From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7754C3DA6D for ; Fri, 23 May 2025 05:32:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 516226B00BB; Fri, 23 May 2025 01:32:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4C7046B00BC; Fri, 23 May 2025 01:32:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 38F106B00BD; Fri, 23 May 2025 01:32:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 15B816B00BB for ; Fri, 23 May 2025 01:32:29 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C565614104C for ; Fri, 23 May 2025 05:32:28 +0000 (UTC) X-FDA: 83473052376.14.1C4F039 Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by imf08.hostedemail.com (Postfix) with ESMTP id D37FF160002 for ; Fri, 23 May 2025 05:32:26 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=S5l+9+TK; dmarc=none; spf=pass (imf08.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747978346; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=2RKIBXraUfETg+Vns8FTvny55IyRl0elH39Jq3gX+qnBgZ5vnSXS/OhHJ+wwxagte0IP0/ EeI5BfBlVJOZIZU8WFiRAJB7nOq9LxT0CnCxGTL48xEYFC/M90U4hlGoO6XRib9O+/yIOm tmfA3wqrMhwNjVNd4z4s9KpGcW0nXVE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747978346; a=rsa-sha256; cv=none; b=L+NiemI1uk2f2HBbsbnurSsBtGQ5AsK1uJM6Y9Gek7FdrP+p0KLytGYto8OFBhWly9ZCF5 qe/BaCjaNLn3jjph72vRHyZDKH0/e3UX01y3Vgw1kB48wFVTBwjbuCo2QVnoD4WCNy9CnL OY5L4tN2BAghJ12JqvCXcBUBoJ0rH5w= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=S5l+9+TK; dmarc=none; spf=pass (imf08.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-af548cb1f83so7440875a12.3 for ; Thu, 22 May 2025 22:32:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1747978345; x=1748583145; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=S5l+9+TKL22axTApL7MElwYrJodmPV69gVjvFmQxT/GjQshgaQ7oxOnTo/1cwXEdSW ZssUTVIwBgepnbkn5I6Gw3OH1tsj8xBsRSIKulO1XIGXP7dgTqJ1C73VQbJZO8Ck1/Yg 2V+9zQ/vqF+Lwy1SD+sfzg7daRO7KHjhnYGESsKWp2shPoCAwR36xB0BSTW8z8uBe8e5 H7SVlyTY+ZuIFUtc+fjBudhZcHOvgJDrQXZqEtMZx1lZ/4GF/zcin180IDf1Zj4DffM0 tNwlWgUGxt2KDeBZGuA4OsyLAz44pU76ODWEuW2/ht1m9tjB5dgITF0NrXRsQoT0f8kQ w0Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747978345; x=1748583145; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=AJMLHi2yQGbvnkx+vDMnquDRzAqcRjv5vAJ7pM7VXxygz99UBGZNaAI84r8G+kgDes HrbYVAKVSVTSbApw62aMxeOMQ00mkIKrigN2kG1UJ0kzH2Bl+3QSUp6YU2t+8l0NihQm xtCInEtYyJnlZTqi5JcBhqHP5/W9Q79Z9w0iocas6vJzCFri13IY1wpOhmov3a8GcJ/H 60M3thtMppUol4JqPPNhs9ufl4yi9aAe6+HK0VUPjMwS84cloJMvBxQ+0kGdU/3WqQNY idFO2+V+lVF8Q8OOID06cEtUwE/2P0KaL72NdS1AvJ57NYTO34fJRxZHeKAB18pARl8V staw== X-Forwarded-Encrypted: i=1; AJvYcCWDomkw/sjO/ftVTIxNyG6mMxQH2M5xZqDHos7c0XK11xwOru4EK3XE25jSGHrdKK8SHtU0rWf61Q==@kvack.org X-Gm-Message-State: AOJu0Yz6aulnGmjABIbIkTA5czDG/BDNxiixAgt8nHYa9/KCBQ+4b7QX vDFPEtk3L2bKcrJaAZxpz7YcLf+ViopwQZXbJ68Noqffq7ebPgRPQ3gstFcHfua3iRU= X-Gm-Gg: ASbGnctNRpqBb/jfnMbP8cWcZjaAies+ijM0clILMsItBjcjfVfOVWRFJFeIQf9bB3e vdFx+VSEoBZ1KDBw1W7xKWlMUOQII5o9ZwihcawQQug3awRfJDC4bG2r7vLSSmx0QJwBfiitStE KaPqIzOSHzg3OsJmBt+eb1NTESF3EFqXErKUC+7GXNek2M6D+0i3ufNabKvloQKfrR4E8gxEs0Y yH/8prB7VfnTQwg+3DIYKtOScQwvqe1sp6cFHbz/VuSUcRyXAlpVjoZ8W7gOsKuWHPa8o6vU5Jg nJYk+PCDI0Mio8UmRb+7wTBbJveEjHyHKjEcLKEndPMwPKFG49tr9SlBp3nDGw== X-Google-Smtp-Source: AGHT+IGgDsB+8A3CR4+XkLmuNbK4RRzT3we3lC5k1xa9cQRvQgCx14SHfbPxiY0t9umJbxGQZcGV5Q== X-Received: by 2002:a05:6a20:cfa2:b0:204:4573:d856 with SMTP id adf61e73a8af0-216fba27c2cmr39932928637.4.1747978345559; Thu, 22 May 2025 22:32:25 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-742a982a0a4sm12474336b3a.101.2025.05.22.22.32.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 May 2025 22:32:25 -0700 (PDT) From: Deepak Gupta Date: Thu, 22 May 2025 22:31:25 -0700 Subject: [PATCH v16 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250522-v5_user_cfi_series-v16-22-64f61a35eee7@rivosinc.com> References: <20250522-v5_user_cfi_series-v16-0-64f61a35eee7@rivosinc.com> In-Reply-To: <20250522-v5_user_cfi_series-v16-0-64f61a35eee7@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: D37FF160002 X-Stat-Signature: yxjguqy7r6jc6tf595bs85o3etozofxc X-Rspam-User: X-HE-Tag: 1747978346-549103 X-HE-Meta: U2FsdGVkX1+SmK44EZ14nHxncxfRTN/x7kwIDpsRTbmOcyLlZ2UfnlfcjEb28JlkseC6KN+IWtcH/lvE3t6IUU2fWN60uO0VeclcqsOgmjO9cBsNtqajDN3GiCfYQ5GikAFtKBh6/9UMGsFI1RwWGqU7gl4Zvm5OgRiQ58hlnkoKdxBD7iGhBqY3miCwMy3nYlJxKkhOhTnS1eL+VtjE6QvguyST66norekOt5HJv9K/sCoFQItL9GibXjeuy6PWp1pu1HAjCeIPRpk/0QMqxCtlfOSlyVIRl17FZSrGGnuBIAKNJxJKzEYwqsy4n+twv+UszSlXxzccpfVX+P0D6eqBz7Exi1rrUEkA473EUgA54BY4347WusXbc9C6n+UxVgeDxVs0WWc7Son/HsGY+HbszZIglk+q1gJVWOEYMcFfqChwoB3BKpz/UE0KlPOWzLzan9mUyaLYlaaORSy3dxdQMNF83Jvyq1Pk/+bQ4fMW2+SBN1MWzlbi1uxGbHI294IuF/1wP3Dst16QOn+tnKdbJWE6YMB4mDOeMV7MN+7jFs9SdN+qpP1VuwoPrO0kjV0hpWBqoDv9wm8xbMXYot8rfpLA8y3IuqpEj21nXqoQzQmtyj19Uw172qavzlcTN6WDUmr+o7I2W+2QpE2FiuY759t1F4g5aO98kd6/MpYzB88SCOobhCUx4xr4tEQq6MrmiOiFgU41C9CDb3Neob3wTPcrqjoZLBNEIx5aQuIDyX8kQeRuRBjM6xxP1NLSY5oK3agkh6vDbrv6/QJbax2LVqgREg+M9xjoi5wQlAyctatoCX/vGC6ZbXRskvCZdihclK+nJO+GRTihXvObIcNSRhOWV4oBFCIpSbMDcHkjLsAYufLsApM6RtuL6THRN7d+l/K6UJVvxxDOPfBjn+4kN/0Mf2oqoiDTFsW2HzG3xN61ashibWVqfcVz90dhGryTSIvsJQ0aYb9ivZS YMaFKBgr nkHk+kBfCsAP3NQzeOMfSZYfYmWYT0vzlh6aV53qN6IGrv69fjLEVYJbA3mF/lMNqca+O9/MMqBPgcE5LVPIzyHF6CsmGZjEVGNUrcLji5JVI8+FIQRIOBPNHML+Om5f3sWy6F2tITonQwLyEhfAu4e1NQnGWgPa9+O95LSz9gIn2lWYd4G32wnJk2DQmJXuz6Wvk0fNWvlolAZ8umCwnKgw9vd+7ETyP0l/P8hzd5cnJiw2JYUwO4+tr21LNOwFOJmQTwInMYr/Rk4YPRwQbPqKv0lLL4lF2+8zqIBw0kA9LyUtI+cOJpOkR2aisdVQf1RNCr049H9N88FP8iI9UznsyKCH1A+6p9X6ix7bG3QZBR2E0FnBBXGWaADflUHxVJwgtHC9zFz3PN+2ysNkFNpD+lu2fUfJqJ8vD1ehqzwGFfcoxJCMDd9e6rI/HEb8AHzw+EfFTb2U+D0MNX7OsbM376wcx3hAXtgTYY91GjWV6HKKjpM2H3ChAOO80rUpPCCBWKePmcYY3PZc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 6 ++++++ arch/riscv/kernel/head.S | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index f33945432f8f..91738394f834 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -514,4 +514,10 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif +#ifdef CONFIG_RISCV_SBI + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); +#endif } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..7eae9a172351 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -164,6 +165,19 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +334,19 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current #ifdef CONFIG_KASAN -- 2.43.0