From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 35F24D2A523 for ; Thu, 4 Dec 2025 20:04:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 607056B00C0; Thu, 4 Dec 2025 15:04:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4CCBC6B00D9; Thu, 4 Dec 2025 15:04:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3954D6B00DA; Thu, 4 Dec 2025 15:04:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2035A6B00C0 for ; Thu, 4 Dec 2025 15:04:46 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id DCB5C1330CA for ; Thu, 4 Dec 2025 20:04:45 +0000 (UTC) X-FDA: 84182866530.20.AFA0E66 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by imf18.hostedemail.com (Postfix) with ESMTP id DB1F21C0007 for ; Thu, 4 Dec 2025 20:04:43 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=rivosinc.com header.s=google header.b=O6x2zr8J; dmarc=pass (policy=none) header.from=rivosinc.com; spf=pass (imf18.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.176 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1764878683; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7RnuI2UkBizC29w22/jrSl2sQbK2qqJuozv4nJOkh7A=; b=z8asQZODuXQs0iNo9Jb2ouPg8k1+BDFCnG573Nly429DKnBVuF0xEJMbiKDMR9ZOuECj2B jiFrHXCn96ULPvl2rcco+31BO1rmN33LFOKQXz2yU2d01xl8mCII0RX/e1cmOhund9sza8 jsIDdh+Kmn6XJvveNCklZi4Vmr3GTGs= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=rivosinc.com header.s=google header.b=O6x2zr8J; dmarc=pass (policy=none) header.from=rivosinc.com; spf=pass (imf18.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.176 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1764878683; a=rsa-sha256; cv=none; b=4v/hH4oH7YPmfxUXMRn1pYhzmD5RqtIvJ2eg/Cf/aWMc3NbVlZSCUyLN3w6RHYTLZ7oHwi e06OovMA7JT738ObXlGPtd2ok1YvPMv3mjYyAlWX9T9zF4bLFUMUB8vju3Hy4tbHc5mcag CYWFNCn54lZ7ELgawHUMEptoJuFMv1o= Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-297d4a56f97so18355165ad.1 for ; Thu, 04 Dec 2025 12:04:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1764878683; x=1765483483; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=7RnuI2UkBizC29w22/jrSl2sQbK2qqJuozv4nJOkh7A=; b=O6x2zr8JvrQzZx7nUBLjznwdWOOe/bp3PW/kQuHwCHW8BoF26YO64XCzOs1VVKR4R5 g5JW8RnqPmUFyaS2/c7JrCYoiAtR+BnAxvuyLhvXgTLwJ9l3+vXX9Ljup4c+iNncxRN0 t1DeuXniyllwrPtzzhVPr2L/VokpmLomr33iKVbdQQ7VEzhYdBo+pGzh5+6hV4rfo5k5 28iOC5QD1rom0iwT+dxZIKmO5YwH6iCNdhKzyeP/rgYKDHD9dKkgwjBtAxvfBRNwyhql kIiPTvLn3dJI54cNEU6t655QKhlOUvvSQwjW/8aQb2SdYs5wZGmNMnZzZFlLEFfvuUvI EyhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764878683; x=1765483483; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7RnuI2UkBizC29w22/jrSl2sQbK2qqJuozv4nJOkh7A=; b=FUJHYXla5swOYUYjlPeQUSZn2EyA5XG+PZ6f6ASvxaxTZjXSxJDnxLTYmrOjZkL4Dc MS5sBxSPX+0SL/oeob3RMNG1YYT6kZMwQWBHTABWNuPHVnAQ/EANmQVYJQRqIUuHSr7Y Qel5bWNb3AeGMel5iL/66M8LODwlYMqBkhG/LPGnlV+/GjyRlOkzu6pW451WB8r3KrE9 GddTuy8k0z/eT3L6JRRXhN2tXULwboi/6YG2gU3Vz+JCbfI8LWki/NO9ngqYbyOFmmgf hq7ihVjZIGfDA9vG0uBOWhDiTT9E503HZUtjhFzdRjj3gcqQ5/nEGNUN+rjgG1L+kGut 9hsg== X-Forwarded-Encrypted: i=1; AJvYcCW7Rno3wY51O7CXucOsV8Ap04RJsoXQToCjA+yhq6IEvWtJO0FbSlkJB5Rws9XMLgS4msmZP0S11Q==@kvack.org X-Gm-Message-State: AOJu0YxFxMFCFt8XXkIjsbp/bRNlbmhr9kHMhFSmP2k0C9R3C8s53qtI dSlHBVefk6Cg2hFzybsQUQdIUFKQW03O6wCMr3IQPRFhYG1DV7GqSb5GMqEW9FGMa3s= X-Gm-Gg: ASbGncshhOY+gAREIDVJOuRVVTkjWcybuLL98aI78H/77O4U33tAtBwwjzVXHsFVZ5r hCjgpYZ7cONVBhRBopYqLWgnOIcO1qsekp4YPsPcWv4OeIkqMezFQ5Cv5um4a77RXUwS2FOidwm XyFaamqchouWGbSvYcuvgTCJPgj3Jt/sGzlet7kHmrhEgEgtCZJH5mfedrH2vCbs0PRQaIU2qqD SAcYFajsaPmqvulXlaqHT1hhkQBU6OCNe1l+Yf7b1D06eaWCXN1EFY8iPUzkkNlw8zwBOBa8mXd LsBF0Pk/GsZeFk0CtbDpJn+GuN1eGRBDX0jSnm8IZ70ywYlbv+jd2ounLfEhD0FHQx0jIVAJDWc 4QWE61thSsmqanyfuDjmKkrorliUg47i+FuCiuoGLx6/+diIw9sBbmECpKdco9jvAxA08YDUHmA 3Tom8M0dJCjfwj9GHrafN0 X-Google-Smtp-Source: AGHT+IF16MKXc3hQ084pupi13Dl2urHAgrpT88m6eiVRkvjF23PTTOUeQTpFrtMGdK1aUuGo06V0dg== X-Received: by 2002:a05:7022:90b:b0:11b:ceee:b78a with SMTP id a92af1059eb24-11df0be1472mr5168873c88.19.1764878682485; Thu, 04 Dec 2025 12:04:42 -0800 (PST) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-11df76e2eefsm10417454c88.6.2025.12.04.12.04.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Dec 2025 12:04:41 -0800 (PST) From: Deepak Gupta Date: Thu, 04 Dec 2025 12:04:11 -0800 Subject: [PATCH v24 22/28] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251204-v5_user_cfi_series-v24-22-ada7a3ba14dc@rivosinc.com> References: <20251204-v5_user_cfi_series-v24-0-ada7a3ba14dc@rivosinc.com> In-Reply-To: <20251204-v5_user_cfi_series-v24-0-ada7a3ba14dc@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Benno Lossin Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Andreas Korb , Valentin Haudiquet , Deepak Gupta X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1764878636; l=2983; i=debug@rivosinc.com; s=20251023; h=from:subject:message-id; bh=UW9zPS2E4TbdsfJtyu+1aU02XU1fbJS+cjnllb5pNMY=; b=WuDcgJ62IvLXPFgLcbkpSl0esymJQ5NG1MpKico0xKW3dN4w1YBch3Z3iJoZAFZASJeAR5ose QSMma6B9ys2A3GbTrz8rpZ2vK5fiaUGL2oKnDU3DgoW8pbHwXIyIDhd X-Developer-Key: i=debug@rivosinc.com; a=ed25519; pk=O37GQv1thBhZToXyQKdecPDhtWVbEDRQ0RIndijvpjk= X-Rspam-User: X-Rspamd-Queue-Id: DB1F21C0007 X-Rspamd-Server: rspam11 X-Stat-Signature: mgirw74mh7p6az1ukgg7yi63gditb134 X-HE-Tag: 1764878683-576032 X-HE-Meta: U2FsdGVkX18DygiR82VqwRxT31SI9yL14VNiaaKp/ab54qxMwdQHrjySpoIcEAHoGh9dRnVrJUcfwovMYCfxqOtT1Ia+iR+4Xys+yfnO171veRNLaqudBsby2SMOce17xmzJ5ZeWZTGApit8E6EBOJv6hbjMgwuL9CdX7hB268Qx/XiADUPpcGLx9nQlVTkIG4t4YV8hXipUfWw5XYbpkvksXEYgOsJIfANLnT/vtEV3C9C3THQxZdNiTf7xn/7P5ca/A8zCehxJG94+ZkvOvHJqGG/5g8GkpSofMlJ1D3RdsdoEahbD1vses8D4CAdPxMgA7uRT74Gc8mnu0BPI5kbnb4nTH0NkkSUelnDaij16P1uqx1qWgJq2gKxoWbXIj8PNvZm5i93aBjaSmSJW/L6Djhakl8do1j6L2eHYZus4M/cokZSlUhyOOK+LN2bv7LKuTI9n7e+5geFdGLGu+9QewjlQElKWLa6Hx1YxJfqCRS32WizWD24lTDCwRq3FQ9Yzo11tTi/M6ZkTMSX4isgCeJQ7O3Vf7WY29J/Gl2xYS4G0iQLnRC3/tg53GXqiWZ/0uoxQRBNFkT1CTWIP10r2lfcDxcINlgR2mE4vZZb3QxyL2aoiuJPdcKZS5Cub3yH3zixfspHGvT2cddtCqpczODVlLviIYulsYVS8Xc9EP3zZjw2EWjseKGC3tg7MzD1UoQ5KUCZNYWML+y7ik7d0Ds9avNeffq0GTex62ma85yb9/J0UY9dMLfVdE0HpSdOC+AZucHIKB906d/g5rX08KM0cs0amKoylf5S9FsFafa2Nrrq+Hy6vjXWRiZz3QGLrn3lYJpl1PcmjB2+9KqaXB+yldMF45LGMYjPS3dtlDPYJ5cYYVCg9iSks6435ZvM+FoB4MjtMv1GRDknk4CEF3CutsyjiG+1rUMdU3cy+bbAt9ZFOdNht9crXiZJ6JiOJNT7QgTBtGi2Sj8Z zSicX4B4 GeocWcMCiXTTWxxdgKa2+YefdIZw8Q7qjSEsI+7rERlVerattFxEzlZ7dKgjXlA/2fOx3ef4AtX97sqEwGSSkocgRAfeyR99SBb34COTMZZ8OovppIW+gU5BJtr1fqIlYt0LzHhhq48PA15n9Ng5LzKIabACtQ+Yx/F3K8T4xVNH9tSl6ERfutAsMJd+G8Q76F3Qt6xI15RANYTXa1bh14FVP9F24ClNcpQcpaPXdVSi/DkAfkkw2nn4ToWTD8sEe3sgXW5O0JyUyGg0fS2DaqqRmHSdymJHtVPYwaNCq7fTr8mE9cO/BwsrC4s6Jy+IsWtPOXls1Bgo4cS91GnMGzXf8onXoUA548rNIuSa/P4cYYreU559kEC4L8V0hbnkorROvCSHoMwOMaRLLwbPLIjAx4D5/ovQkii7NufcxqtfQx7hPBuPJPpeoNJjm4d2n1O4T6pKQGLSY4vupr+MQegczvxLKDc6DpOIb2njAJx8qR3G8CNkeRtWsaqIaumGSaMf3kxPLcbsa53pm84s51Qj+6EtwPA9kNGBd X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Reviewed-by: Zong Li Tested-by: Andreas Korb Tested-by: Valentin Haudiquet Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 6 ++++++ arch/riscv/kernel/head.S | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index 8a2b2656cb2f..af827448a609 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -533,4 +533,10 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif +#ifdef CONFIG_RISCV_SBI + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); +#endif } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index bdf3352acf4c..9c99c5ad6fe8 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -15,6 +15,7 @@ #include #include #include +#include #include "efi-header.S" __HEAD @@ -170,6 +171,19 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -330,6 +344,19 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall + beqz a0, 1f + la a1, riscv_nousercfi + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI + REG_S a0, (a1) +1: +#endif scs_load_current #ifdef CONFIG_KASAN -- 2.45.0