From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB794C5B543 for ; Wed, 4 Jun 2025 17:17:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9A8ED8D004D; Wed, 4 Jun 2025 13:17:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 932448D0007; Wed, 4 Jun 2025 13:17:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7852E8D004D; Wed, 4 Jun 2025 13:17:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 53E958D0007 for ; Wed, 4 Jun 2025 13:17:25 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 06DB38028B for ; Wed, 4 Jun 2025 17:17:25 +0000 (UTC) X-FDA: 83518374450.16.64B1787 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by imf09.hostedemail.com (Postfix) with ESMTP id E3CA8140014 for ; Wed, 4 Jun 2025 17:17:22 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=uETc67rr; spf=pass (imf09.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.43 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749057443; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=PKcSlW7+cHM/S6Bh005dGHmn2alqJsxK2WwXrRrVu5G4QxIt0lDTYzYuWSHJD95doOPma3 MaYi27wK1c22ryD7DYbQymdjQpKhDjBLAzW//ez0wgK3DiMpEBWZ3E52wARB8MQzLJScrd teiYczTcQEWyzW8I1nvmYFsG7MaUrD0= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=uETc67rr; spf=pass (imf09.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.43 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749057443; a=rsa-sha256; cv=none; b=cDn8JUkCii32e9ciWUnGJZmCrjxInsAWZmqUaHJ59FS2obtE1n36HwOfOMAgs0ZGJ065V2 j47AHfhEGvMDBLsbi83lyEuL28F5rxvwhhIq2dX8XvELLeDl/wC7vjh3bsEZo7fY+J1Jvs DTJmZ2Ai4HrtnovUUPnTeYdZYe16U7s= Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-3122a63201bso100863a91.0 for ; Wed, 04 Jun 2025 10:17:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1749057442; x=1749662242; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=uETc67rrZh855z8oJhXn8M+kka8Dq/RF92KRgEEYNB6rlBJYluKjXGbE2vbSpL+KlA Oqn0OKwzI4St+QeTHl1WPPpNa0BFAU8tClCvIgu3tAnTndP09bq0mvek7veuttc0LepU kcmEniOtuPFD78vK22l0aFtcASm6ucngKq//evxCIu8bazfGy5etPpeYSO2BdUaUUZjX G5XDPiHTnT7BC5AvaEalo48ZFDfC6ja2+opUbXObQ9GLKy+PzB/DvuuKpG7KyEKhkOoo f8cxjFWrLoF3IK6hgS+cInPd9yDTKKT0/8uhedfxMPS/cWdrPW59MMLlsUoM041C5U9p RMuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749057442; x=1749662242; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SRVZyg5TbDWDMLZOF7W+PGgxfQ2OnZA5ElwRPiEh+VA=; b=XnC+Z+k/6Qll+pFurVwBmHtD5XJwueGXfuILn69dxwztDTb4THtl76TUnIbIazVXmD Ht75nxafIDF1fTVe33MPeP5E1djTraAjyE8wflW3F4qEXxiUcNz4565RAlgY7zIdJOQa OgqS7rgHBQLQ9YqsLFb9/UTFlXcXopfcGvqJmGkrGW9nCkVY+6ONagohz9xet8+D2wvK mG/twAoyJTQVHD8zDPltRiUwP2Axism8ma9blI+MR31jw4le2j3e0UpgdDcodnVsz6E/ GkLHkYTao/XTg0wtvnrQZ9A57vnvwLBerIDkzkwOznXZlokeyu9AAbp5ao/+ja2owcz+ cKhA== X-Forwarded-Encrypted: i=1; AJvYcCXueJZJ5pjGpxKmpGlQVLFv9QynxbDhjBx5JXX0AVu3TIlpH2YgEJGuNsAWtEI4PwePmoBCBBwtpA==@kvack.org X-Gm-Message-State: AOJu0Ywh7sdmr5PXeOQFGID6ARQBpyNmafLWSSnmTjInn7cKoMjMygPM k7/kPdXRP7oVWQtFHSdZy0gGHQh4V/62kN/l9zzmmusTIcoFcf8eIJaFiRlPlEgNaP4= X-Gm-Gg: ASbGnctwh6yRSreUA343iGnVMQHoXr9G28bjhqufjX7wovSaK5oI949XXyhdlnBLHIU LXRH2BT3EBK0a/t0eTboJqT+98IL0BG52p3FRBnCglDyqbK/fFg2MUdCunxbE56MqAJhS7QPubt 2r2x5JNAylB8zD3qMR/z9kQ9S3uUAWd3ALnCXeavZgkbzJlLR1gc9n2Ue2wwohRzdyzBjnIQawL HTJvUpVj2Ps+EP5Z+EkhTCWzdscIj9z4gGQZC/He7lDhTZ7rS4PUVCC7gW4nHYEEB+ivPvwZpX9 s5eoednYMsvecDVtEUb5uu3xTb1iut9s9zIpIqdACIRN2xzyhj786a/Rns01940jAj86e7da X-Google-Smtp-Source: AGHT+IFgYucDp6wdab3oCQsMca+Xxo8mGVq4ki4MbG38XP6NlR55ZVWpB4I4rykVbZOBh8FR63avfw== X-Received: by 2002:a17:90b:264c:b0:312:1d2d:18e1 with SMTP id 98e67ed59e1d1-3130cd97a86mr4309387a91.22.1749057441661; Wed, 04 Jun 2025 10:17:21 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3124e2e9c9fsm9178972a91.30.2025.06.04.10.17.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Jun 2025 10:17:21 -0700 (PDT) From: Deepak Gupta Date: Wed, 04 Jun 2025 10:15:46 -0700 Subject: [PATCH v17 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250604-v5_user_cfi_series-v17-22-4565c2cf869f@rivosinc.com> References: <20250604-v5_user_cfi_series-v17-0-4565c2cf869f@rivosinc.com> In-Reply-To: <20250604-v5_user_cfi_series-v17-0-4565c2cf869f@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspam-User: X-Stat-Signature: pknqb5g8s91u4mtah5e93wouaywebecb X-Rspamd-Queue-Id: E3CA8140014 X-Rspamd-Server: rspam11 X-HE-Tag: 1749057442-996547 X-HE-Meta: U2FsdGVkX19xhoJIfvcNDdex5sDHxFwVqsDmGQHzcrP1wCocMiA7mIJnRKzAC29YesaK5bjJ0cNjfO99jZvLyeURPsvj30sLZxqsvUJ0MZY6VjKLxmehoB1QBAZ3JxcDcck6PKfXP+ZmtiuFwnu6cXQapE2dbOpef/ufJwtDoM8sNp0aL8p0lqnrkmB34Use93K7KX4IcSW9+93M3Lamu2IQz2i2vYZphXFQok/gLTI06WkNfyKuIcq4p9BPhFhEFF3Mnj6THtOFSAot3VmYkx4IXtVC75k74CECxZ361ESvhs5xMUZNUgMFrOPjHIJQcVmRwacTeuurzmz2C2IyWOaisDrv2Zj3+sW+bvt5jLODfbaxS3V0euUdNUOYAxq88ZbS0r/zfLMhaFbVDUkFFhEdHGQVYHyQ7/1MzML2B8H0GnXGgOqWqG1afBGnsgtwHsnsRO7wrAUqo6x8XLNCFGpmw/3+WIYa/rYTTewhYtVvnpfApC1wb/Wm5GxGCq5bZLcRdXZAcdRpDRm9CWxaCe1X1BgWDZbTI5XcnlubzQN6Ya9fu1a2eqRzBHpTorVp5utlkaikatrymYIAPw26qs6LlV41VptmjJzj+h+w1RHay3fvQgwBbVtCzWQETLbzIxpL2DRLeD//O8CtH8jqYo5IO0kQrMJBiXBASGy8c9S5JhtWgLsYKuEI4FIFSznF3/jnaSjKIAEtJ9P+J8Ip1Qu7DErb7BBPIvkC4qpcXbxFlzblamD0WskCHN/w+ReZO3MwWYvicIbBqOPqP9+9MRM3mNVA+lG8HCdVsBws5exMxjmZjK4RSyfArvpLn+b2K03cN3Q8+zqNn7RHBimlRo6o+WTcnGFWz/d2l92zy3P/q1vsHrBivwHbj2txLkjyExl/tqIpIHaobGk+YyjhLcObl0onXPIFmbWBqDF6+Hb7a4VA9+HuHUUNxxGHnbyERRC2C6l1nnlw4QtSdF6 8U30JA2A ar9+dMjLnfPiESU5U8XUa8Cu3u3aZM0a6nCxpD8MQWih7DHdJKEEr5eM6JwbCeVqn1P8BV6da+3H4Ko3GyLATYEV19eFsIEcCqFnmDAcombZoHKozCeRSDSKglQN8pFmJU8FFAjq0Y28GAKizeNwgKyUPeJGQEIAr9r6Ukkg0FOl8ENV531J/ODfzZz1ZzJGv09qKvcnkjD3bY1mHgKN3HCkxpCcfyr+0axFjiEp6m8iAx23yp0HgVXMoy80zbjirWhMzSovo3cdCQhK8KwMAikh1k3GS8l1wPUmRoNyaVUYQxMCCaREqLxSPlI6giFfZe8eot0J3BPPsoaO+m1JBvUga+o+dyXGAZcbckUYGmVXPhpK35frW6gh1PMDW24vxPryAyGwy5cpaGZ9EnPwv22HsML3G/ljegTX/mLsxvHEKJaTmI3vb/hsY1AVIFsRuUEPHrwFzy/Nsz5zR07GVe0jqS11+54kibKmMCgWsFitgYrtaV6MPaN5zXRAFr/zi5jaPdHEiFTwsVuo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 6 ++++++ arch/riscv/kernel/head.S | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index f33945432f8f..91738394f834 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -514,4 +514,10 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif +#ifdef CONFIG_RISCV_SBI + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); +#endif } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..7eae9a172351 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -164,6 +165,19 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +334,19 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current #ifdef CONFIG_KASAN -- 2.43.0