From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62D3BC369AB for ; Thu, 24 Apr 2025 07:21:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D96C26B009E; Thu, 24 Apr 2025 03:21:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D20C56B009F; Thu, 24 Apr 2025 03:21:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B23B66B00A0; Thu, 24 Apr 2025 03:21:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 910AF6B009E for ; Thu, 24 Apr 2025 03:21:39 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 540EFB71C5 for ; Thu, 24 Apr 2025 07:21:41 +0000 (UTC) X-FDA: 83368092402.23.EE9D51E Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by imf21.hostedemail.com (Postfix) with ESMTP id 6DC7A1C000D for ; Thu, 24 Apr 2025 07:21:39 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=L1WMEBWg; dmarc=none; spf=pass (imf21.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745479299; a=rsa-sha256; cv=none; b=8lqgUlQ3JNhZ6twlw9wqFmUKfRUnsp2ZYO0DlPILH47cE2hN12kTBUkNDmVqPxJjM/65w8 BTvp/NXimf3PPJXI/+W0Wd6Qc99jbZPILL7I9NjzqflQh5aO3jWkBr+t8EQhE4f2cII0am igQxhg/51qUWK0WaCl/Z+4+Ob1tOKjs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745479299; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cFz+/4buGG21gqDMlIHIpI2LyTeJMnqyc0qHyBDGzIU=; b=ncutUpGCQGBuzB1MVySNzsxha3Srvakzc43XNp2odlq6SBXmjo2p6+mLA5JKjmVBxAhAob fFzdbhNGqiE/2BOIHya6jJ0bzROAJ461Wx3KJFsWQVgkdYDHFi7Kv+rywWyzj7e+udxrWB VWiUw3w7XJNzjKg1rMj74CUW5kntdVo= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=L1WMEBWg; dmarc=none; spf=pass (imf21.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-223fd89d036so7730115ad.1 for ; Thu, 24 Apr 2025 00:21:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1745479298; x=1746084098; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=cFz+/4buGG21gqDMlIHIpI2LyTeJMnqyc0qHyBDGzIU=; b=L1WMEBWgQCxOIz1JncXt+RIgYYdEW0O743XmOmFeKzZYkAFAir/LncYq1lhJNlGk+3 pJ3Rn9itcFcdysVfQynq6+ILP5aV9Vl7DAd40khbcfq8d5WLlaX3YJO0uGo8ecvpWcfS UT9qRvoT7FHl8QDcnjiYJbXZf/sIV2PGs73mPs1ugESvhdm/Iv1TUOeZWaPzCrXEGz9n ojtk4Wjrzlqk5765ZD/6D3HADm3rR5JqPuaevznJlOvHMVZFY90Qdyxd7oDAjTFzqqAH VrmYlYZ2+6m33z2tJt9ey18tZyEhEOdEJTTqwHHw+x1IZUOHT6+0lQZr0wLG/teKxT1U ER1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745479298; x=1746084098; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cFz+/4buGG21gqDMlIHIpI2LyTeJMnqyc0qHyBDGzIU=; b=rssUUAPAJBVLMSeXT9BSI4yYiTKfBNY3K7EWGWvErGF3GsHWzmZ1Fba82zzDujIsTy B7/5oFJ51A23TdfmMxcMAZqIvjHGwlL13bqOsHjRs9U14j2P9VRPvBoT02jGO63dpM0C g21p9Yyydzitr1/63jNgDIbLix4JKVwXiLsJFd86Xss1FSOOayFv7SdGiVKwaIxg7StK lltWTdMVTTjtiyErFuOsmQFi3x6OyWKG/TIN/X3RM09FdKTdxkhWoTYbX5Cgo8bESej9 EcFgK5tKmN0ghjvhIfVFsNkG9R4w4h9A4okWSXXdWhIrseyacE+BdM+R8C9uAg7SpAhZ S6gQ== X-Forwarded-Encrypted: i=1; AJvYcCVidDpe+Zz11f8HA16jSvFDPhRlRdgrUwmyI5IHkcvc0xQGvbo5xCzgx4U3xN5pRmA2v8bDi+Lzlw==@kvack.org X-Gm-Message-State: AOJu0YzQgktIlo7Jed/pSIFIxcRpEiK2RxERgtVhrmjl13oRHoipv7B3 YXCh+kQ5+bEM1QBentXcmSz/1+aY9saThlQ+63pUR3QLTNdoZpK1NZ4tSKa/iMk= X-Gm-Gg: ASbGncvGgPuxy03+cmfRWWmaQ37lQnxUOveSxe2iedultqiYeKwuQQSozmB6NVbrFDR HCcoRfGiH2VUhe8apvnm+7h7VH81F6fFs5XqEt6rHwfZsL8/4hdpZhJEgjtFSbTgkRzybLbkFzT w9veoUvFVC3LyM3KwPnIN8L8JlUdAIo3xmO3X+kshiHOqGJy7j1vFzn4OK3cBGKKsOW/OHS9k+v +e6sLFYeDmN8K+j4pWbfwZzAKKkr0F52OudI08IHCGkBMLDYJCbq03jD07b/XL07j7Lr/kwmzWm UxjCouDrlfN7YN2G6A/ToHOJwQ+cWHHo9ahcZeKUsVYvUtpVGWQ= X-Google-Smtp-Source: AGHT+IEO8Xd4tVdyUa9PjnzD8nPNNIzaFyukV8ZkIipYXkGmr/TGbVqh3iRHaB96zvxslBoo9AWYIQ== X-Received: by 2002:a17:902:e74c:b0:22d:b240:34c9 with SMTP id d9443c01a7336-22db3dc845cmr26466965ad.53.1745479298272; Thu, 24 Apr 2025 00:21:38 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22db52163d6sm6240765ad.214.2025.04.24.00.21.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Apr 2025 00:21:37 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Apr 2025 00:20:38 -0700 Subject: [PATCH v13 23/28] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250424-v5_user_cfi_series-v13-23-971437de586a@rivosinc.com> References: <20250424-v5_user_cfi_series-v13-0-971437de586a@rivosinc.com> In-Reply-To: <20250424-v5_user_cfi_series-v13-0-971437de586a@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 6DC7A1C000D X-Stat-Signature: 44e4t8ec4fcaqqirtdcfz636487zfq5b X-Rspam-User: X-HE-Tag: 1745479299-49462 X-HE-Meta: U2FsdGVkX18sEAy5xs/rdaZ8yGJtLPolfhSrMtadPJUTDVok5wF4dodekvcRzwYMl2lZ23E0wbcXVgdPni8FHyKQ7/59r+80KaFTzisiL5cA80njL9CU7nYZx5Bcyf/C2mjYamRbv1oAo6xluGGmd7puLFjBbIC3hikvN44SxNjYD9zZ0pkrszirzGhXSsHbSRMCRA0gJUoaaR9Ia6Tgg2655+p3/g5psiLdk99AVcEgN2TPVYSKjvhI766CD+hVYGc9h13fokba56ky4tp8M4CIcKgRzAPby6Wos3Q4Bn3nQnjuZAjsXVuLd5/l2QDPBdfZVig6yYcJxoeWiJEX8OjH8h9Z9i31tX63+N2mqfJEEg8708PgKBu4qemgMa0TWzxqrvMSTcxS1CojjdR/sbWnLYlTtGRBK4tAzBgbnWrnuN5PsT0GHLVM35UV2NV+BKg96ZmHHw3TeUgn7xJyf1VJQBTTyJueDdbVz2sdQKjZKx6M74Haj8Xf+2LYJVm2uqeT+WRcLRXj7MCXYC7UiIJXtGmaVXI4yADyojcK0VpCZSzK/2Yolq1YmoTFMBgm4ozSJQE4WDvmeu7d018jHTj9uKkE13VfmoXgU2C0GD9suOFlBoeeAO+9bHt7zILR0kifi2mNWY2cOYWIIZxq56PTZDae9sK5TL35phnNB/uZKTAlZzKsp+pwlnnjOBDY32xdBjGND6OtxGGHc5BF0bWJMcvjBwVRDI9y83w3t8gmgvYoglffQHKVkpnBI7A7nGo/BtbNmZZX6COcDktwxpsw8wDc8HLJEpt57Bk0H265OTpWX8YKfB1rrmiNJlSuXt+HgshioPzaAVpeFgotchInyXpu7RuQ+YN60x85TY0pl6GSKduWqnyq4Oaad/nv3omJSi957FqS3Z4pg3uRXmYux+Qz6/y5v5bWWpgjLjGzckbvCNIqqswFCXQDGFIf5mgmNaXgIjW+RLVOizm zytXUQJV EvCtFQ5TJYxpMGTicJ7L5JY0X6M2CokZhhlyWyAz33RI7iYacoAnJ364b0BZGoFXWA7cCwN0RuXR4/332RP3H0OGoNhvTR/Msf2JlxO6MjZfaw0xFbWHzrAPTNuNPzbhbjVaOkDuud1WkGSRlAiEItMeLCBsWiketzYQGyrAc1tgAieMQd0Wn0KUgZ3I97c55AIzN2/i+OxsmLui2LHDQuQ9VlQx/5Gtj21D7pUT3EJp3uJykvVwjjktj6GUpPf9WMe7lQT98nrC854N3Lcrvy52+V3etnaYPcyZ0UhSU/8yyLsn+eX+KKMole9B1E4wX8enyqqErKpzsivosQ+ZJCnmfBQVHEeBh1HTOj4AaSW7qt/Pk1vRjSxc2lChyr0umqvRjBZynvj3QNd5BwaA6YUCXzEQRPp5orJGMu3IKDl6Dcwm+IFeIJQUIRuSKvjhfCQ2E3wX/WFHyUlSLY7bFpbWk/7SOwv1d1YaKH4HETX24Vva7EEEYm97F3Fc7lJN4xCA+U1PXnB60V6Q= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index 0c188aaf3925..21f99d5757b6 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -515,4 +515,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..d47876eca637 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -164,6 +165,17 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +332,17 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: scs_load_current #ifdef CONFIG_KASAN -- 2.43.0