From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D618ACCF9E3 for ; Thu, 23 Oct 2025 16:52:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 767D58E0027; Thu, 23 Oct 2025 12:51:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6EF128E001F; Thu, 23 Oct 2025 12:51:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4CEA38E0027; Thu, 23 Oct 2025 12:51:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 2EE128E001F for ; Thu, 23 Oct 2025 12:51:27 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C0222140BD8 for ; Thu, 23 Oct 2025 16:51:26 +0000 (UTC) X-FDA: 84029969772.10.203AC96 Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf23.hostedemail.com (Postfix) with ESMTP id AA259140009 for ; Thu, 23 Oct 2025 16:51:24 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="gHH1/5Ll"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of devnull+debug.rivosinc.com@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=devnull+debug.rivosinc.com@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1761238284; h=from:from:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8k5T56kkRu9YK1F4LXF8NdMzANSX1RtLRjBKJZN/CnI=; b=E44g5qbWgj8I1k5SeZxEcpumGSUuuQwiqrQsdP1btz/ZT/aBxQdLxofUU3j2iBWyzInqaM SWi3C0rl4NGRle5WfB2PHH3qlpKdEWf2iEw3vjaxFnfJ+wTLPIghlh+ToVkZZp/hxrVdHd 9OczWShtj+/saHhiujXOVLO+Dz7KBiQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1761238284; a=rsa-sha256; cv=none; b=3SnUqe6gmsJKH3DEMlSTZ3M4gLnzr/vg0bgOmZQc3Pmbtf7Qil4TZL6IlW3lxHHpGEgJS3 IVezogpWTRKdqk3Ozapignq0pL5LpkV0+T+eaipKMmdo9saEzEMng2pM3+v056R/s+Sxe3 o+w1eu1oKQakii9GdFKbdoD87rkAOzs= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="gHH1/5Ll"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of devnull+debug.rivosinc.com@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=devnull+debug.rivosinc.com@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id B60CF4B153; Thu, 23 Oct 2025 16:51:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPS id 7C8C6C4AF16; Thu, 23 Oct 2025 16:51:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1761238272; bh=AqmRpw4O8J0jjToKKeoiHeFFRtZuD8fn893qbAgc048=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=gHH1/5LlR/Ya+/3axSXvpfgVECVaeGNSw9kI4CMjZL/631VGsPmEwe2U75ut93lll rGZIb2F8ZR5ysB1mE1QBuqXKUif0aAcKOSNRGOE4b59d3jZgkZBEimEqQMCpOzw+4u /VYmCDYuO0oGnt71anilDjBuGPy+wgCVoRUJ3AHvm5FG8aiFzpoDeqpeoQYYONDDev uamrltOEPwz06h0qaU/22BrCN6cCa/MdIMf/TQ8WpVPoHafWpIFZPx7NgfPsX+Lvm8 dwp5DGL9tyTAL2TtVHlMrdd04B0JG6us27Zd+mxZuTO31VBR5BcVLIJifmPuIY0SnY Va85A12qAVetA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D8ECCCF9E3; Thu, 23 Oct 2025 16:51:12 +0000 (UTC) From: Deepak Gupta via B4 Relay Date: Thu, 23 Oct 2025 09:51:28 -0700 Subject: [PATCH v22 23/28] arch/riscv: compile vdso with landing pad and shadow stack note MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251023-v5_user_cfi_series-v22-23-1935270f7636@rivosinc.com> References: <20251023-v5_user_cfi_series-v22-0-1935270f7636@rivosinc.com> In-Reply-To: <20251023-v5_user_cfi_series-v22-0-1935270f7636@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Benno Lossin Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1761238267; l=8621; i=debug@rivosinc.com; s=20251023; h=from:subject:message-id; bh=TV4bCjkXahYptQE9wDELJEswpUT0u946Au4FFg8Mqeg=; b=WuwmPjZ57Lz1WTkUy08ZHlE6SgJkgZj1nufDQGh0+c4ds4GM/+oSdiAO+nIbfS+62NQrJVEX+ MfbFCiZqEM5AjGqWYJGp7hGtd4UI40tiz/Wn2zulA0rYVb7FZ+ZBZhY X-Developer-Key: i=debug@rivosinc.com; a=ed25519; pk=O37GQv1thBhZToXyQKdecPDhtWVbEDRQ0RIndijvpjk= X-Endpoint-Received: by B4 Relay for debug@rivosinc.com/20251023 with auth_id=553 X-Original-From: Deepak Gupta Reply-To: debug@rivosinc.com X-Rspam-User: X-Rspamd-Queue-Id: AA259140009 X-Rspamd-Server: rspam02 X-Stat-Signature: yzjn4ahohm57ok73e7zzkq9rmsmxtw9e X-HE-Tag: 1761238284-968986 X-HE-Meta: U2FsdGVkX1+wve2MVJXGTy0uO1QQtSf7MQezhbT36ubYOK8PCgQdLXnZAnRrxKBw51d6BFRAYHyT+/eIMexCQOpoXWwIb4nM87C8KFuPFXk8VqdKq18i6Kp0qoThjxOqrC4aO3BrstuXxVZBlrSvnneqtwHkGQaaXsiMzx6ZrUFtNsS1VnoN7Zj4Win1mKfuQ72uJdRxImCOT3yrZma9s6RC/lItMlkPQoYzhhu6sXpjJYFPQd2YPjzrmL1EwO9bukOyMpzHJZ3FLRfo9tqec16wPtkmjVEOYADwDFLOxx1Oqu3a9PvijU5NQ+tyfdU1pzadMqk3l/FV9/zagdrfnp73VSM0hxs3ZcNTjCK4DkSEYKMvA/Yxm/DLG7yF+Wy3sQsFn0UgN0BsikUxIJZdQV6snQ4xUEf0zS6wHZ+R4QPFmGXzA/H3zJlGCs5+PwZrGqDV0xh2fnQrcGH5oqVcEsH+HOAvdETkWY1GwXbFZMOCfzyaTv9jbJAATKw4P4LVrnOpy7XlVE6+xc7MZXw083SktY6PFl1jGzr87TpQBLlurmaZILepjn4sL4u02t3k6QGrVSUwfxqTgQbxTLzn9XHIhpUylg/BT41VVbZjMeIiBS6nt64xFH2bVK/nqBW1BM/YI98rwSVmWboiksfORBsHj/tvMMTE2PXg1XBNuIQOXD0whWEfyYhJgOjKfWgT5e9PmMPqBcZZ2dWI6NqqRABWJ0uEt/CtX2wn739OL9oDTDZvYUtJh4pCcohIOk5g1sDwO7QvAJw0B0E+H+hwzc8yxK/wuhIkdNm/4OXryq69VLoP3vWnV/GxZGFNNfiy4a++DNJ6mwWh5qNfqMvmsdzSChuugej+/hzd9SWnedczw2YTtVBido6VkBnOenni2ZTyVw/sralmPUtCrRv2yzdqYlBc2rS9tfAlC/hofXw54Neo7mzFsWgo08u35sAy4QTtKyHIpY5hDgYGYzz I6fGiliY 3Aemh9zzKxnulOZHTYww1e3eWusw8b1XtIYBd7bDxRlqckMh74U+OZ3D1/ebEqNmh8PwLn5DavK+pL2luAWUEINdPG7EStcadIR41YAnqwG9jb5kRqmLJq9MXmyDntNsRiujHm+2NNTr0PT9T/qs0ROS377GDvFJZHZcuYzVh4Re2oVUuF8/skpUsd/yomFxZAo6NMH8bJL64oU8GAM6ZGVyA2HUffqQC5noznPnP6FP/WVgFa5ajXaBzGqHQQZsQHfzb8mbQmlDfndHC131B5sCtBHAED/NijuEilyDcdSolwMY4qcMi3L78r4H5Lp4R4668aleYk87Cer+9DOpiVszOFDUc9gw6ZAJ/xMMOwDKkLE9LDUZT0TnmzcL5a7nwlohvk1Y0rfIv+zvh/iCVDFTZNY9/zraswi+QN3kNpvo95PmZEgBp2c6fJZGXet3rPKWFfQ3+VvgpiFf/mbk19zxOh7aoWzg3IkmUfbUM0F9da/vBjUcFEEemU1s83SlPzjpU2e063/OZuAuiK1QirhIdeuHn2P0M3Qeh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jim Shu user mode tasks compiled with zicfilp may call indirectly into vdso (like hwprobe indirect calls). Add landing pad compile support in vdso. vdso with landing pad in it will be nop for tasks which have not enabled landing pad. Furthermore, adding support for C sources of vdso to be compiled with shadow stack and landing pad enabled as well. Landing pad and shadow stack instructions are emitted only when VDSO_CFI cflags option is defined during compile. Signed-off-by: Jim Shu Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/Makefile | 5 +++- arch/riscv/include/asm/assembler.h | 44 ++++++++++++++++++++++++++++++ arch/riscv/kernel/vdso/Makefile | 11 +++++++- arch/riscv/kernel/vdso/flush_icache.S | 4 +++ arch/riscv/kernel/vdso/getcpu.S | 4 +++ arch/riscv/kernel/vdso/note.S | 3 ++ arch/riscv/kernel/vdso/rt_sigreturn.S | 4 +++ arch/riscv/kernel/vdso/sys_hwprobe.S | 4 +++ arch/riscv/kernel/vdso/vgetrandom-chacha.S | 5 +++- 9 files changed, 81 insertions(+), 3 deletions(-) diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index ecf2fcce2d92..f60c2de0ca08 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -81,9 +81,12 @@ riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZACAS) := $(riscv-march-y)_zacas # Check if the toolchain supports Zabha riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZABHA) := $(riscv-march-y)_zabha +KBUILD_BASE_ISA = -march=$(shell echo $(riscv-march-y) | sed -E 's/(rv32ima|rv64ima)fd([^v_]*)v?/\1\2/') +export KBUILD_BASE_ISA + # Remove F,D,V from isa string for all. Keep extensions between "fd" and "v" by # matching non-v and non-multi-letter extensions out with the filter ([^v_]*) -KBUILD_CFLAGS += -march=$(shell echo $(riscv-march-y) | sed -E 's/(rv32ima|rv64ima)fd([^v_]*)v?/\1\2/') +KBUILD_CFLAGS += $(KBUILD_BASE_ISA) KBUILD_AFLAGS += -march=$(riscv-march-y) diff --git a/arch/riscv/include/asm/assembler.h b/arch/riscv/include/asm/assembler.h index 16931712beab..f449c4392c29 100644 --- a/arch/riscv/include/asm/assembler.h +++ b/arch/riscv/include/asm/assembler.h @@ -80,3 +80,47 @@ .endm #endif /* __ASM_ASSEMBLER_H */ + +#if defined(VDSO_CFI) && (__riscv_xlen == 64) +.macro vdso_lpad, label = 0 +lpad \label +.endm +#else +.macro vdso_lpad, label = 0 +.endm +#endif + +/* + * This macro emits a program property note section identifying + * architecture features which require special handling, mainly for + * use in assembly files included in the VDSO. + */ +#define NT_GNU_PROPERTY_TYPE_0 5 +#define GNU_PROPERTY_RISCV_FEATURE_1_AND 0xc0000000 + +#define GNU_PROPERTY_RISCV_FEATURE_1_ZICFILP (1U << 0) +#define GNU_PROPERTY_RISCV_FEATURE_1_ZICFISS (1U << 1) + +#if defined(VDSO_CFI) && (__riscv_xlen == 64) +#define GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT \ + (GNU_PROPERTY_RISCV_FEATURE_1_ZICFILP | GNU_PROPERTY_RISCV_FEATURE_1_ZICFISS) +#endif + +#ifdef GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT +.macro emit_riscv_feature_1_and, feat = GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT + .pushsection .note.gnu.property, "a" + .p2align 3 + .word 4 + .word 16 + .word NT_GNU_PROPERTY_TYPE_0 + .asciz "GNU" + .word GNU_PROPERTY_RISCV_FEATURE_1_AND + .word 4 + .word \feat + .word 0 + .popsection +.endm +#else +.macro emit_riscv_feature_1_and, feat = 0 +.endm +#endif diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile index 9ebb5e590f93..272f1d837a80 100644 --- a/arch/riscv/kernel/vdso/Makefile +++ b/arch/riscv/kernel/vdso/Makefile @@ -17,6 +17,11 @@ ifdef CONFIG_VDSO_GETRANDOM vdso-syms += getrandom endif +ifdef VDSO_CFI_BUILD +CFI_MARCH = _zicfilp_zicfiss +CFI_FULL = -fcf-protection=full +endif + # Files to link into the vdso obj-vdso = $(patsubst %, %.o, $(vdso-syms)) note.o @@ -27,6 +32,10 @@ endif ccflags-y := -fno-stack-protector ccflags-y += -DDISABLE_BRANCH_PROFILING ccflags-y += -fno-builtin +ccflags-y += $(KBUILD_BASE_ISA)$(CFI_MARCH) +ccflags-y += $(CFI_FULL) +asflags-y += $(KBUILD_BASE_ISA)$(CFI_MARCH) +asflags-y += $(CFI_FULL) ifneq ($(c-gettimeofday-y),) CFLAGS_vgettimeofday.o += -fPIC -include $(c-gettimeofday-y) @@ -79,7 +88,7 @@ include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE # The DSO images are built using a special linker script # Make sure only to export the intended __vdso_xxx symbol offsets. quiet_cmd_vdsold_and_check = VDSOLD $@ - cmd_vdsold_and_check = $(LD) $(ld_flags) -T $(filter-out FORCE,$^) -o $@.tmp && \ + cmd_vdsold_and_check = $(LD) $(CFI_FULL) $(ld_flags) -T $(filter-out FORCE,$^) -o $@.tmp && \ $(OBJCOPY) $(patsubst %, -G __vdso_%, $(vdso-syms)) $@.tmp $@ && \ rm $@.tmp && \ $(cmd_vdso_check) diff --git a/arch/riscv/kernel/vdso/flush_icache.S b/arch/riscv/kernel/vdso/flush_icache.S index 8f884227e8bc..e4c56970905e 100644 --- a/arch/riscv/kernel/vdso/flush_icache.S +++ b/arch/riscv/kernel/vdso/flush_icache.S @@ -5,11 +5,13 @@ #include #include +#include .text /* int __vdso_flush_icache(void *start, void *end, unsigned long flags); */ SYM_FUNC_START(__vdso_flush_icache) .cfi_startproc + vdso_lpad #ifdef CONFIG_SMP li a7, __NR_riscv_flush_icache ecall @@ -20,3 +22,5 @@ SYM_FUNC_START(__vdso_flush_icache) ret .cfi_endproc SYM_FUNC_END(__vdso_flush_icache) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/getcpu.S b/arch/riscv/kernel/vdso/getcpu.S index 9c1bd531907f..5c1ecc4e1465 100644 --- a/arch/riscv/kernel/vdso/getcpu.S +++ b/arch/riscv/kernel/vdso/getcpu.S @@ -5,14 +5,18 @@ #include #include +#include .text /* int __vdso_getcpu(unsigned *cpu, unsigned *node, void *unused); */ SYM_FUNC_START(__vdso_getcpu) .cfi_startproc + vdso_lpad /* For now, just do the syscall. */ li a7, __NR_getcpu ecall ret .cfi_endproc SYM_FUNC_END(__vdso_getcpu) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/note.S b/arch/riscv/kernel/vdso/note.S index 2a956c942211..3d92cc956b95 100644 --- a/arch/riscv/kernel/vdso/note.S +++ b/arch/riscv/kernel/vdso/note.S @@ -6,7 +6,10 @@ #include #include +#include ELFNOTE_START(Linux, 0, "a") .long LINUX_VERSION_CODE ELFNOTE_END + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/rt_sigreturn.S b/arch/riscv/kernel/vdso/rt_sigreturn.S index 3dc022aa8931..e82987dc3739 100644 --- a/arch/riscv/kernel/vdso/rt_sigreturn.S +++ b/arch/riscv/kernel/vdso/rt_sigreturn.S @@ -5,12 +5,16 @@ #include #include +#include .text SYM_FUNC_START(__vdso_rt_sigreturn) .cfi_startproc .cfi_signal_frame + vdso_lpad li a7, __NR_rt_sigreturn ecall .cfi_endproc SYM_FUNC_END(__vdso_rt_sigreturn) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/sys_hwprobe.S b/arch/riscv/kernel/vdso/sys_hwprobe.S index 77e57f830521..f1694451a60c 100644 --- a/arch/riscv/kernel/vdso/sys_hwprobe.S +++ b/arch/riscv/kernel/vdso/sys_hwprobe.S @@ -3,13 +3,17 @@ #include #include +#include .text SYM_FUNC_START(riscv_hwprobe) .cfi_startproc + vdso_lpad li a7, __NR_riscv_hwprobe ecall ret .cfi_endproc SYM_FUNC_END(riscv_hwprobe) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/vgetrandom-chacha.S b/arch/riscv/kernel/vdso/vgetrandom-chacha.S index 5f0dad8f2373..916ab30a88f7 100644 --- a/arch/riscv/kernel/vdso/vgetrandom-chacha.S +++ b/arch/riscv/kernel/vdso/vgetrandom-chacha.S @@ -7,6 +7,7 @@ #include #include +#include .text @@ -74,7 +75,7 @@ SYM_FUNC_START(__arch_chacha20_blocks_nostack) #define _20 20, 20, 20, 20 #define _24 24, 24, 24, 24 #define _25 25, 25, 25, 25 - + vdso_lpad /* * The ABI requires s0-s9 saved. * This does not violate the stack-less requirement: no sensitive data @@ -247,3 +248,5 @@ SYM_FUNC_START(__arch_chacha20_blocks_nostack) ret SYM_FUNC_END(__arch_chacha20_blocks_nostack) + +emit_riscv_feature_1_and -- 2.43.0