From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B5F6D637D5 for ; Thu, 14 Nov 2024 01:06:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AAC5A6B009B; Wed, 13 Nov 2024 20:06:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A35026B009C; Wed, 13 Nov 2024 20:06:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AE5E6B009D; Wed, 13 Nov 2024 20:06:58 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6A8766B009B for ; Wed, 13 Nov 2024 20:06:58 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id E1165A057D for ; Thu, 14 Nov 2024 01:06:57 +0000 (UTC) X-FDA: 82782909048.07.B0BDE38 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by imf16.hostedemail.com (Postfix) with ESMTP id 8F8D3180025 for ; Thu, 14 Nov 2024 01:06:12 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=drX1EHF1; dmarc=none; spf=pass (imf16.hostedemail.com: domain of debug@rivosinc.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1731546238; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=V6zYfn0VZRfW6uGvMs5S79Lwbgkv1rCFmk8b72kjuag=; b=5aGQbYpuinoxIOyGaop5dmhHuDVTl2Y5UNo98mbeGP/qmEVrC1L/SNcqjDjoVZmx4SRkMt lrJ5vDuDgUN4PwR40uGnT7dWz8JGEBljclUsvStNEggbn+tB2A37RP6oG2IiRclpDsPk6f o2g0+ote/Fl1FBv9LMuEpWFAvDhD3iQ= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=drX1EHF1; dmarc=none; spf=pass (imf16.hostedemail.com: domain of debug@rivosinc.com designates 209.85.210.179 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1731546238; a=rsa-sha256; cv=none; b=oLSJwejlgq1U+l3BO9l/JFAY1lM7I+jpI9iOeux9I4KwADy2kZ61cMgMKYDPjQ8upRsWF2 VBaM2mFS2ZTshMrPUWM34yZBOhhPi2fp+V/sFInvBYgYf1kt6IxTZisYvt4zkyAYSJTxIW JZyxbx4lv/YnHJYTC+mK2oNK9IHKAA8= Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-720cb6ac25aso21982b3a.3 for ; Wed, 13 Nov 2024 17:06:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1731546414; x=1732151214; darn=kvack.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=V6zYfn0VZRfW6uGvMs5S79Lwbgkv1rCFmk8b72kjuag=; b=drX1EHF15bUqgj10Rwg6+9FBLEYMQFs7XVQIXLnvIWBHFGLbgAYECMJLMzwXvEFFyt Q09Q/GGk6X/+djchnInKkGPpSdPfcHA63XikcUAl0gXfsbuGmFIweIg/P89Ac5hkI2WW TBD1PRY3u26UdQB4yqtiT3X084WUwLkPreWzScYN6RoSNptMFoTCkJ+dcZTNZbox4voS /W+mPzGXQlQzDEXzaUeDJLWdTQuXVPYr5Urx/BV/GcUHeV8XJCFHRFvLV7mq28e3vpFI eNSez+nYF7/o5oQCvPoBiWJooqfZokurU4o005eyfUuYV64YsWDby7YtiSuJjm1T9oh9 98mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731546414; x=1732151214; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V6zYfn0VZRfW6uGvMs5S79Lwbgkv1rCFmk8b72kjuag=; b=CVI4vRfvELO11qShwiBmZRrTVZyaFqjtJ7+5HVAbnPvU3qIEi4IUdsAIdrKqqAGuwk 1hHIoI8XIvtl+2UwEzgKg1449moiTSAskf43QWmu6ek+brTWDMMTSjzzC25J+x0PCAGv pXk/TyiDTU7wADOl1WT4ZvwCNjeBMv5zMPFDtpmGVDIwWoGWGaOf7Nw0cHZHXFgl798q U/tcAdHCesCyfUPWWXAFBvnKNYlcX7uz2iciZsopITXAQoHfjpdhD6faN0F8ojatnx/m R0IJ7nMlhP319GW03czYHZsaFwH5pR/untYV0jQKqlX+TYfBtQLLLDw+Vu8SIUNE8xyf V0fg== X-Forwarded-Encrypted: i=1; AJvYcCUYEKXMC0e1Agu7BT0eM6wMNqvcA/jkZ4M/peP8A/23hEYoWYL2Da5thiEOD3I2FfGkmG198nU7Bg==@kvack.org X-Gm-Message-State: AOJu0Yy2COUREnjvG0bqcpRu23DnbrZ45VUjCOH1eOv9tyoyijnYuynY lZt84hSvyehxSZeJcDvY8JwFkuV8eajHoNec6vzkLhKYZnsw82eXimVKakQNY4Q= X-Google-Smtp-Source: AGHT+IHKuTOxiGEAgkHaDhIBBJNYiWEQLb5FEseKdlvV0/9ks9/baTVKfCi8JKR7Lgz6EKvk8XnoGA== X-Received: by 2002:a05:6a00:23c4:b0:724:603f:1f9c with SMTP id d2e1a72fcca58-724603f20abmr3387327b3a.16.1731546414360; Wed, 13 Nov 2024 17:06:54 -0800 (PST) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7246a6e9cddsm58312b3a.74.2024.11.13.17.06.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Nov 2024 17:06:53 -0800 (PST) Date: Wed, 13 Nov 2024 17:06:50 -0800 From: Deepak Gupta To: Nick Hu Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com Subject: Re: [PATCH v8 24/29] riscv: enable kernel access to shadow stack memory via FWFT sbi call Message-ID: References: <20241111-v5_user_cfi_series-v8-0-dce14aa30207@rivosinc.com> <20241111-v5_user_cfi_series-v8-24-dce14aa30207@rivosinc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 8F8D3180025 X-Stat-Signature: q9p4pqi3rnac6ftnqmzq85ff1mq1pzzx X-Rspam-User: X-HE-Tag: 1731546372-624061 X-HE-Meta: U2FsdGVkX1/PDVC3l6rKKWHe6zYpczauYPtumHn+yfxuJln7W4t520xgjw1t1U3EnYsTLcavRVyRv3mQvacx1ECnzzwMNz/I382Gv3DONCXlTvF4vWcyQW3i1ygVTZKcG2os5kyTVnSOgT0a0y+uEkXcKl/zmoGyFZbkcTmbyVNev/Mg/X5CS6KUBzJSQM/hKQT4TxPKvogOdEuIBP+53BYmfv9fo/h5bQkiabmU91zEdeuBIuGvDrYZMnaMdLakjn1Glx8YH0ng3p02OAJTQ/VbD6Xn07WnIjWazP55I44Ro0P20XePp10jEYz47RtStCCRR8ksbngl7AqTxMlECXsOzBH+7Jz6ncsRkR2oOc7/3dkfzrcXRC3AZwwsQsacxS0FS4DWSm1Mivn/yxbaLzKByopLcR0G/7VLDuHuAzrSKTCsswqKLIydp/qH9UFdmJx5mCGyVUKnY3ACJ+8/h0bVZ9rtGBKGxvbdUnhKf1zuO6Xo0SnDvMqwYgNwLn9WGUM+C5C70CDAQgdvCOJ5NchDsdPuBrhsN/fF9CpOSg4QATFBBRkEDMWRO2rySHuseXmLI7RFWEO7fP3B9LMmORPY6gjWGjNYk0HrIwIcPoGu7GRjq+pqFVyUGIZy6D5QVgl9+CoQ8QVf0XQEHcbV9E1xhWjxTFst/J6gNtYbFIJGMeSJ53nB/DxNBU+SIUuJH0GKd9fIZ34nNyPYe1jDs/kyYUp3rt6yfAjOHOOxIfd9xA5jRJRzD2UN0X+jRRvLwnECyibsJpY7BecWeR+Ncuamci/TFRFsk8p/ge3+XPgcCsgFK5zOhk+Vly10fQ3F2ftEovE4LBWcmzeaRFU8mYFZ9Zn9lYG8GQtU2qnFM/1yA+2TE6mPh+7P1OeD6SBRX5i1bOhCCo/yGo1p0LaTd1tUdpTg+XxiuRLFQJ7hSYqezrXYuBVOsCllnxd2BVGYZ1japdL3GEWK3YZMyz3 T1GxIUgw rGh+DDCT1qmhl/fGEUFWu09IBscUcJj6k9yDA93Wapt+OYf54yFnhJHAsmHcI6V41uF7yv7ZgtfDzJgjpXPLwEWxckgUH1lXH4MgYrquOpul70tdNsWvhH4HDCLiqSvgOv7Akkz/tQ3g/W+DVGRnzUl0ZFCE0tij7YsnOxzB1/nI3+S1wRw19yq4p0S62cWM445Pbjh7o8HbqLB5/hdTeRTsO1jEsYYuu8zvItGRAMwaX6kxuSi+jCtyNtk+Y9slCrTfyC2x2Ops8JJ84IhWRqmbrJzG7Te/KMvbTXx3O6m8595yeyEbHfa49RNPArjw5Nx0/ORxyGK+irMWrytiDLY+OVMgvnKS7cses5e7z+dKR0v1VWTdoOUbB2OeOTrnT0j3WkgDvaE64GR1pJiOz709VHT4Dc3JIIWVlQLx42SIYkPkCpguGDk+RFA/LhHSHAyJU0Qfc10uuqzZiVHNs6SpZe87zUqK+kr9hi/m5GiLLOSS448zSOerJN0pu/iXUGsrgfEII1u+VuqzR7ycdAMsZPpxm55H27jIbrB8lSxQilVaXQVblQFgHjIuZ0sWNSYloSTJ4Jd4uvWA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Nov 14, 2024 at 12:13:38AM +0800, Nick Hu wrote: >Hi Deepak > >On Tue, Nov 12, 2024 at 5:08 AM Deepak Gupta wrote: >> >> Kernel will have to perform shadow stack operations on user shadow stack. >> Like during signal delivery and sigreturn, shadow stack token must be >> created and validated respectively. Thus shadow stack access for kernel >> must be enabled. >> >> In future when kernel shadow stacks are enabled for linux kernel, it must >> be enabled as early as possible for better coverage and prevent imbalance >> between regular stack and shadow stack. After `relocate_enable_mmu` has >> been done, this is as early as possible it can enabled. >> >> Signed-off-by: Deepak Gupta >> --- >> arch/riscv/kernel/asm-offsets.c | 4 ++++ >> arch/riscv/kernel/head.S | 12 ++++++++++++ >> 2 files changed, 16 insertions(+) >> >> diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c >> index 766bd33f10cb..a22ab8a41672 100644 >> --- a/arch/riscv/kernel/asm-offsets.c >> +++ b/arch/riscv/kernel/asm-offsets.c >> @@ -517,4 +517,8 @@ void asm_offsets(void) >> DEFINE(FREGS_A6, offsetof(struct ftrace_regs, a6)); >> DEFINE(FREGS_A7, offsetof(struct ftrace_regs, a7)); >> #endif >> + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); >> + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); >> + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); >> + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); >> } >> diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S >> index 356d5397b2a2..6244408ca917 100644 >> --- a/arch/riscv/kernel/head.S >> +++ b/arch/riscv/kernel/head.S >> @@ -164,6 +164,12 @@ secondary_start_sbi: >> call relocate_enable_mmu >> #endif >> call .Lsetup_trap_vector >> + li a7, SBI_EXT_FWFT >> + li a6, SBI_EXT_FWFT_SET >> + li a0, SBI_FWFT_SHADOW_STACK >> + li a1, 1 /* enable supervisor to access shadow stack access */ >> + li a2, SBI_FWFT_SET_FLAG_LOCK >> + ecall >> scs_load_current >> call smp_callin >> #endif /* CONFIG_SMP */ >> @@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel) >> la tp, init_task >> la sp, init_thread_union + THREAD_SIZE >> addi sp, sp, -PT_SIZE_ON_STACK >> + li a7, SBI_EXT_FWFT >> + li a6, SBI_EXT_FWFT_SET >> + li a0, SBI_FWFT_SHADOW_STACK >> + li a1, 1 /* enable supervisor to access shadow stack access */ >> + li a2, SBI_FWFT_SET_FLAG_LOCK >> + ecall >> scs_load_current >> >> #ifdef CONFIG_KASAN >> >> -- >> 2.45.0 >> >Should we clear the SBI_FWFT_SET_FLAG_LOCK before the cpu hotplug >otherwise the menvcfg.sse won't be set by the fwft set sbi call when >the hotplug cpu back to kernel? Hmm... An incoming hotplug CPU has no features setup on it. I see that `sbi_cpu_start` will supply `secondary_start_sbi` as start up code for incoming CPU. `secondary_start_sbi` is in head.S which converges in `.Lsecondary_start_common`. And thus hotplugged CPU should be issuing shadow stack set FWFT sbi as well. Am I missing something ? > >Regards, >Nick >> >> _______________________________________________ >> linux-riscv mailing list >> linux-riscv@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-riscv