From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72714C28B2F for ; Mon, 17 Mar 2025 01:29:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A3784280003; Sun, 16 Mar 2025 21:29:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9C007280001; Sun, 16 Mar 2025 21:29:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 862CC280003; Sun, 16 Mar 2025 21:29:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6650C280001 for ; Sun, 16 Mar 2025 21:29:42 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DCA4EA9F1B for ; Mon, 17 Mar 2025 01:29:42 +0000 (UTC) X-FDA: 83229311004.26.4BD7531 Received: from mail-io1-f49.google.com (mail-io1-f49.google.com [209.85.166.49]) by imf29.hostedemail.com (Postfix) with ESMTP id 0AC9B120009 for ; Mon, 17 Mar 2025 01:29:40 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=sifive.com header.s=google header.b=YyRBWlsc; dmarc=pass (policy=reject) header.from=sifive.com; spf=pass (imf29.hostedemail.com: domain of zong.li@sifive.com designates 209.85.166.49 as permitted sender) smtp.mailfrom=zong.li@sifive.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742174981; a=rsa-sha256; cv=none; b=0jn8jiGFR52WSJXT5Y/WB6C45Y2tydeoLPaevPjpRZ8+5JSuSaoH7l4a+dYWHWhJDuwSAA tSZNBjUAtQCGkVY5I9V5yen6QodNATl32yX8nqlK9MviehVa0MLSWgXIYEx8LnzJTThgp0 hJ3x6MK7xt9UUruNRzrAwzjWoQcc3FU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=sifive.com header.s=google header.b=YyRBWlsc; dmarc=pass (policy=reject) header.from=sifive.com; spf=pass (imf29.hostedemail.com: domain of zong.li@sifive.com designates 209.85.166.49 as permitted sender) smtp.mailfrom=zong.li@sifive.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742174981; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yXV1YPaItWH5GuExWu6nvtOdHmuNPHwz3fpSrmXloOk=; b=GonvCDcWYpKe6OlSoI5LBIu4CK/V7Ecnp4xX3h43w1q0aVTusYo0JW8RjA02DdJASHlHwX ynyUdszgMSY+W+JdkcK2v/BrEj53GCFCZsMfaugvf8rSF6spA273/SgS3p/4NlZCVSdCxy 1WUCtV49mFk73+7pwuWSHRLpYUxIdqI= Received: by mail-io1-f49.google.com with SMTP id ca18e2360f4ac-85dac9728cdso113251639f.0 for ; Sun, 16 Mar 2025 18:29:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1742174980; x=1742779780; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=yXV1YPaItWH5GuExWu6nvtOdHmuNPHwz3fpSrmXloOk=; b=YyRBWlscD+ZaXyT3VCZQadk++6STgs96I0xr8gXBGKYe+unuTQEn/HMZAFSwkeKjHk Lr4Fl+O6oiBQwUyvlpR59BdEPXuCab9EhmJRDqHBHTeLHaROyQSH4DfA0LzfMybg6lH3 nYCLd5X5nDjng1nLTDygqGbOQSsgwcGxEmifbyrb8ILz2JqVOI1MSKQPhGSmqIgxl8aS U2Uc2dlMfADN9Pjua8mm4E1uQglpjXZVC1kQdKdbwB1TWDU8ScKmIq8QIUCtNig9KhRL 05FdPLEx7LTDi81m+7aq9i2U9/gxqLfPI4cs30vJY43beDxj/L1jJRSZE/w9ts1I1yzN pCEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742174980; x=1742779780; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yXV1YPaItWH5GuExWu6nvtOdHmuNPHwz3fpSrmXloOk=; b=aDZpajRnfSws8cb35RPLmhQhR4IpQ92yaZy1IoczoIb0kesOHmtFba7Xg1jYHWWhp1 NSi6jdIrRQ/cnTeChl+kf437Z5RiEjzVPYqyWN2OoskmoivQX75bttJa9GEP43nfvPxJ /fsqL+P1uVvsXtmJ9tQ06MyGe/B4qcPMzKm3Wx301Jk6cNIT+F0zj23N1KjxhRnQmGj4 Z9AlJoXCC4mtPJ6uyU//Q/JS9jZTL+XHmylxnayKk4kDLYqqFlzVQSjl09xZ2sooonOI CkOjsWI2hfD2+EDzwJg2nJR5L+1wiWlTtXrLPaeN9E9fafaMNNzTPT3A4KuNS6EnNnUZ 27Fw== X-Forwarded-Encrypted: i=1; AJvYcCXmSRmyyVx1rMlR2BEifu2jqeBA//i7ok+u2PFcboqSME5Uynt9PInhDw5sBlaigH+o87+5WmAROw==@kvack.org X-Gm-Message-State: AOJu0YymTGwZlsPHvJ4jOIZdfmxwmouStcWACSQmYBhSsHCb3gVUP1fA V4B8g/6535kHIneZthgzqa1Nd0gz3cyBQl21G8eT/Nohv9DQ0E9g59+0vYUm74oIDbFcn6RlTEr xtbfXSfdi3g1tOieJE/4XXqxvsUZPJQpKwnrFEA== X-Gm-Gg: ASbGnctpJ46ICL5UmTRbhFb8lwXdURrXNFxNjGeLW230+YuR5b9VKcBPTsM1+huoEGJ n4iOoZjlrzZaHqel2G01bmUj+13O55fdiDCeicYSOtmm1IfgmeLhJ+zMH5fSEoYSTBQWt55N8Ad a3AbF6CK2nErcYRIiT163oJqEIfb4oPDgOhcyUwj4= X-Google-Smtp-Source: AGHT+IHhjOPG6EGR3h5ZoxINkquScgFy27rLR9k3To3zRQ6sSX22EXVVLbZqhYGhk5BG8qHjIGiTQP6ZKF5VsUZ7wNw= X-Received: by 2002:a05:6e02:2146:b0:3d4:700f:67e2 with SMTP id e9e14a558f8ab-3d483a142bcmr103325245ab.10.1742174980058; Sun, 16 Mar 2025 18:29:40 -0700 (PDT) MIME-Version: 1.0 References: <20250314-v5_user_cfi_series-v12-0-e51202b53138@rivosinc.com> <20250314-v5_user_cfi_series-v12-14-e51202b53138@rivosinc.com> In-Reply-To: <20250314-v5_user_cfi_series-v12-14-e51202b53138@rivosinc.com> From: Zong Li Date: Mon, 17 Mar 2025 09:29:28 +0800 X-Gm-Features: AQ5f1Jq1XMUvueQ2i8jGfmFKuB0WixGyohaNaR6cxlktpRaErRRA5S28rQgfU70 Message-ID: Subject: Re: [PATCH v12 14/28] riscv: Implements arch agnostic indirect branch tracking prctls To: Deepak Gupta Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: dica5oe4suqphk9fixxh6cggngdwckue X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 0AC9B120009 X-Rspam-User: X-HE-Tag: 1742174980-24334 X-HE-Meta: U2FsdGVkX18+kidanJAFvMxBNAec3cZrk/R/OKSmIWs8p8riCi+rhI0xgLnZ3DrwVEzVrdr5VC40mNMan9OgCNjtWRNFpcpcp4pZCYqUhvbT2RvJBJikmb+y1t5gxUBAqs5ahBgXtQ4i+eP9K3S+31IPvfrfZDt8hje3NpQGT/n0Wuk4CEKXqBQ0ipJb+cm/KWSRrH51qzXtp2YTWV97k90zgMh1yVSpZ+F8hSOFbxuWovkrpw3Whx42YxXHadITss2MjYWxBsh2b77HrvcBITyRWhQjBk32yOx4awqrW19zhsKd8rSHhLaxGTxnNEJDJR/Ssf1WnZ+EcIPUDJlMvkdYu4/2ZB2J7Va0pw7yvAZm2YDgh0aIiXGUTKxg2SdQhvwG5Zb9kSf6gLqeZudBuM1xdkK1F0juswhNY8QcZrMIVR936isPvDAFEJ0xb4A3LQn241tdjNyRroo2Ig5tZKl1JO1Gt2WjmnoJRtIFYuiG13UlvSSvPQuaCu/olz2/cfscPxB668FCA+EGncllrkq1llLvgiTP1+luJtkiG5yE6ws9koKMQXDlJ7dTEpC5nVenwAOtJaDFZ0fMrc1ODvz3e5WDx13gF7HPX8b0nvLdiwubHvx9XmECAVOUu8puAUD1UEP9OV42JI09asvMUq/TT25CVvuYRr87bxwj0S6MaNRIVqhA+tXCmdnSO/0ymbg3mlRtLHlB9oE1ksMpwrr58ZYsnC+jNvYgUAQ2PoHkzFjYxI9Ru5OalofeTXgZlRvqBWtAucr3dC3F0j051oI9iduRE/JbzqxfAciipuoYHB3ulrUv61v9UMQHhTDSGronpSrptvkmV50gZmCjkV9Eov+8lMsilDygHdBCQ2idaGyhZPZCcHXI6MAxBrQ046xybajiWsjecWI0PCD+2jsmh2AidXyh7V6Clvqkyf/SomZAt5Bu1rSkfF77EvTl0MyvMUTeugQoKQoKely zyd8cgca Q37e/n47RSTAfVHjJXBZah/HMhrw5LYrBOGv5RVk0YeAqwC2SgZbCpH0SVUs+ljMr3YZ0r9J8s6mowMllJeOl5EJDaDmLeMvaxyIiu3VcWmQDD+seIi5z7PmHO/xh76RELkjKw6e6xh32yXn0SBirqGOvBSdIBaPGh8NWP2p8hSudTbrcrZSAVZL7H3DmthSu34I7F0H3pi4U74trSdMUt5QGlkFnHUyfPwM8Z5HczVbm0ak9LwxEHYX5B8X1rZRAYyvlQXt3nSJGHqccahOWK+TTlxAOvOx4GHfWQGRr/YSXZT8AQhgvRoO7H5HwKOoqccteTSfq/VoFBy1HqAUrPYyh48R5Tg45KRFX/trWaHFIhMOZjRkYrR2EWizLylqDvv3Ai0gU6YKIQ50tg7EN14GfPn8Ufrvsq58YE83NmXLCcnAQ/0sbI/de9JB8A0C9I+Gp X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Mar 15, 2025 at 6:51=E2=80=AFAM Deepak Gupta w= rote: > > prctls implemented are: > PR_SET_INDIR_BR_LP_STATUS, PR_GET_INDIR_BR_LP_STATUS and > PR_LOCK_INDIR_BR_LP_STATUS > > Signed-off-by: Deepak Gupta > --- > arch/riscv/include/asm/usercfi.h | 16 +++++++- > arch/riscv/kernel/entry.S | 2 +- > arch/riscv/kernel/process.c | 5 +++ > arch/riscv/kernel/usercfi.c | 79 ++++++++++++++++++++++++++++++++++= ++++++ > 4 files changed, 100 insertions(+), 2 deletions(-) > > diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/us= ercfi.h > index c4dcd256f19a..a8cec7c14d1d 100644 > --- a/arch/riscv/include/asm/usercfi.h > +++ b/arch/riscv/include/asm/usercfi.h > @@ -16,7 +16,9 @@ struct kernel_clone_args; > struct cfi_status { > unsigned long ubcfi_en : 1; /* Enable for backward cfi. */ > unsigned long ubcfi_locked : 1; > - unsigned long rsvd : ((sizeof(unsigned long) * 8) - 2); > + unsigned long ufcfi_en : 1; /* Enable for forward cfi. Note that = ELP goes in sstatus */ > + unsigned long ufcfi_locked : 1; > + unsigned long rsvd : ((sizeof(unsigned long) * 8) - 4); > unsigned long user_shdw_stk; /* Current user shadow stack pointer= */ > unsigned long shdw_stk_base; /* Base address of shadow stack */ > unsigned long shdw_stk_size; /* size of shadow stack */ > @@ -33,6 +35,10 @@ bool is_shstk_locked(struct task_struct *task); > bool is_shstk_allocated(struct task_struct *task); > void set_shstk_lock(struct task_struct *task); > void set_shstk_status(struct task_struct *task, bool enable); > +bool is_indir_lp_enabled(struct task_struct *task); > +bool is_indir_lp_locked(struct task_struct *task); > +void set_indir_lp_status(struct task_struct *task, bool enable); > +void set_indir_lp_lock(struct task_struct *task); > > #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE) > > @@ -58,6 +64,14 @@ void set_shstk_status(struct task_struct *task, bool e= nable); > > #define set_shstk_status(task, enable) > > +#define is_indir_lp_enabled(task) false > + > +#define is_indir_lp_locked(task) false > + > +#define set_indir_lp_status(task, enable) > + > +#define set_indir_lp_lock(task) > + > #endif /* CONFIG_RISCV_USER_CFI */ > > #endif /* __ASSEMBLY__ */ > diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S > index 68c99124ea55..00494b54ff4a 100644 > --- a/arch/riscv/kernel/entry.S > +++ b/arch/riscv/kernel/entry.S > @@ -143,7 +143,7 @@ SYM_CODE_START(handle_exception) > * Disable the FPU/Vector to detect illegal usage of floating poi= nt > * or vector in kernel space. > */ > - li t0, SR_SUM | SR_FS_VS > + li t0, SR_SUM | SR_FS_VS | SR_ELP > > REG_L s0, TASK_TI_USER_SP(tp) > csrrc s1, CSR_STATUS, t0 > diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c > index cd11667593fe..4587201dd81d 100644 > --- a/arch/riscv/kernel/process.c > +++ b/arch/riscv/kernel/process.c > @@ -160,6 +160,11 @@ void start_thread(struct pt_regs *regs, unsigned lon= g pc, > set_shstk_status(current, false); > set_shstk_base(current, 0, 0); > set_active_shstk(current, 0); > + /* > + * disable indirect branch tracking on exec. > + * libc will enable it later via prctl. > + */ > + set_indir_lp_status(current, false); > > #ifdef CONFIG_64BIT > regs->status &=3D ~SR_UXL; > diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c > index b93b324eed26..7937bcef9271 100644 > --- a/arch/riscv/kernel/usercfi.c > +++ b/arch/riscv/kernel/usercfi.c > @@ -72,6 +72,35 @@ void set_shstk_lock(struct task_struct *task) > task->thread_info.user_cfi_state.ubcfi_locked =3D 1; > } > > +bool is_indir_lp_enabled(struct task_struct *task) > +{ > + return task->thread_info.user_cfi_state.ufcfi_en ? true : false; > +} > + > +bool is_indir_lp_locked(struct task_struct *task) > +{ > + return task->thread_info.user_cfi_state.ufcfi_locked ? true : fal= se; > +} > + > +void set_indir_lp_status(struct task_struct *task, bool enable) > +{ > + if (!cpu_supports_indirect_br_lp_instr()) > + return; > + > + task->thread_info.user_cfi_state.ufcfi_en =3D enable ? 1 : 0; > + > + if (enable) > + task->thread.envcfg |=3D ENVCFG_LPE; > + else > + task->thread.envcfg &=3D ~ENVCFG_LPE; > + > + csr_write(CSR_ENVCFG, task->thread.envcfg); > +} > + > +void set_indir_lp_lock(struct task_struct *task) > +{ > + task->thread_info.user_cfi_state.ufcfi_locked =3D 1; > +} > /* > * If size is 0, then to be compatible with regular stack we want it to = be as big as > * regular stack. Else PAGE_ALIGN it and return back > @@ -372,3 +401,53 @@ int arch_lock_shadow_stack_status(struct task_struct= *task, > > return 0; > } > + > +int arch_get_indir_br_lp_status(struct task_struct *t, unsigned long __u= ser *status) > +{ > + unsigned long fcfi_status =3D 0; > + > + if (!cpu_supports_indirect_br_lp_instr()) > + return -EINVAL; > + > + /* indirect branch tracking is enabled on the task or not */ > + fcfi_status |=3D (is_indir_lp_enabled(t) ? PR_INDIR_BR_LP_ENABLE = : 0); > + > + return copy_to_user(status, &fcfi_status, sizeof(fcfi_status)) ? = -EFAULT : 0; > +} > + > +int arch_set_indir_br_lp_status(struct task_struct *t, unsigned long sta= tus) > +{ > + bool enable_indir_lp =3D false; > + > + if (!cpu_supports_indirect_br_lp_instr()) > + return -EINVAL; > + > + /* indirect branch tracking is locked and further can't be modifi= ed by user */ > + if (is_indir_lp_locked(t)) > + return -EINVAL; > + > + /* Reject unknown flags */ > + if (status & ~PR_INDIR_BR_LP_ENABLE) > + return -EINVAL; > + > + enable_indir_lp =3D (status & PR_INDIR_BR_LP_ENABLE) ? true : fal= se; > + set_indir_lp_status(t, enable_indir_lp); > + > + return 0; > +} > + > +int arch_lock_indir_br_lp_status(struct task_struct *task, > + unsigned long arg) > +{ > + /* > + * If indirect branch tracking is not supported or not enabled on= task, > + * nothing to lock here > + */ > + if (!cpu_supports_indirect_br_lp_instr() || > + !is_indir_lp_enabled(task) || arg !=3D 0) > + return -EINVAL; > + > + set_indir_lp_lock(task); > + > + return 0; > +} > LGTM Reviewed-by: Zong Li > -- > 2.34.1 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv