From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 653E8D41D6D for ; Thu, 11 Dec 2025 17:22:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 67DA66B0030; Thu, 11 Dec 2025 12:21:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 62EB46B0031; Thu, 11 Dec 2025 12:21:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 51DA26B0032; Thu, 11 Dec 2025 12:21:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 36D746B0030 for ; Thu, 11 Dec 2025 12:21:21 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id F1E78140249 for ; Thu, 11 Dec 2025 17:21:20 +0000 (UTC) X-FDA: 84207856320.23.70ACDD6 Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf28.hostedemail.com (Postfix) with ESMTP id EE283C0008 for ; Thu, 11 Dec 2025 17:21:18 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ccHGrkGh; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of devnull+debug.rivosinc.com@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=devnull+debug.rivosinc.com@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1765473679; a=rsa-sha256; cv=none; b=J7KcHMwKXS8iYCGx7MFSd7jCkWwJ3GjaDVY4OJRusji+xzBOKhzNhN1w9dM5CDepmBc9sg TXDTpzol5OvZ6BWJR7AVGjzpCGEos2Av8cr8n8iyDoCJgIeCC6gUpyp1dA2v196hwbhzRS NdptKBhj1sgr8o0FmI3QgmiMPRupmS0= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ccHGrkGh; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of devnull+debug.rivosinc.com@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=devnull+debug.rivosinc.com@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1765473679; h=from:from:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pfJqs+5x78mdW34hWwedvdN5EgdTw7PWVkF20iZvl+I=; b=sHRn9Qe32BadWR4Phsyp7okiLBxEcxSofnGJsYLDF5KwqT1FWTWp0pD5+ZEN7Crofb+IX6 8crM5LaCH7Df5w/fRT1/kUbv31nXnrvq5DGth/fsfPwp2UF3BPtt1ye2/mqvOa69zJceL9 oRaiCp2PmTEs74hfEKbnO0x0uufen4Q= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 26CD044456; Thu, 11 Dec 2025 17:21:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPS id 04F4FC19422; Thu, 11 Dec 2025 17:21:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765473669; bh=DMlpTMPpcuAD7A2EgXu6p1ACp0wI9obs4z2JysFfiG4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=ccHGrkGhzFTW4YbBBPzTE67w7noaTy6c9QQEKP+inUNwUGUBKhilXXaalxDKsJzNQ 77eC8cjikFaicwee/rMi5JQSZL65mZ97nd5o7FX4VfjgyiXe5tiQZO5G3nKb+aFy6/ mPdMD06tMspd1lF50Yu9BCPVC1WAKOILfCzz4XihyqXNPXf51ptEDicssubQZXGOSP GHWUKTCg6C6TBZXjCMWRQOQUfR/XYQ6T72otsF9sFWQSmuxeh1xFQpA4f3T41UTJVB N9aBx8BuKgXJokfISXf4I+USpbM8msJ1JrD4AU8WN+HNwNpUuI/Wy5/jZ5P6Sp3DnR 1hMKR9HUptx2g== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB996D41C15; Thu, 11 Dec 2025 17:21:08 +0000 (UTC) From: Deepak Gupta via B4 Relay Date: Thu, 11 Dec 2025 09:20:56 -0800 Subject: [PATCH v26 23/28] arch/riscv: compile vdso with landing pad and shadow stack note MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251211-v5_user_cfi_series-v26-23-f0f419e81ac0@rivosinc.com> References: <20251211-v5_user_cfi_series-v26-0-f0f419e81ac0@rivosinc.com> In-Reply-To: <20251211-v5_user_cfi_series-v26-0-f0f419e81ac0@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Benno Lossin Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Andreas Korb , Valentin Haudiquet , Deepak Gupta X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1765473664; l=8747; i=debug@rivosinc.com; s=20251023; h=from:subject:message-id; bh=XrtbrTmg+XZefyzmTozhDLLAG16VgA4lLFeJG4rFwXc=; b=UEgTo4MCh4FqP7VgVBUOUy27zG77Z/Cd8ddsZEqWlzMXnLZEtupxDcY21q6vn0l6IElutKnvs Bo3qBW/dtI9ArGbt6u3ak0oZ6FjF2Y9RHO7eaQndn7dffVVajpb8cbb X-Developer-Key: i=debug@rivosinc.com; a=ed25519; pk=O37GQv1thBhZToXyQKdecPDhtWVbEDRQ0RIndijvpjk= X-Endpoint-Received: by B4 Relay for debug@rivosinc.com/20251023 with auth_id=553 X-Original-From: Deepak Gupta Reply-To: debug@rivosinc.com X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: 9qc8ayhw8pexgam5xmr55foi6fwx66rz X-Rspamd-Queue-Id: EE283C0008 X-HE-Tag: 1765473678-558827 X-HE-Meta: U2FsdGVkX18v26qq2SugvFoPn+BZKwiU8dU1ZLBXi6LtXyjdHjjaiACr9U6QdXhHIou2I4NrRiP8EvV2ZX/9MU1qek9c5zC68IiWD/H7tikeknAwbaQWnGv9B879JuVWIFc1P1acoYzFXOhH4j7J6Ck9T3ge7yj+hLSkuWlS7bwBvE0OR9vEr/gQXftzfOOsJDT34gUgELIHUd5M8/tdhARTyGIvFl9WMyTU5g0LduJkMUkGDUt2F4ulYGexOkeb2IJNbKjhn/eSNJ5jPr1YofN3nksHl5WHZhQ9Fnx/p06wjQ+X4AuOcCnJMSJG4E4UuWwkhLl0hddGhKlsI5tdQosrRVa7+e/+ZwEfHW5FQxtgH6EcjyUhStX0GjwlpV0f71iK5pxrvn29mrdo9GpR6YuXKD+XvHoR6/Ad9byCnrzzeIa5LxwrkKqRPQ7PjgCf2Q93UM6g7V43Hz0m6ppdR9Bkfdth9APF6oO80wzW5oRFqLdB/mQwFy1/qVUX4tvQDsqtNw6RQyGq8oIY7oM3AtZO3d2MvYhCg7QCMTTSzqTLtLWH3Bpj3I83IxGKjkXBVqcrLZBhoUwaT87NEZtvz5Js4vi0xWT4OBc5bl2aKKu5RL5LlphYayhqMqKW9LbfIJwa5kANn51QA9HkjaBP/X2hz7fKvRTdoottgKetY14Onvix+lbCe5eaI+2rn8tbUoRaKpQCkD5hR2CyaxOg/B6b+P67f/U6xGcOWCbxILqX+84NwWpDDhC5tvLPn0j7D9xDDGYVTIvpdV4gxfSYgvlm6xv2oyXXxjc7hQpjY2jx71ecOg+3YxVFPCZEj2ym5DAARQFOLcPO4TWMoVOuTdkSQuFeLzzTw6lNniLGr3QeHN8uWoe/5KkHGKCcrAMyjR9lRM1DRTyugMbZExS98m+lI53rN/NeHVtiijY2llCMYOHoC4+lqAeiLeSfaHMa9Hsymw44e1BWNsItft8 VSXBJtII EFtwcPuEbmB13LBoDJ3+LfeQMANAG2Zy5dmnRVfhaVYJq3OOB1g1sJFVrzUD31JmJq5sX1qiDx8nDvScyUV4H6vYS54+ZNcfkAAEIObObyo6b5xLfDoAyZUi0QS9drJiOPWJz1JhjBSp23y51yOvMwmfoS/yMpbcGTevL6W0VAxICQ9ep1NhW7BuUbpeBWwrU9RIZnWqXeCRWpTrICHwGzzK2xIIaVuSrZtNK4xguCSkgdxKGiUCvKrPYLosLzrBYWloaqQZqIyFp4CwyIjO4981/HbdZUXMpiOuN54N7ZmK1wdVfIUPCwhBQmrRCz1dEbqUCGgEwlwmwqkmhNCC/kYQbe2HrJAJX+EElagX0+CdAU/rrZhe83RaTwaAefYqA6thEGawS4zGYY4MIQRwrscB7lI4ThBQwNGOLV4/RQPX7YWTqUZ66cqWW4Dr4uDRWqY/rbLwP+ogVDP4KrugScfHUyr3a0+fLsVviildQWXTfTl7X6krqCrendxnyXp5KsuvLoahhfDuqEdfxlxRHy1vcHMp16H4/es1CHL64HU+MMgajaSG1j2S4hRXpyjhIubCvQc3d+Vt2am2qUNOhzVZRkouecYEfkiFM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jim Shu user mode tasks compiled with zicfilp may call indirectly into vdso (like hwprobe indirect calls). Add landing pad compile support in vdso. vdso with landing pad in it will be nop for tasks which have not enabled landing pad. Furthermore, adding support for C sources of vdso to be compiled with shadow stack and landing pad enabled as well. Landing pad and shadow stack instructions are emitted only when VDSO_CFI cflags option is defined during compile. Reviewed-by: Zong Li Tested-by: Andreas Korb Tested-by: Valentin Haudiquet Signed-off-by: Jim Shu Signed-off-by: Deepak Gupta --- arch/riscv/Makefile | 5 +++- arch/riscv/include/asm/assembler.h | 44 ++++++++++++++++++++++++++++++ arch/riscv/kernel/vdso/Makefile | 11 +++++++- arch/riscv/kernel/vdso/flush_icache.S | 4 +++ arch/riscv/kernel/vdso/getcpu.S | 4 +++ arch/riscv/kernel/vdso/note.S | 3 ++ arch/riscv/kernel/vdso/rt_sigreturn.S | 4 +++ arch/riscv/kernel/vdso/sys_hwprobe.S | 4 +++ arch/riscv/kernel/vdso/vgetrandom-chacha.S | 5 +++- 9 files changed, 81 insertions(+), 3 deletions(-) diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index ecf2fcce2d92..f60c2de0ca08 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -81,9 +81,12 @@ riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZACAS) := $(riscv-march-y)_zacas # Check if the toolchain supports Zabha riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZABHA) := $(riscv-march-y)_zabha +KBUILD_BASE_ISA = -march=$(shell echo $(riscv-march-y) | sed -E 's/(rv32ima|rv64ima)fd([^v_]*)v?/\1\2/') +export KBUILD_BASE_ISA + # Remove F,D,V from isa string for all. Keep extensions between "fd" and "v" by # matching non-v and non-multi-letter extensions out with the filter ([^v_]*) -KBUILD_CFLAGS += -march=$(shell echo $(riscv-march-y) | sed -E 's/(rv32ima|rv64ima)fd([^v_]*)v?/\1\2/') +KBUILD_CFLAGS += $(KBUILD_BASE_ISA) KBUILD_AFLAGS += -march=$(riscv-march-y) diff --git a/arch/riscv/include/asm/assembler.h b/arch/riscv/include/asm/assembler.h index 16931712beab..f449c4392c29 100644 --- a/arch/riscv/include/asm/assembler.h +++ b/arch/riscv/include/asm/assembler.h @@ -80,3 +80,47 @@ .endm #endif /* __ASM_ASSEMBLER_H */ + +#if defined(VDSO_CFI) && (__riscv_xlen == 64) +.macro vdso_lpad, label = 0 +lpad \label +.endm +#else +.macro vdso_lpad, label = 0 +.endm +#endif + +/* + * This macro emits a program property note section identifying + * architecture features which require special handling, mainly for + * use in assembly files included in the VDSO. + */ +#define NT_GNU_PROPERTY_TYPE_0 5 +#define GNU_PROPERTY_RISCV_FEATURE_1_AND 0xc0000000 + +#define GNU_PROPERTY_RISCV_FEATURE_1_ZICFILP (1U << 0) +#define GNU_PROPERTY_RISCV_FEATURE_1_ZICFISS (1U << 1) + +#if defined(VDSO_CFI) && (__riscv_xlen == 64) +#define GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT \ + (GNU_PROPERTY_RISCV_FEATURE_1_ZICFILP | GNU_PROPERTY_RISCV_FEATURE_1_ZICFISS) +#endif + +#ifdef GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT +.macro emit_riscv_feature_1_and, feat = GNU_PROPERTY_RISCV_FEATURE_1_DEFAULT + .pushsection .note.gnu.property, "a" + .p2align 3 + .word 4 + .word 16 + .word NT_GNU_PROPERTY_TYPE_0 + .asciz "GNU" + .word GNU_PROPERTY_RISCV_FEATURE_1_AND + .word 4 + .word \feat + .word 0 + .popsection +.endm +#else +.macro emit_riscv_feature_1_and, feat = 0 +.endm +#endif diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile index 9ebb5e590f93..272f1d837a80 100644 --- a/arch/riscv/kernel/vdso/Makefile +++ b/arch/riscv/kernel/vdso/Makefile @@ -17,6 +17,11 @@ ifdef CONFIG_VDSO_GETRANDOM vdso-syms += getrandom endif +ifdef VDSO_CFI_BUILD +CFI_MARCH = _zicfilp_zicfiss +CFI_FULL = -fcf-protection=full +endif + # Files to link into the vdso obj-vdso = $(patsubst %, %.o, $(vdso-syms)) note.o @@ -27,6 +32,10 @@ endif ccflags-y := -fno-stack-protector ccflags-y += -DDISABLE_BRANCH_PROFILING ccflags-y += -fno-builtin +ccflags-y += $(KBUILD_BASE_ISA)$(CFI_MARCH) +ccflags-y += $(CFI_FULL) +asflags-y += $(KBUILD_BASE_ISA)$(CFI_MARCH) +asflags-y += $(CFI_FULL) ifneq ($(c-gettimeofday-y),) CFLAGS_vgettimeofday.o += -fPIC -include $(c-gettimeofday-y) @@ -79,7 +88,7 @@ include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE # The DSO images are built using a special linker script # Make sure only to export the intended __vdso_xxx symbol offsets. quiet_cmd_vdsold_and_check = VDSOLD $@ - cmd_vdsold_and_check = $(LD) $(ld_flags) -T $(filter-out FORCE,$^) -o $@.tmp && \ + cmd_vdsold_and_check = $(LD) $(CFI_FULL) $(ld_flags) -T $(filter-out FORCE,$^) -o $@.tmp && \ $(OBJCOPY) $(patsubst %, -G __vdso_%, $(vdso-syms)) $@.tmp $@ && \ rm $@.tmp && \ $(cmd_vdso_check) diff --git a/arch/riscv/kernel/vdso/flush_icache.S b/arch/riscv/kernel/vdso/flush_icache.S index 8f884227e8bc..e4c56970905e 100644 --- a/arch/riscv/kernel/vdso/flush_icache.S +++ b/arch/riscv/kernel/vdso/flush_icache.S @@ -5,11 +5,13 @@ #include #include +#include .text /* int __vdso_flush_icache(void *start, void *end, unsigned long flags); */ SYM_FUNC_START(__vdso_flush_icache) .cfi_startproc + vdso_lpad #ifdef CONFIG_SMP li a7, __NR_riscv_flush_icache ecall @@ -20,3 +22,5 @@ SYM_FUNC_START(__vdso_flush_icache) ret .cfi_endproc SYM_FUNC_END(__vdso_flush_icache) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/getcpu.S b/arch/riscv/kernel/vdso/getcpu.S index 9c1bd531907f..5c1ecc4e1465 100644 --- a/arch/riscv/kernel/vdso/getcpu.S +++ b/arch/riscv/kernel/vdso/getcpu.S @@ -5,14 +5,18 @@ #include #include +#include .text /* int __vdso_getcpu(unsigned *cpu, unsigned *node, void *unused); */ SYM_FUNC_START(__vdso_getcpu) .cfi_startproc + vdso_lpad /* For now, just do the syscall. */ li a7, __NR_getcpu ecall ret .cfi_endproc SYM_FUNC_END(__vdso_getcpu) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/note.S b/arch/riscv/kernel/vdso/note.S index 2a956c942211..3d92cc956b95 100644 --- a/arch/riscv/kernel/vdso/note.S +++ b/arch/riscv/kernel/vdso/note.S @@ -6,7 +6,10 @@ #include #include +#include ELFNOTE_START(Linux, 0, "a") .long LINUX_VERSION_CODE ELFNOTE_END + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/rt_sigreturn.S b/arch/riscv/kernel/vdso/rt_sigreturn.S index 3dc022aa8931..e82987dc3739 100644 --- a/arch/riscv/kernel/vdso/rt_sigreturn.S +++ b/arch/riscv/kernel/vdso/rt_sigreturn.S @@ -5,12 +5,16 @@ #include #include +#include .text SYM_FUNC_START(__vdso_rt_sigreturn) .cfi_startproc .cfi_signal_frame + vdso_lpad li a7, __NR_rt_sigreturn ecall .cfi_endproc SYM_FUNC_END(__vdso_rt_sigreturn) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/sys_hwprobe.S b/arch/riscv/kernel/vdso/sys_hwprobe.S index 77e57f830521..f1694451a60c 100644 --- a/arch/riscv/kernel/vdso/sys_hwprobe.S +++ b/arch/riscv/kernel/vdso/sys_hwprobe.S @@ -3,13 +3,17 @@ #include #include +#include .text SYM_FUNC_START(riscv_hwprobe) .cfi_startproc + vdso_lpad li a7, __NR_riscv_hwprobe ecall ret .cfi_endproc SYM_FUNC_END(riscv_hwprobe) + +emit_riscv_feature_1_and diff --git a/arch/riscv/kernel/vdso/vgetrandom-chacha.S b/arch/riscv/kernel/vdso/vgetrandom-chacha.S index 5f0dad8f2373..916ab30a88f7 100644 --- a/arch/riscv/kernel/vdso/vgetrandom-chacha.S +++ b/arch/riscv/kernel/vdso/vgetrandom-chacha.S @@ -7,6 +7,7 @@ #include #include +#include .text @@ -74,7 +75,7 @@ SYM_FUNC_START(__arch_chacha20_blocks_nostack) #define _20 20, 20, 20, 20 #define _24 24, 24, 24, 24 #define _25 25, 25, 25, 25 - + vdso_lpad /* * The ABI requires s0-s9 saved. * This does not violate the stack-less requirement: no sensitive data @@ -247,3 +248,5 @@ SYM_FUNC_START(__arch_chacha20_blocks_nostack) ret SYM_FUNC_END(__arch_chacha20_blocks_nostack) + +emit_riscv_feature_1_and -- 2.43.0