From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF518C3ABAC for ; Fri, 2 May 2025 23:31:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65E856B00C5; Fri, 2 May 2025 19:31:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5E9B06B00C6; Fri, 2 May 2025 19:31:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 462906B00C7; Fri, 2 May 2025 19:31:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1E0706B00C5 for ; Fri, 2 May 2025 19:31:49 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 0455F140974 for ; Fri, 2 May 2025 23:31:49 +0000 (UTC) X-FDA: 83399567580.30.FCC3B59 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by imf04.hostedemail.com (Postfix) with ESMTP id 0F45340009 for ; Fri, 2 May 2025 23:31:47 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=PgHGWSED; dmarc=none; spf=pass (imf04.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.172 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1746228708; a=rsa-sha256; cv=none; b=hixHVE/HJg/02rz4kGnvs0I6zz3lU6HZtpV9RwFocGhX8ZHRuGwtRqaYJttQk4c4TCveqm dBAgAuteW60m1LOIzAMv3UX3pV4iS6YIa4fP03GiXUzX56YM0tSRK8Z6m+Mw42a93CfE2f K4e9gjI+CCdNZSO6fu8pjEYrG7wZMxs= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=PgHGWSED; dmarc=none; spf=pass (imf04.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.172 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1746228708; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qBvEpeAE/7wGyExLODAiLDg6krF79sL+1H1FZhekT8M=; b=PbGvZYTnDbv+zO4zLj9O1wj80EeCARJngoeK674ocE8X++/LyW950fkrJAIe0Iwp2qBw/S VYW2g2RWvIHwg5O7pnqsT/1VvMHbXlqFtopQ2Mo7JkCut3azsKocELbz8tdEOVXdZ5hzmZ 0G1ZOnNOOc8VDK8R8E0PV5R6F3FEoHM= Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-22435603572so32487665ad.1 for ; Fri, 02 May 2025 16:31:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1746228707; x=1746833507; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=qBvEpeAE/7wGyExLODAiLDg6krF79sL+1H1FZhekT8M=; b=PgHGWSEDGZCA1rq1OQ+WXJHcPHXKQXnBg7Pwpjb1D27xboFHCw2wgzvXkVb7CsLdDj oLkRA6yZwM0ieXhCu8UOixoyKN3xw2LdfjVd19wyHOdwH1azgjrwHHxIivV/5Rbsewq6 B9skWphKZv9u7/QJreVJJsl7v16cPL5mwxZYsNqTmIFMQybGEs5PmuM4WaCfefpNlQ6B AC7RVGRzQ8BWS+gVM6wpmldM2VQ7REVDrxsOQVeXmMRK6H1jwsTZa6vYglHkthPbxJ44 WeIizEuCs+7UNNIR1ilNoh+QhAa1PZQvvjrH+2ron1o/2YCKM9mgftEXR8F9S9EDdM2A XHHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746228707; x=1746833507; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qBvEpeAE/7wGyExLODAiLDg6krF79sL+1H1FZhekT8M=; b=A2KX6UpAME8V31gaWCZE6WAHtFGlSqvQMOOB5aJd2bZYbavU4xe41tvemyo4wKgROJ dzUUm0CvFEDuAbM7dEu95HNYLOkxdCg3jB4iZ03VkVcwdsZrJZHwONyzMkqFcQHU8AcQ aq73aLC/4qYBypVAv5kkdWtPWMCk6aRc8iall1qUs9We1GWzh3NRt/+jCs5tMWqkRtEY yZe3bFS44TLtyifz7heOfJg/rXPLywVg1J/cdTY3sapViXA9rLvzqkm8OGIIzbLYlIYt +AEeZ0Naik71w9pMSOkVGgP7Ta9HSODSvZ1N8uIXbb4CXgOiP3AepxdJbNtrP2TP4gM+ 6WMA== X-Forwarded-Encrypted: i=1; AJvYcCVom/kY8FQbvmTwhEk06H5ZCFlfuqn8d0mtAIWjVL/2PuHLfwIhbaUrMlNhpqYV0PN3hYJINKFMgA==@kvack.org X-Gm-Message-State: AOJu0Yxo14Okl6zJn7i4noimMijCRt9VPabFm3pTXHplp/j5pZ6u2WPg aUgYi7j/u0pNayJMpvF/WuuR6z365WD0L5wpYMUM7/8BRrXCHSJ/ZLsKpneudDA= X-Gm-Gg: ASbGncurpLxAPsnDeF70xFt6+zBPSxXOnapLO3nQEuxgRXGrwlm/SbdgP/OPMKOXyWD T7t64ntHRUz9cTxXKILS+DJdFjlAB+npGgXwcm4/CtMvK4KWSbHqAXGnv7ks1LDmSTS0hwryOa/ RnkN5lW/svMgQPdJR9Sj8uhWSj3oCoVKeD++Ko50QEnrVpQHwAXI+MDTUWmBnBonnJpKxdJ6OiQ OeY3XHOG8mMqmJ8PvZfzcVZ5Vv2MblPgXjn4IjYPJeretKcQKk2v7V4IUwmwQ59lQpAPN92mLJN jH5JFXAps5Bbh0lFWiq0ZdMihBppJn4/C9EHqqUjKAKQ4uF76gw= X-Google-Smtp-Source: AGHT+IF65UbwtR43GArG69lb3A8mSpF2tYUKJ/IXOS3rV9/TBWmbC/mO0B88SVzG1mjx0nqZklftGQ== X-Received: by 2002:a17:902:cf01:b0:211:e812:3948 with SMTP id d9443c01a7336-22e1023416cmr78113425ad.0.1746228706918; Fri, 02 May 2025 16:31:46 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22e15228ff2sm13367055ad.180.2025.05.02.16.31.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 May 2025 16:31:46 -0700 (PDT) From: Deepak Gupta Date: Fri, 02 May 2025 16:30:53 -0700 Subject: [PATCH v15 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250502-v5_user_cfi_series-v15-22-914966471885@rivosinc.com> References: <20250502-v5_user_cfi_series-v15-0-914966471885@rivosinc.com> In-Reply-To: <20250502-v5_user_cfi_series-v15-0-914966471885@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 0F45340009 X-Stat-Signature: eibhyis9bkpezym635apiriiptqzbm1o X-HE-Tag: 1746228707-6167 X-HE-Meta: U2FsdGVkX181aIvHB8xPYxrT0iSKZwCIXBhaGHGJJEEiQ+bdHCyBszErbJ6QWHm4ZHp6kojxAICn0aSUVWCyEqPBId16v3aARpL+PzoU/FDFsoiUL4fhEOgphfnc/LKHZxDnXRB/r1h91wZs0KC3GgnjkR0tYxu4dXDefSHZBxd1X1ffxOSVa9b0+7etTNdT67TGIYfQhNGcQtKEnFgEs6AOacmgyh5RlERLFnXaw5gEpwkb7BFOEwdlI3AakNle8FCShLy6xXNHW+efnqSJ2Du7EXoElz6X4RsfDvV9hCCuhYvTShx+2NshkDDKtqDYuM0vhxFx05TorLA8U4Y9ThziqXLM5I6qCAzoRnw026CxcDmimGR58ygKbTac2gMJ59TChl8tFadDcAz7e3zRZR26rftrKeozxu4GiXS/5XFyXxr50F+r+9J/inywGdoQBEZhqnqZvRC+ZnkHBbZrVsganHS87m7SZt4LI9Mc664CiXVk3mwUStMM3ilJ8uwfXuj3e9DJZ8I/tpe64CkMeza+0A5M/+pF1HvsbO9DrZHCtRckiZtsU8pci0OQvy7LRqJBBzTKjvu97vGUiel2nNPqPxVqne5eLbEn64kMrtasz/Zex0qJCT9g4mJBTgDSV6ELYTP2qTadYj1pXGxHIdPze4j+7Il0JDj/Z9GW2/8m7Ytt+zMr4h805I0wQlFnpKVRYjXOuqXhlBbN+pSdpotsfIXE+LK+CgT++7YLEGx1lURXpeIVAlltxKjXKHcm6PekiWfN48rLnVHErEOGyE7QpHh8Z/HoLuXJSr2L402ey6R+qalklC2hHJwdORorHMXRQSJL7DPsgqTIXJYpGXOypYaJnRhBftXT91eizVNz9Mz9dz7NqW/D2GRVBHAGOpuxNUR16hpVo9Z+kjFJp0yjAgXHNus/80OIOkKqc/UndMac0EKKtG4ypLtxOidSuY3KOh/17Bpb7zVumzg 7awJYP3u OR25aO+TKw6j/rXNS0StBx3cGZ62Mgmmhv8vFmd2qW9feg4fYa9mOl7yoej+qqYaC8y7Z9I0FWjptgI9o1BpDZgUlqnaw73urkvF5D8+iab+t9wZEx/133+AlPV0tKZ11jzh0zqW7rI/62evbOb0TQ7ymPSzywH8f2AeW9Qk/s54/z7XTF+j46Ioawskv0WxZLBdMcL1o01d39UpwztA5GzeVLcaMV4Yb0CvSx7W7uxumnzbS+UT2CVYm4Na4XnA+RHSITu0NPZbng3h5b0FY5byhpG14esBU6M9jmvt9MvmyJRq6yY6+lT+xkLhRjUPgJQxGFpJGnFjDThjBhh/J08qpuJ5p0XTX++QFYmOPGlWtcOL+pV/LiuXna45JUko66eztmh8xQJYCqI01KVfXwKM5JmpLbASIOh9tYxybpiocv1QRJ2W07F/Zy5VPBMzqrHEbePdG/FWMpnhLlGn01aacKORVSykQoZSb2pnyeE3n5rAfQp/yjc7gastRy2p6u6bMgOmBY3E3XPc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 27 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index f33945432f8f..7ab41f01aa17 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -514,4 +514,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..7eae9a172351 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -164,6 +165,19 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +334,19 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current #ifdef CONFIG_KASAN -- 2.43.0