From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 696D5C3601E
	for <linux-mm@archiver.kernel.org>; Thu, 10 Apr 2025 11:04:45 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B02F52800E0; Thu, 10 Apr 2025 07:04:43 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A86E32800DF; Thu, 10 Apr 2025 07:04:43 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 94E5F2800E0; Thu, 10 Apr 2025 07:04:43 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 78B342800DF
	for <linux-mm@kvack.org>; Thu, 10 Apr 2025 07:04:43 -0400 (EDT)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 1A600AD25F
	for <linux-mm@kvack.org>; Thu, 10 Apr 2025 11:04:44 +0000 (UTC)
X-FDA: 83317851288.14.C95F1AD
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50])
	by imf06.hostedemail.com (Postfix) with ESMTP id 1920F180019
	for <linux-mm@kvack.org>; Thu, 10 Apr 2025 11:04:41 +0000 (UTC)
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=ventanamicro.com header.s=google header.b=MDtV7y55;
	spf=pass (imf06.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1744283082;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=FwTqTcXuZVwmB1gK8gAQzMNft2dcqvTwt7yn+4sQNuo=;
	b=D2jAd6DBOKRn88OeNnMd6mMOqJIkA+J+Qf07SGCUBLHN8L2DA7++1N5y1KmXfzWShpAg4I
	Uhl/sdNVW+yMzh1gi6w/Edu8BxC0PayUf7EjYUGh2vUA89TZqvP8FFas4Jhid3YNc31vO0
	rs+pDVmBpKPjwgReFu2GBpG5oOGXiG8=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744283082; a=rsa-sha256;
	cv=none;
	b=0kRs5eRANiNx/ZbInUYm+RXzn/51kcHq0U+6lLvm5qbxRWM3inM3pThAjm56fiZLgcmLYx
	An0fZLSN/LkwVpBoQ0heLRm+voe8cWYLKz4O01QSf3rRfnZ8i6rvPHf2+DWYmmXSqvlQUg
	rwAtkRNVYNBuVaGEfdyC28qwKfeIMJk=
ARC-Authentication-Results: i=1;
	imf06.hostedemail.com;
	dkim=pass header.d=ventanamicro.com header.s=google header.b=MDtV7y55;
	spf=pass (imf06.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com;
	dmarc=none
Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-43cf89f81c5so928735e9.2
        for <linux-mm@kvack.org>; Thu, 10 Apr 2025 04:04:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ventanamicro.com; s=google; t=1744283080; x=1744887880; darn=kvack.org;
        h=in-reply-to:references:subject:from:to:cc:message-id:date
         :content-transfer-encoding:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=FwTqTcXuZVwmB1gK8gAQzMNft2dcqvTwt7yn+4sQNuo=;
        b=MDtV7y55iy6F4iT0wZIDgxTUkLJDi3gSksi5MhtjDi3Ai80txcwm+j9GXPRA3m2gqR
         LET63KvL7k/zBnopauISDcz/AfpPMqzRQKs87EJW68XrRJFU0CGwPuQ/CEtszheW2vPz
         CtFAZIYzfQGYmpDWhw4+SXlT0OYf69cEUsTEELNVUu7c+fbN5HUvsIUHC5ws3SnFpNoU
         YJ5RZEGQBAcixCVr8QrzEuPxANJzMpr/FRNjszJPyRGfVR16AfIzdSkkoBuA88gjERJu
         FUcCyd7S7UcO9bVNSlhKLnbAdaF5er/MWJaZ4OUKh6Sw+ngKjlh3fNU4IYf5nIzFyYG7
         aIxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1744283080; x=1744887880;
        h=in-reply-to:references:subject:from:to:cc:message-id:date
         :content-transfer-encoding:mime-version:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=FwTqTcXuZVwmB1gK8gAQzMNft2dcqvTwt7yn+4sQNuo=;
        b=VGdLvjgb1AquIPTXfmZl2XgTImgryZW8mC38NEVwQ31zMCV6ICOyhJ0TV81AQIOKkd
         dUvxvUcz7aS6CzP71JLEiG9Ztpqdug9LnTzpHMuP+UVjOpzr0mPh5bLWMLlEPO3d6tGE
         FIVeAdw6NZfopSXWCHk/pJPAdgzgNSyzu4VUCh8fzr0xps7lRlAV27o19ytLUgGDVGv1
         2clw8W2KCJd0bunaQM5yFy+2GvAJgKnJCEi42KAwkJszrm7z13TgDpX/WGUnXPrEGsXu
         i1pIv1KPKaAcbLzm0wY3HlynurDMUKRZ0Pni9BfqgfydZHPiwJJc363vIVEv90PjSxT7
         Y9vA==
X-Forwarded-Encrypted: i=1; AJvYcCWIUXKVli2tWZpodcT1SOi1XSnwI+LK0Q629+PWJPwoXOEiArN+3ZIPF4kAHx1KLOF5B/fKPQDdHA==@kvack.org
X-Gm-Message-State: AOJu0YxgPwqzwAlEcj6hIXhC6FXWBplfJMBX4EEEPdveHHsQvcY4So+s
	IjWaT9TVCmHdOThjljEFOsjTA8yA6NgZFA5ZW8P10cjC+thNU0Bumb16tIr1XgY=
X-Gm-Gg: ASbGncugrjr3talyxQfclL7/xAE1EtVg5TUbR+PqYDmPXQUCNi7RX3A2LDqaWABpLUw
	ysojxTwdEenGNxv2lTKOXzfEC1XOlVbFxYZuvFrKNozFNkzxbaGkcLld7/DDk/DCuWd+nCwuVgu
	+PoAPWI7c5gR5jUOrVeSa3jN5KLTjkAn64q5jD9bvWFS1kuT2DyAfOgyiFigldybpyCdAc+q1qY
	ZzmS5LnqIUJq5n//c08NLULWq7vRWK2ouguemOArzAaApf5KN577dCKX2LvbVDkedLaumGPMGbE
	h3nRSSMEg5lbX0DxaqG649+p9aCgs5YOO1i7B14trtSW4/As
X-Google-Smtp-Source: AGHT+IFTHVjvMm7SI9zG+YTo6xP+VuwjrIfNbL14H9cY5sGUQSewGH6hwjaZZsvjM4ZfhfO2SM4RNA==
X-Received: by 2002:a05:6000:18ac:b0:39c:13fa:3e0 with SMTP id ffacd0b85a97d-39d87adcd02mr1983393f8f.9.1744283080239;
        Thu, 10 Apr 2025 04:04:40 -0700 (PDT)
Received: from localhost ([2a02:8308:a00c:e200:7d22:13bb:e539:15ee])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-39d89361186sm4476526f8f.14.2025.04.10.04.04.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 10 Apr 2025 04:04:39 -0700 (PDT)
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Thu, 10 Apr 2025 13:04:39 +0200
Message-Id: <D92WQWAUQYY4.2ED8JAFBDHGRN@ventanamicro.com>
Cc: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
 <linux-mm@kvack.org>, <linux-riscv@lists.infradead.org>,
 <devicetree@vger.kernel.org>, <linux-arch@vger.kernel.org>,
 <linux-doc@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
 <alistair.francis@wdc.com>, <richard.henderson@linaro.org>,
 <jim.shu@sifive.com>, <andybnac@gmail.com>, <kito.cheng@sifive.com>,
 <charlie@rivosinc.com>, <atishp@rivosinc.com>, <evan@rivosinc.com>,
 <cleger@rivosinc.com>, <alexghiti@rivosinc.com>, <samitolvanen@google.com>,
 <broonie@kernel.org>, <rick.p.edgecombe@intel.com>, "Zong Li"
 <zong.li@sifive.com>, "linux-riscv"
 <linux-riscv-bounces@lists.infradead.org>
To: "Deepak Gupta" <debug@rivosinc.com>, "Thomas Gleixner"
 <tglx@linutronix.de>, "Ingo Molnar" <mingo@redhat.com>, "Borislav Petkov"
 <bp@alien8.de>, "Dave Hansen" <dave.hansen@linux.intel.com>,
 <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, "Andrew Morton"
 <akpm@linux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@oracle.com>,
 "Vlastimil Babka" <vbabka@suse.cz>, "Lorenzo Stoakes"
 <lorenzo.stoakes@oracle.com>, "Paul Walmsley" <paul.walmsley@sifive.com>,
 "Palmer Dabbelt" <palmer@dabbelt.com>, "Albert Ou" <aou@eecs.berkeley.edu>,
 "Conor Dooley" <conor@kernel.org>, "Rob Herring" <robh@kernel.org>,
 "Krzysztof Kozlowski" <krzk+dt@kernel.org>, "Arnd Bergmann"
 <arnd@arndb.de>, "Christian Brauner" <brauner@kernel.org>, "Peter Zijlstra"
 <peterz@infradead.org>, "Oleg Nesterov" <oleg@redhat.com>, "Eric Biederman"
 <ebiederm@xmission.com>, "Kees Cook" <kees@kernel.org>, "Jonathan Corbet"
 <corbet@lwn.net>, "Shuah Khan" <shuah@kernel.org>, "Jann Horn"
 <jannh@google.com>, "Conor Dooley" <conor+dt@kernel.org>
From: =?utf-8?q?Radim_Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@ventanamicro.com>
Subject: Re: [PATCH v12 05/28] riscv: usercfi state for task and
 save/restore of CSR_SSP on trap entry/exit
References: <20250314-v5_user_cfi_series-v12-0-e51202b53138@rivosinc.com>
 <20250314-v5_user_cfi_series-v12-5-e51202b53138@rivosinc.com>
In-Reply-To: <20250314-v5_user_cfi_series-v12-5-e51202b53138@rivosinc.com>
X-Stat-Signature: eu3m4q7meno48wqp9y3b7w6mh6gstj7j
X-Rspam-User: 
X-Rspamd-Queue-Id: 1920F180019
X-Rspamd-Server: rspam08
X-HE-Tag: 1744283081-273457
X-HE-Meta: U2FsdGVkX1+1audfiGgGw3w49hA0cZHEvv3Grq/B8LbacCzOPPkwVser6opUrCl/wslloQaC3XXIZN0aoaIOyy48lt6AVLQCu37GXuodJjWLNyKmLlg/SORZyvisp0up+/M4SALH6LvVfA1vsPPxsOb/HulXriJEIUfL77GM1P4YpxBEgKLDwlAkp7LOVWdEtojWN1MlQcH236l1i/Tb4Z3yKQyC6qb86RDazBlbcLaSKhapVLx6A7iwgQIjntZbCdk8CO/+SvPZ3qItiwVzp6EARYAYgSy9pWyYPon815wa9+dr1N1cBb0RVmVToJoPis9svL2mt0JIYrGpwrzyvXDT6vB4Sj2AJFqrdgZzFUvMs7ibVxtq4kwo/fWdfdMNSdZxHhzKTjJWAvCixmKf6hqz6AFn+RoFiOZg6H8CbmFSHtUHQ7SJyDE9UADYYjSpOUG0Q44Lx2tpZlfooqvVNYZZgF7941FWPdCEEp6ORaxLxoo/DhDbe/YHp4dmEdtTeE9RdyI/1+3c3VBlCbeENKogzoeqgS0A8Z7UXS3VvRtu1dJAxjuPCa3QiJ06VphHfmU3QB7wqtxQ0V0e41BZcMkzURT0mItd9E9/qKeveQc8Dr8va/2wtqTdC223vPs5S7QjBVxWtGqwjgxlHtJAv1Kw2KNyaVd8R+Wcjwu9l3qMPbNv/13vPDVCiuKqI3cmqm1WVhfOtP/uRwdxQNPITQbXmpaCNuuxz4GekoAhzxImXZBXZAZtB+C735nhb8Y8YN95Hlrvr/AhhXTsVucXMU9THLn7c+mRNNWOwEf/kXPihGaRLG+oZtQc8hVCVOaQ4qGHfrLRosa07eemapgA9H8PPQW3bRU0nXHulcB15H1TszuAviJJnqYDpcW/Cj7WMXN63nwNO0OmXoofRvXJIBa6FL2PCoeX8GS7JSmeVTqwNftQJwszMkL2jqSqMLuz8KaA3HAwKStmvz80VGm
 f7REaHjW
 tlT3lorePbOdjwenTMw1h8vw8nVjp9H3IkjpqTIs7MZbXAeQmHn9qA5y4bmHteZbX0B27l9/BRfFJf+CAwfKhTLIWrAd1Q0+FhDkN0krxRNr/t3PDxSRA3vl5x4sQ/KZUCzkrX4fTjqJlIM8+qo18Rp8BTUatv4qxtr3oaYyE+XHlkNh4FqccWsjwpkR/WgVRQTKu0d8rFlkJGpcj0Nvm3wRRHH+fc8P7XmmfS37fySdGd5aIRYgLuy6+8brSjmsNPtSLn5/xzSpUJBqDeCtoo+l5Nt25VUknc0ZTZ49T3Suk3p6ozzezzLlo0BQ0hfUEtZvp1WLvA/L7pQSln5FvhIsMYMIPAfYw0wVXXhiAP8D7d+ag6gy54CzxhKdOZ+85WmyfRfqmp3fqHjeAweqO4KWsXswAaQhnSEoPypag9IGUv6ZQO9KTvszVRCkm6C8BXy3pBMQY03VtZFmYaJAHj7agafyv60N/T6yt8QGPLblNpKY+QS8zj0SVHy8EsV7SUoGG123KbfvGnBBrA58eFgUTAVRICRFGeOmyE1bIxKXXkTc8+USBduCYo9fIbwj+MEhm+mnMiYqvdqr/c+2J3iq0tQE0a+2r8NOpn0Us3ZtqSL77hmE4mkFY7wdRBOJgJ0qjmVSL+9W9NcOgiFOk61Z5wg8i9B49Eyt/0Z0aa82944QphahfEnF+K2ZzAkVSwmF0fiD9873UrGQ=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

2025-03-14T14:39:24-07:00, Deepak Gupta <debug@rivosinc.com>:
> diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/as=
m/thread_info.h
> @@ -62,6 +62,9 @@ struct thread_info {
>  	long			user_sp;	/* User stack pointer */
>  	int			cpu;
>  	unsigned long		syscall_work;	/* SYSCALL_WORK_ flags */
> +#ifdef CONFIG_RISCV_USER_CFI
> +	struct cfi_status	user_cfi_state;
> +#endif

I don't think it makes sense to put all the data in thread_info.
kernel_ssp and user_ssp is more than enough and the rest can comfortably
live elsewhere in task_struct.

thread_info is supposed to be as small as possible -- just spanning
multiple cache-lines could be noticeable.

> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> @@ -147,6 +147,20 @@ SYM_CODE_START(handle_exception)
> =20
>  	REG_L s0, TASK_TI_USER_SP(tp)
>  	csrrc s1, CSR_STATUS, t0
> +	/*
> +	 * If previous mode was U, capture shadow stack pointer and save it awa=
y
> +	 * Zero CSR_SSP at the same time for sanitization.
> +	 */
> +	ALTERNATIVE("nop; nop; nop; nop",
> +				__stringify(			\
> +				andi s2, s1, SR_SPP;	\
> +				bnez s2, skip_ssp_save;	\
> +				csrrw s2, CSR_SSP, x0;	\
> +				REG_S s2, TASK_TI_USER_SSP(tp); \
> +				skip_ssp_save:),
> +				0,
> +				RISCV_ISA_EXT_ZICFISS,
> +				CONFIG_RISCV_USER_CFI)

(I'd prefer this closer to the user_sp and kernel_sp swap, it's breaking
 the flow here.  We also already know if we've returned from userspace
 or not even without SR_SPP, but reusing the information might tangle
 the logic.)

>  	csrr s2, CSR_EPC
>  	csrr s3, CSR_TVAL
>  	csrr s4, CSR_CAUSE
> @@ -236,6 +250,18 @@ SYM_CODE_START_NOALIGN(ret_from_exception)
>  	csrw CSR_SCRATCH, tp
> +
> +	/*
> +	 * Going back to U mode, restore shadow stack pointer
> +	 */

Are we?  I think we can be just as well returning back to kernel-space.
Similar to how we can enter the exception handler from kernel-space.

> +	ALTERNATIVE("nop; nop",
> +				__stringify(					\
> +				REG_L s3, TASK_TI_USER_SSP(tp); \
> +				csrw CSR_SSP, s3),
> +				0,
> +				RISCV_ISA_EXT_ZICFISS,
> +				CONFIG_RISCV_USER_CFI)
> +

Thanks.