From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DEA0C369DC for ; Wed, 30 Apr 2025 00:24:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 251376B009C; Tue, 29 Apr 2025 20:24:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 207DE6B009D; Tue, 29 Apr 2025 20:24:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 07A9E6B009E; Tue, 29 Apr 2025 20:24:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id BE6796B009D for ; Tue, 29 Apr 2025 20:24:33 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5C1331A1557 for ; Wed, 30 Apr 2025 00:17:39 +0000 (UTC) X-FDA: 83388796638.15.2817EBF Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175]) by imf07.hostedemail.com (Postfix) with ESMTP id 5DEF340003 for ; Wed, 30 Apr 2025 00:17:37 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b="dZMdov/Y"; dmarc=none; spf=pass (imf07.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.175 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745972257; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3X/LDbKk/o1pYr+8FDgOywQj6F1nn1j7yhy5R3Qqub8=; b=P6vyTFfvc91ifTWxeCkIUe3HqMdIrZn9v3C5iJl7Se0a6RRQnw5fZZXDXa1kWchvj2UZqi L1uQu6GgCK1j2GZ/4ekvN9nDaROFHBNtt49LGb9B3hm76roAOEM4qet8JAsg1Fp7vEjyQ3 0uOTHVgRd6idgsH9wVFzElRZeSQM5Mw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745972257; a=rsa-sha256; cv=none; b=YENKB9xK/sk+OvDAZSY3CfpdGaMW9vTqLPmxUnaEEJ5FWDMT3t8jvye5CuUezE8W3KBp3b FJkW02mLf6ni6DRkyjglJr6u+TvdWif7eRkLmxHn8VeiI9AsWUrKzXdD2bb0GuKIvdUyDQ ZDnUExGKZ7lqCrsnHp8GCpSsT1ybiMY= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b="dZMdov/Y"; dmarc=none; spf=pass (imf07.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.175 as permitted sender) smtp.mailfrom=debug@rivosinc.com Received: by mail-pg1-f175.google.com with SMTP id 41be03b00d2f7-b041afe0ee1so6367989a12.1 for ; Tue, 29 Apr 2025 17:17:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1745972256; x=1746577056; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=3X/LDbKk/o1pYr+8FDgOywQj6F1nn1j7yhy5R3Qqub8=; b=dZMdov/YD4UqD3cXhZ5FPIImESh+1ZvCLv4l0cBssJyL0FOsU198FqpjnEs00W6DW3 m4/aeX2Edv7udO2XS2pzjb1yTRVccVMwZClAJZ8D6l9n9QZ2vsnE4wPJqUf9ShJiHhVI MMHm/R9gTFzdH/iZLiHcQBubkDn9oel2vYbp18SYUGR1jZmD6NvUf0wOvmToREXAna2g 8ERmTA9Xp2UMIwWZT4VDGgLVCsvQ8GSgeXEg/GiztuqP94eUXQukODNF6ZqgT1qOXmHd WP3WYwCU0DcWU2EagUa/hk5tOWyTW5+Sv2CS1l0rk+PTQAIevklx6crOmv8Q+enL1xTx RBFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745972256; x=1746577056; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3X/LDbKk/o1pYr+8FDgOywQj6F1nn1j7yhy5R3Qqub8=; b=Q5H5twRbRxHrmcCGuCxBhoZWwbYdPdk9ufRiEqNGlSa/FxdV5bXIWPSyH9GtlxqwSy mtRe1ATPv5H0tCSwhgnmDMXO+EkcyGqlRq92jeZ/bGcVUKELt8ggMcOY18+SDi6lNXRf L6RZe7evNX+079b7AJgsbOvQVC9DS0OQ0G78O/nHhLmeTnp7rz7RLhwW5jkq14n0lPm/ sQo9wGa50Ym65vhPKBeJAD5R3k1aVGvadBfzi+vOjT1DqExPtvF6wnDgLMSCS1YNPdwn oNZYsWv4gXQq3dDdcDsuLXlHUDFFPmkRyoZOP9gQDfIMza/6N2hm9WLUkETvKDnL9n1H 6Nug== X-Forwarded-Encrypted: i=1; AJvYcCW15S7BAOnyCrNgQccVtLd3OO7i9q1M703FdD3vpT2+CPCOMy1O/xoK5O3jNhV6mHWuurwwW6JhIg==@kvack.org X-Gm-Message-State: AOJu0YzEgHNVQj7Jqd+kFkfo7EVR2g7maFXux6bJ29sR+tPvU4KvYb6W /SavGQTdL8/Gjy1Mi/6qMJXyOBIoYoYHCMKPss63TfG/veJ8hVyKw3u5BhqdmDU= X-Gm-Gg: ASbGncs3aRbBnsXlYfc1vEvYKw1U0ZIM8U2melOjyMJ5V25SAi5ytIHM9naaNS48Lty m5+GvVDF60O3qOPwTA5TDqCODM4bJ/+fDwmnzMld69dpGipw94Im4akHe9ntKlkXiN2iW+36HAN IpL8rqvSwHvCaSHlXwVFjNXZ/hVoMVnXghchGGilqVRLH+WSnyzv096csUDqQkiICwQAqRZm51n pDXNcr0vTmEiy6FvFc29eBdJdKLxtCZhLE6T9hiaepOP6ph6MEWgciK3gXcw/67nte9L3vNu6mW /5AbQLMB+yVR3oIN/AQPP7IcvMGuvtRntUDYrCa3cN8lkjeBvlU= X-Google-Smtp-Source: AGHT+IHHiQ90NWkmdJz7M9swMrFnKHR4s4NkPbBiQVDZe2SW7TM+doWonipVtWWfmLVLaK7GwA0N+Q== X-Received: by 2002:a17:902:d488:b0:22d:e695:6e09 with SMTP id d9443c01a7336-22df359c71fmr19979435ad.34.1745972256086; Tue, 29 Apr 2025 17:17:36 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22db4d770d6sm109386035ad.17.2025.04.29.17.17.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 17:17:35 -0700 (PDT) From: Deepak Gupta Date: Tue, 29 Apr 2025 17:16:39 -0700 Subject: [PATCH v14 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250429-v5_user_cfi_series-v14-22-5239410d012a@rivosinc.com> References: <20250429-v5_user_cfi_series-v14-0-5239410d012a@rivosinc.com> In-Reply-To: <20250429-v5_user_cfi_series-v14-0-5239410d012a@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 5DEF340003 X-Rspam-User: X-Stat-Signature: ynig8nmkr7uwdhiak6a7tj4wz5me1wrh X-HE-Tag: 1745972257-273575 X-HE-Meta: U2FsdGVkX1/XiyOtTtEUbTjA7zhyMTc7w3XM9elwkswxoIDKjZJz7+d8gsYGxX4yl87siPs7Y2uDIVzj/RCcXliZynfpxm3anUstAdf/76hS7tvxvB5DQcYtRXZiPYuUx2jRzA9O/Mrqze30eKaThULiZ8UNh6Yrx2FAN7TQg5O9jK+iDhS7zuCEykQrOMc9zG+1z20zlwHZMYi3gAs3y4pdABpoqYb9mI6pg9d27PG/u1skkXIBdZZsjzd2eK+q1vEk+0K6ULX1ASGx1umtIXkcUKVITOTLPAqde63tuDDS1mYcRKqgOAPK/XsnOUghKHgO8MHFsYFRlq/QqOWAhCOaplnuIHRD/byGHIurPcrj080hn3EZ+4pZWNzIfRTejmkFQ/9t43MaQGXIGKyc5ZRuGk6BkiEUS7+O1Ulmb/11p9JwbHZ2jD/U91yMYeIoE9BOwmBaNg0R7013xr8pWB0u1xOxLlBbNe43EMxw6VQVhYTGj8IQYlBhyNo5CIIRzZqDGvtE6sVW9quNr/s0XvnjDxXD6xZ4xnhoBpCjNce87pgZ3G+dnPBRyJECQ0cD6JLZDaJzhhyVfarv/vPk7GB/B0f0TU2cLktzNx8g//9DmSgR9maXahfsjdga7k8hTZE9fuhNE3lV381w8Q+1UXqrFhddvuUwMP8SMRvt3CBwaDfbHO4e5JEy4eMOn3TaQN+pfn/MFMPeL/YseR1DMiaJ31DUgtFBHGbtdg7s7+hgv/MdlmGnGsfy3yej5VBPeLJWhPFiNAP2C8z8dGQUUI6ZCa3vvLrEpL2aXNYULoZqUH5PhhKjjV8gTVS1aZ/f0hSnjSsRf3AgwCZWZnluOHzs4zqV7QRyW4IQglHIxLDKm4uoOX1ZJJp241E6HXh8XdH4A9BgSYCfYlis48zfQc/+4+9XFg/S/af8uPWOVCcAPpcpYSSfPNHAc14PN564cCesOt6TTOFVBaeP30w jmWgyHNW Y9fqtGhAjSgmK5tifYeYup33b5KYkkjAAcYy7i6TgR1YHGToaHeN5V4aR7hqc5Rf3e81vREMvmA42pHJfRzV8lQ/QkJA+1qwVCc9MQDrqEbwTSkgTf+TpblVYZxhKfj+akcBsArmLfn+huukJ72YongYuwUeb/sDPJYkn6mfNYOFoNFfwhR0H0UpF4arlx5qNw0Eyx1na9GeUVug+3HPRO66gIVdK/PGir8G8pURsK5G5z9gWkdswWuizWL0w4zDIPOJSFTZ24vv24FQZFFZNDgyBPnoCyW1zAIYGTxVcy/ZNqHHsoGjTl5Mj0DT+S+WjTfaFPm+gGV1D80/6BAUobXBArXhT0d4O2xq/7bQDVQgadYc8vit/xwSjUAmWMqE1m2rjaDvYX2Np4JohoNCuDgKpDwbysGuGQg/vY7BtnmGyawwxwBZLkJANGQWfueuVPmWn+j2qG6duSgkCKLV10rLkC5sol1CU0Vmj2N1jn/AHWr3Hef7zA+g7ETNE0yDjJxVCVsQpH/wuNHc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 23 +++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index f33945432f8f..7ab41f01aa17 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -514,4 +514,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..d47876eca637 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -164,6 +165,17 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +332,17 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: scs_load_current #ifdef CONFIG_KASAN -- 2.43.0