oct 2024 16:44:04 -0700 [thread overview]
Message-ID: <20241029-v5_user_cfi_series-v7-4-2727ce9936cb@rivosinc.com> (raw)
In-Reply-To: <20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com>
From: Samuel Holland <samuel.holland@sifive.com>
Some bits in the [ms]envcfg CSR, such as the CFI state and pointer
masking mode, need to be controlled on a per-thread basis. Support this
by keeping a copy of the CSR value in struct thread_struct and writing
it during context switches. It is safe to discard the old CSR value
during the context switch because the CSR is modified only by software,
so the CSR will remain in sync with the copy in thread_struct.
Use ALTERNATIVE directly instead of riscv_has_extension_unlikely() to
minimize branchiness in the context switching code.
Since thread_struct is copied during fork(), setting the value for the
init task sets the default value for all other threads.
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Deepak Gupta <debug@rivosinc.com>
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
---
arch/riscv/include/asm/processor.h | 1 +
arch/riscv/include/asm/switch_to.h | 8 ++++++++
arch/riscv/kernel/cpufeature.c | 2 +-
3 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h
index efa1b3519b23..c1a492508835 100644
--- a/arch/riscv/include/asm/processor.h
+++ b/arch/riscv/include/asm/processor.h
@@ -102,6 +102,7 @@ struct thread_struct {
unsigned long s[12]; /* s[0]: frame pointer */
struct __riscv_d_ext_state fstate;
unsigned long bad_cause;
+ unsigned long envcfg;
u32 riscv_v_flags;
u32 vstate_ctrl;
struct __riscv_v_ext_state vstate;
diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h
index 7594df37cc9f..9685cd85e57c 100644
--- a/arch/riscv/include/asm/switch_to.h
+++ b/arch/riscv/include/asm/switch_to.h
@@ -70,6 +70,13 @@ static __always_inline bool has_fpu(void) { return false; }
#define __switch_to_fpu(__prev, __next) do { } while (0)
#endif
+static inline void __switch_to_envcfg(struct task_struct *next)
+{
+ asm volatile (ALTERNATIVE("nop", "csrw " __stringify(CSR_ENVCFG) ", %0",
+ 0, RISCV_ISA_EXT_XLINUXENVCFG, 1)
+ :: "r" (next->thread.envcfg) : "memory");
+}
+
extern struct task_struct *__switch_to(struct task_struct *,
struct task_struct *);
@@ -103,6 +110,7 @@ do { \
__switch_to_vector(__prev, __next); \
if (switch_to_should_flush_icache(__next)) \
local_flush_icache_all(); \
+ __switch_to_envcfg(__next); \
((last) = __switch_to(__prev, __next)); \
} while (0)
diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c
index e560a253e99b..27bafc5dd62d 100644
--- a/arch/riscv/kernel/cpufeature.c
+++ b/arch/riscv/kernel/cpufeature.c
@@ -923,7 +923,7 @@ unsigned long riscv_get_elf_hwcap(void)
void riscv_user_isa_enable(void)
{
if (riscv_has_extension_unlikely(RISCV_ISA_EXT_ZICBOZ))
- csr_set(CSR_ENVCFG, ENVCFG_CBZE);
+ current->thread.envcfg |= ENVCFG_CBZE;
else if (any_cpu_has_zicboz)
pr_warn_once("Zicboz disabled as it is unavailable on some harts\n");
}
--
2.34.1
next prev parent reply other threads:[~2024-10-29 23:44 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 23:44 [PATCH v7 00/32] riscv control-flow integrity for usermode Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 01/32] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 02/32] mm: helper `is_shadow_stack_vma` to check shadow stack vma Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 03/32] riscv: Enable cbo.zero only when all harts support Zicboz Deepak Gupta
2024-10-29 23:44 ` Deepak Gupta [this message]
2024-10-29 23:44 ` [PATCH v7 05/32] riscv: Call riscv_user_isa_enable() only on the boot hart Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 06/32] dt-bindings: riscv: zicfilp and zicfiss in dt-bindings (extensions.yaml) Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 07/32] riscv: zicfiss / zicfilp enumeration Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 08/32] riscv: zicfiss / zicfilp extension csr and bit definitions Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 09/32] riscv: usercfi state for task and save/restore of CSR_SSP on trap entry/exit Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 10/32] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 11/32] riscv mm: manufacture shadow stack pte Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 12/32] riscv mmu: teach pte_mkwrite to manufacture shadow stack PTEs Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 13/32] riscv mmu: write protect and shadow stack Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 14/32] riscv/mm: Implement map_shadow_stack() syscall Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 15/32] riscv/shstk: If needed allocate a new shadow stack on clone Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 16/32] prctl: arch-agnostic prctl for shadow stack Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 17/32] prctl: arch-agnostic prctl for indirect branch tracking Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 18/32] riscv: Implements arch agnostic shadow stack prctls Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 19/32] riscv: Implements arch agnostic indirect branch tracking prctls Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 20/32] riscv/traps: Introduce software check exception Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 21/32] riscv: signal: abstract header saving for setup_sigcontext Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 22/32] riscv/signal: save and restore of shadow stack for signal Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 23/32] riscv/kernel: update __show_regs to print shadow stack register Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 24/32] riscv/ptrace: riscv cfi status and state via ptrace and in core files Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 25/32] riscv/hwprobe: zicfilp / zicfiss enumeration in hwprobe Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 26/32] riscv: Add Firmware Feature SBI extensions definitions Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 27/32] riscv: enable kernel access to shadow stack memory via FWFT sbi call Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 28/32] riscv: kernel command line option to opt out of user cfi Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 29/32] riscv: create a config for shadow stack and landing pad instr support Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 30/32] riscv: Documentation for landing pad / indirect branch tracking Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 31/32] riscv: Documentation for shadow stack on riscv Deepak Gupta
2024-10-29 23:44 ` [PATCH v7 32/32] kselftest/riscv: kselftest for user mode cfi Deepak Gupta
2024-12-08 15:51 ` [PATCH v7 00/32] riscv control-flow integrity for usermode niliqiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241029-v5_user_cfi_series-v7-4-2727ce9936cb@rivosinc.com \
--to=debug@rivosinc.com \
--cc=Liam.Howlett@oracle.com \
--cc=ajones@ventanamicro.com \
--cc=akpm@linux-foundation.org \
--cc=alexghiti@rivosinc.com \
--cc=alistair.francis@wdc.com \
--cc=andybnac@gmail.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=atishp@rivosinc.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=charlie@rivosinc.com \
--cc=cleger@rivosinc.com \
--cc=conor@kernel.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=evan@rivosinc.com \
--cc=hpa@zytor.com \
--cc=jim.shu@sifive.com \
--cc=kees@kernel.org \
--cc=kito.cheng@sifive.com \
--cc=krzk+dt@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=rick.p.edgecombe@intel.com \
--cc=robh@kernel.org \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox