From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A56ABC282EC for ; Fri, 14 Mar 2025 08:28:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2582D280006; Fri, 14 Mar 2025 04:28:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1E1C6280001; Fri, 14 Mar 2025 04:28:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05C34280006; Fri, 14 Mar 2025 04:28:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D8F0D280001 for ; Fri, 14 Mar 2025 04:28:53 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id A00861C99E3 for ; Fri, 14 Mar 2025 08:28:53 +0000 (UTC) X-FDA: 83219480946.25.7416872 Received: from mail-il1-f175.google.com (mail-il1-f175.google.com [209.85.166.175]) by imf21.hostedemail.com (Postfix) with ESMTP id 854CE1C0009 for ; Fri, 14 Mar 2025 08:28:51 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=sifive.com header.s=google header.b=F4B3Kqxa; dmarc=pass (policy=reject) header.from=sifive.com; spf=pass (imf21.hostedemail.com: domain of zong.li@sifive.com designates 209.85.166.175 as permitted sender) smtp.mailfrom=zong.li@sifive.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741940931; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jYQ8WklltJ5CnB1F6nWEydwmD/n5vdx4jj1xbKUOGOw=; b=74fWbHmXQgfm6kVWzZrVZXhneXNjGVp6UKNvH9J60JeSPS5TwDfJyX91My4uqjhhBAK9X5 wfAihU2FTUpKCf1DiRroOss1Sywf3zQZrE314j+sD/g5Ry7LPFoBaNPGpASJHbI86dDJrt GQMx2GSXate7dN2XUGG/8LyJUZrzeQM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741940931; a=rsa-sha256; cv=none; b=79jzy9AWWwEx2HpV215iZh7vROZ/aYFlJoJqPlhdjXicbA8ZGLIF4dcYTICRKA59YoBJU0 O2UQZbydQqKAWbzjd3GDe+j/ioV8LGjpaxmMVvHmqiV72ubjfrm0bT8L6L1eq96oQT5+LD 7UEBT4mA9LDhyQP+gW6I6Kg5wbejinw= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=sifive.com header.s=google header.b=F4B3Kqxa; dmarc=pass (policy=reject) header.from=sifive.com; spf=pass (imf21.hostedemail.com: domain of zong.li@sifive.com designates 209.85.166.175 as permitted sender) smtp.mailfrom=zong.li@sifive.com Received: by mail-il1-f175.google.com with SMTP id e9e14a558f8ab-3cfe17f75dfso17120845ab.2 for ; Fri, 14 Mar 2025 01:28:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1741940930; x=1742545730; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=jYQ8WklltJ5CnB1F6nWEydwmD/n5vdx4jj1xbKUOGOw=; b=F4B3KqxapGyScPK0KsCbQt//QhI8mPFyjw848ArhjASCPC0GtGvsuykkN5B46i70YQ yrdda7BEad3m+8KYdo5uDErvhRhr6e2ZhMw3583rbD3ks/ZLaF+No6p+DRvrKK6N7Lco SNI8+WKQBBMMb8VD0vheXJfcY2DyLTj5CHotsqa4dz2am46bbJVzoXvWJ13kd/hms8xX ClGitS2r2qJ4pyp53WfDfz+BuRRgPcP+8ISmspbiIUywuL8bx1PTWpIctlB2pQoouSBF hpatFegnllPF7YXxvZiQfO0XkX+xMbyff2rJnM2un6HzP1ylwJHer/Ox+mzfAn5p5IQE uF8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741940930; x=1742545730; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jYQ8WklltJ5CnB1F6nWEydwmD/n5vdx4jj1xbKUOGOw=; b=utcNdVPLG51SZQqNs1ZiRDxwxVmwKz8qn/ZkaAz/ipO4F2MVd+ORZqQXl17cib3zfH 4wKzqfriRXiNcn6bbJQWLmlQFM6j1CMGbW/QQvb+y9emY1f1i6O8P4HRIvIAoR1/Dwk9 x7S+VFFyrMYqRtG/3uaeHG8oOscxkal7WcgUR2Jb2oledUEzyFMPHN8L7bWm1Fa3vq6H Hpj/IaG37yj9fbZRXEpb0OVSRYqaNjjLtE9XeBAxIJcYz5rP/XCh8ddRextRyIwEd3L8 KYBzfdmDffZ1BparwWLMKGfS1ul6xQR4Ec7F4TIs7tYYXlPSMLeyNKOLYhFX9OcU4I39 EqCg== X-Forwarded-Encrypted: i=1; AJvYcCU2T/S5633LDQbcAiviPxsfI+7pFa/O/HOJZnY4IufIQJOflQfLY4hKGjFK9sublmcyXv+ccZstDg==@kvack.org X-Gm-Message-State: AOJu0YySUAwo+3RGv3JFQmMkir/exf1kTB6qS3MxO39NUtV0RyI8+6Bi kg01Bm9cJ30XSa5InEgC961knrWCh3UPXdBjAIubppqyBG5HR+Y2xLEVPwnRG6AuDZJfo8MadDg +I4qYW/fqY2zquBuiqPUewfU4OQvBgbRlwaXJQw== X-Gm-Gg: ASbGncvhIywehL+y+VY4FZZ7EXvrjOJ+DNejkUdpSYa1GXDWin/kUhJo3UqEZOyGDrS nDJHUMbTlxldzrxOtLSV+PqW+C6V/O02gtvR1FLvXsRnDxkDK1rxC+PC7eh27SkP203TpZz/oBd kGl9WZhqvrgT83SJeKmV6tMDwDatx/PwD4p5EGdw== X-Google-Smtp-Source: AGHT+IG+6oGPXZWI7buI+qLSPhZnhJwwr7Hbk+z7bXsShxCE3wUQfaPagpNJnFiXw0YRZXX1FtMy1so34umJojVa7Qo= X-Received: by 2002:a05:6e02:370b:b0:3d3:fa8d:be6e with SMTP id e9e14a558f8ab-3d483a63d6amr12103875ab.14.1741940930607; Fri, 14 Mar 2025 01:28:50 -0700 (PDT) MIME-Version: 1.0 References: <20250310-v5_user_cfi_series-v11-0-86b36cbfb910@rivosinc.com> <20250310-v5_user_cfi_series-v11-6-86b36cbfb910@rivosinc.com> In-Reply-To: <20250310-v5_user_cfi_series-v11-6-86b36cbfb910@rivosinc.com> From: Zong Li Date: Fri, 14 Mar 2025 16:28:39 +0800 X-Gm-Features: AQ5f1Jo6BmeaPVN-BpPNuNRR3aEeI1qJOuvP_eZRv9-j2_Jz5UNXStZ6Qvn-cko Message-ID: Subject: Re: [PATCH v11 06/27] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE To: Deepak Gupta Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 854CE1C0009 X-Stat-Signature: k8hrkyo864nu6p5k8jyt5ogx3uskeq9w X-HE-Tag: 1741940931-985028 X-HE-Meta: U2FsdGVkX1/xX3tWRH0zlODuFI2Hm52qZyqgPL7eDRX2zD8sXtR8gkcXQsPb6PRd3P+Ou9OnxakXFtZJrwCgetslqFc8b5jOLmJbg4q6FOHZEIbmLsdt+2znh68nNwhy1e+hX3F5RiZv7CYwdOwVxt1bNFD04/zMXMTfohi/rHbT/wBo3G7O1+eVHlkods0+2juUj9NwGeKmJIw3ki6oZm27HgkWbHl3BXfHeNbnti+NobX+gl5qzAxwCiANHuaelhFafX11cx/ESWlinI6QG9Bc6Mw6cwuOhG/7tJ/RuZnqxjPe+pC7BwbbzB8V9mfCi/H+HgyhUBlMZmprD0Qx8z1hC57breJ7LdGSu4ncFrrVGr7OZ5K95RSZdeg1IT/ySqCuNXGBuxzJzvDTi1c7b+fmkr4An+p7D2ZcgYlznKs5bT9BENHLS6q3NcQcFlwkyERUymDSDbLqvi4xlYGXDZn+/9RcTh0qjUt69+QAlwYj4kD3j7jbzi0RDOz9HqdliqiRWn3Uv4M2FufQYAFKV0Ir01IOXP8g3HAG2ti0o/drHEQty20ir3Ff4Qc4exnLSmmeld6dV2xrX8ijc841N7MP25U+9nDtkhWie4pmegXT+233mWQr4C2eebnG42LUsgjBZoraOzif6J3gG+B6kUuC4p2iA5JyGHSvaR9l2avWE+U+ANBd5z6RPiJOkfH7EhBzXeoJveXGTQxjYy+rwtvXBAM2w13whi2YZ4VXlISF4lUrR9a5c3943fBW+rNkL0QCTl1Ms+thEEMY7FBwLdD/neaJiuQmBIEHtDFUmySjN9PgIPhEMPs7JwS99wTxC3s0PgZQlxINyXnrYVps8cEl1QLBDSBYLFxHbzMWUIrmQnZeLuUKtMAYyaW+PZFBuxMAmhxAz06fIydL2Ao0ze1VwkBn6vxX0qP/2jJodkqOQfiS4P3OtZgrQwUdq8J5+UgkH6FIceCyFASYhYb VrfGE8Vt XDazEK9W+3JFj12voZnArfHwlPBC6TSqhtQFxWbaMzSM0dRVnX3xccIGnYfcQPJ+KkzgXhFff0k62ksgoWhtSHEvQJ82jvHgcT76QRU4vHp5/FCMEVwonz0tZnTWKoEDJE2jPXY3IqCWYaVzqG+zqy9FWpWDZMqqF1TmabQ4ZUfc/HOOavtLvXhi5BaTLn6yKgcbEcQ+xLl7aBEQ4lhXID+16eGj83XPyFoZRsNjuc/dXGFdt79oalpRWRXUjszTGtXMuOt5wIwaNLnhQaMAjlLlmJRpeBXYDhy8FIGMpd3+BgvXJ/m5O2Ykx6Fq4mm4hvZhugOoeUyLEGVbF9tWWbqTzYX5yzdOLWkHsivytfhCW72hUQk+mk3650P3DZtlm2M6Bqhk3V2j6A5Ary60Ue4cHehhukGq4TcwBYhF5J/G2JtTNiJMYK/ugStpsJ5SEjXEppI+RJR3lyZk53o/rozL35ENff8+Oos6ymdEV3w/9xkE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Mar 10, 2025 at 11:42=E2=80=AFPM Deepak Gupta = wrote: > > `arch_calc_vm_prot_bits` is implemented on risc-v to return VM_READ | > VM_WRITE if PROT_WRITE is specified. Similarly `riscv_sys_mmap` is > updated to convert all incoming PROT_WRITE to (PROT_WRITE | PROT_READ). > This is to make sure that any existing apps using PROT_WRITE still work. > > Earlier `protection_map[VM_WRITE]` used to pick read-write PTE encodings. > Now `protection_map[VM_WRITE]` will always pick PAGE_SHADOWSTACK PTE > encodings for shadow stack. Above changes ensure that existing apps > continue to work because underneath kernel will be picking > `protection_map[VM_WRITE|VM_READ]` PTE encodings. > > Signed-off-by: Deepak Gupta > --- > arch/riscv/include/asm/mman.h | 25 +++++++++++++++++++++++++ > arch/riscv/include/asm/pgtable.h | 1 + > arch/riscv/kernel/sys_riscv.c | 10 ++++++++++ > arch/riscv/mm/init.c | 2 +- > 4 files changed, 37 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/include/asm/mman.h b/arch/riscv/include/asm/mman.= h > new file mode 100644 > index 000000000000..392c9c2d2e78 > --- /dev/null > +++ b/arch/riscv/include/asm/mman.h > @@ -0,0 +1,25 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef __ASM_MMAN_H__ > +#define __ASM_MMAN_H__ > + > +#include > +#include > +#include > + > +static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot, > + unsigned long pkey __a= lways_unused) > +{ > + unsigned long ret =3D 0; > + > + /* > + * If PROT_WRITE was specified, force it to VM_READ | VM_WRITE. > + * Only VM_WRITE means shadow stack. > + */ > + if (prot & PROT_WRITE) > + ret =3D (VM_READ | VM_WRITE); > + return ret; > +} > + > +#define arch_calc_vm_prot_bits(prot, pkey) arch_calc_vm_prot_bits(prot, = pkey) > + > +#endif /* ! __ASM_MMAN_H__ */ > diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pg= table.h > index 050fdc49b5ad..8c528cd7347a 100644 > --- a/arch/riscv/include/asm/pgtable.h > +++ b/arch/riscv/include/asm/pgtable.h > @@ -178,6 +178,7 @@ extern struct pt_alloc_ops pt_ops __meminitdata; > #define PAGE_READ_EXEC __pgprot(_PAGE_BASE | _PAGE_READ | _PAGE_= EXEC) > #define PAGE_WRITE_EXEC __pgprot(_PAGE_BASE | _PAGE_READ = | \ > _PAGE_EXEC | _PAGE_WRITE) > +#define PAGE_SHADOWSTACK __pgprot(_PAGE_BASE | _PAGE_WRITE) > > #define PAGE_COPY PAGE_READ > #define PAGE_COPY_EXEC PAGE_READ_EXEC > diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.= c > index d77afe05578f..43a448bf254b 100644 > --- a/arch/riscv/kernel/sys_riscv.c > +++ b/arch/riscv/kernel/sys_riscv.c > @@ -7,6 +7,7 @@ > > #include > #include > +#include > > static long riscv_sys_mmap(unsigned long addr, unsigned long len, > unsigned long prot, unsigned long flags, > @@ -16,6 +17,15 @@ static long riscv_sys_mmap(unsigned long addr, unsigne= d long len, > if (unlikely(offset & (~PAGE_MASK >> page_shift_offset))) > return -EINVAL; > > + /* > + * If PROT_WRITE is specified then extend that to PROT_READ > + * protection_map[VM_WRITE] is now going to select shadow stack e= ncodings. > + * So specifying PROT_WRITE actually should select protection_map= [VM_WRITE | VM_READ] > + * If user wants to create shadow stack then they should use `map= _shadow_stack` syscall. > + */ > + if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ))) > + prot |=3D PROT_READ; > + > return ksys_mmap_pgoff(addr, len, prot, flags, fd, > offset >> (PAGE_SHIFT - page_shift_offset)= ); > } > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index 15b2eda4c364..9d6661638d0b 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -342,7 +342,7 @@ pgd_t early_pg_dir[PTRS_PER_PGD] __initdata __aligned= (PAGE_SIZE); > static const pgprot_t protection_map[16] =3D { > [VM_NONE] =3D PAGE_NONE, > [VM_READ] =3D PAGE_READ, > - [VM_WRITE] =3D PAGE_COPY, > + [VM_WRITE] =3D PAGE_SHADOWST= ACK, > [VM_WRITE | VM_READ] =3D PAGE_COPY, > [VM_EXEC] =3D PAGE_EXEC, > [VM_EXEC | VM_READ] =3D PAGE_READ_EXE= C, > LGTM. Reviewed-by: Zong Li > -- > 2.34.1 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv