| Message ID | 20250310-v5_user_cfi_series-v11-21-86b36cbfb910@rivosinc.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id 3BAC7C282DE
for <linux-mm@archiver.kernel.org>; Mon, 10 Mar 2025 14:53:41 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id EE26928001C; Mon, 10 Mar 2025 10:53:26 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
id E6D1C280017; Mon, 10 Mar 2025 10:53:26 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id C4BF828001C; Mon, 10 Mar 2025 10:53:26 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com
[216.40.44.16])
by kanga.kvack.org (Postfix) with ESMTP id A4360280017
for <linux-mm@kvack.org>; Mon, 10 Mar 2025 10:53:26 -0400 (EDT)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay01.hostedemail.com (Postfix) with ESMTP id 2900D1CAD7A
for <linux-mm@kvack.org>; Mon, 10 Mar 2025 14:53:27 +0000 (UTC)
X-FDA: 83205934854.01.8E388B7
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
[209.85.214.169])
by imf03.hostedemail.com (Postfix) with ESMTP id 2E6E220003
for <linux-mm@kvack.org>; Mon, 10 Mar 2025 14:53:24 +0000 (UTC)
Authentication-Results: imf03.hostedemail.com;
dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
header.b=wJlXdIOO;
dmarc=none;
spf=pass (imf03.hostedemail.com: domain of debug@rivosinc.com designates
209.85.214.169 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741618405; a=rsa-sha256;
cv=none;
b=ohkvERM3TNjBd7ThAY6bLjq2b+jqqyB1EDg7Rx8FxgA9FdzvUYKMK1oc3VtY6bLRXr/WFS
1BZap0eo9k3FO0JTjoWJt1fbWEokDVplOtuU8lzeEciCMZEqezu+xdh6/4FZNTXFl9bM1J
kx7zJ19eBP1RE+a+MAWpygN+aTQb/BE=
ARC-Authentication-Results: i=1;
imf03.hostedemail.com;
dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
header.b=wJlXdIOO;
dmarc=none;
spf=pass (imf03.hostedemail.com: domain of debug@rivosinc.com designates
209.85.214.169 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1741618405;
h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:dkim-signature;
bh=YHkNmM6XuphgUqeYDdwRc1f9MaOV9mSfy6OUDBv2dEo=;
b=jtC7JO/ADsnyudYrAuvL3HPxG1nJ/b588SEr7bRJZTPR1DXrJBqtWct/OOA3X6FNmlhTOS
6mVbNiccRS1EReBhmNcBHBjUDY4vqq1mVB+tD7hiC253EoSg+6gxwftLrBZuiA/EcisnMu
CRPQZDR73bAcykV3Fjl1/XTELQ83A6I=
Received: by mail-pl1-f169.google.com with SMTP id
d9443c01a7336-2241053582dso69053965ad.1
for <linux-mm@kvack.org>; Mon, 10 Mar 2025 07:53:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1741618404;
x=1742223204; darn=kvack.org;
h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
:mime-version:subject:date:from:from:to:cc:subject:date:message-id
:reply-to;
bh=YHkNmM6XuphgUqeYDdwRc1f9MaOV9mSfy6OUDBv2dEo=;
b=wJlXdIOOP3NMu92h+Uo59WXG1Yo1Bc75I2yrhPvTZuz7aCADKX+FKA5jyYL66b86yk
3497id5zAo0q16onhKxm9aFObXC/QMw6ABdWE37+IwXu7XnzTvkRKtzDHRL8CVW/u34Q
3GBeGsE8ZwFkRI2sr284oTT91VuMJhDp7IjilhqwpH5KJKYPAC2O6PJY2c5ZiOUeFu04
rhqo868Z0brdzFOuVqM2eOTubWsjJ8ZhpfSrtuLWSAovSIut6FKOhOmADXrnIGiPu+m7
EYeZOhqqngknw5URSMVIBgCFmMjB8ZjAZn3JBg7riGZz7/wlInaZnhfSQA1X5uswwDuM
ncNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741618404; x=1742223204;
h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
:mime-version:subject:date:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=YHkNmM6XuphgUqeYDdwRc1f9MaOV9mSfy6OUDBv2dEo=;
b=HvqaTd+927xc19ycaoEU0skW05Dd7B5cO3k4EYj2hNkNAsJtV1irNeEz9q8o2P2HZd
xNZr2DNelXMMW7NHbIoDLUI6+iA2q7hda7dPfpGbXvVdIFTX68fHgtvy4vWJq2F9CUKh
c0/atPh/dWNzh/Wo3X0JkWnsk43hJtB3OSNPTgrWFDpltMwcEnTMVSBEgVxzAWLFPzqT
EkPF/krsyIIWlmYC0J5E3HM9f0Ih/BweiEAKT41vQawOkfxrNLLShIi1qJ7UnvRRxqSP
8cOmPw3it13ie78eJqJARjQeMu5YHAEKsTgJqSpou26NBRtnaLbopYLVV4Vr3Jj63cS5
Ykag==
X-Forwarded-Encrypted: i=1;
AJvYcCUxSD6XBv2l4N1U34+shRFdhvfenV/jt9DXzqC+Yk72x+va48EVX1kInY0O6/wKy2HBbHLeY2xq7g==@kvack.org
X-Gm-Message-State: AOJu0Yy2qDjvvHDaPMY7n4WqI2PebhguADjSxdsvkIB5tsyIvscuH2UW
OVH5BBdOcbZhnzp3NMKMmJVieGsP3MFD+lgNflVw6ukyQAUktkh4ud/1gE9Jo/XMmFLslZOUKXO
7
X-Gm-Gg: ASbGncsBJRLk+zphpzP9mCpCfGzjJZBgRdDGxJSxWj2EYJ1SW/vj2TBRUjbz9yg+xOl
O0+/UaqRrNj4IOwg0AD9OPjvMk3ueRFbgRd/LQx0IUfvbbswqW4ASCJhP0EMTTztgDwnnP2lV+L
2Vdel6WgN54JnbStHkER2KS0Dhdz5GFfbP7ZrY+5N8m/EhEXQZ3MevSMx23YgZk7NfBtHTU7M0w
c7gsdvE8mb3uw1/mKOBL8j+ekYERXa6Emac9PZ0IkIu/Uf8sHxAQc+WpI0hQbXTvEnAE/IGyYBy
GG/tUfxjfljfv56Qs84d9BcErohkxLhBJ1fFTG+rfSGWrTzLYWdHYI4=
X-Google-Smtp-Source:
AGHT+IEufhMFpKiNcPYaN1q7fnoyb0yGUoGedR4PcX/LQ5rFfhM8NE7LJbQGAfjZIn8NhFa9HTR7qA==
X-Received: by 2002:a05:6a21:b92:b0:1f3:3f0b:8abe with SMTP id
adf61e73a8af0-1f544acd261mr21823779637.9.1741618404090;
Mon, 10 Mar 2025 07:53:24 -0700 (PDT)
Received: from debug.ba.rivosinc.com ([64.71.180.162])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-736d11d4600sm2890275b3a.116.2025.03.10.07.53.21
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 10 Mar 2025 07:53:23 -0700 (PDT)
From: Deepak Gupta <debug@rivosinc.com>
Date: Mon, 10 Mar 2025 07:52:43 -0700
Subject: [PATCH v11 21/27] riscv: enable kernel access to shadow stack
memory via FWFT sbi call
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20250310-v5_user_cfi_series-v11-21-86b36cbfb910@rivosinc.com>
References: <20250310-v5_user_cfi_series-v11-0-86b36cbfb910@rivosinc.com>
In-Reply-To: <20250310-v5_user_cfi_series-v11-0-86b36cbfb910@rivosinc.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Christian Brauner <brauner@kernel.org>,
Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>,
Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>,
Jann Horn <jannh@google.com>, Conor Dooley <conor+dt@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-riscv@lists.infradead.org,
devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com,
andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com,
atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com,
alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org,
rick.p.edgecombe@intel.com, Deepak Gupta <debug@rivosinc.com>
X-Mailer: b4 0.14.0
X-Rspamd-Queue-Id: 2E6E220003
X-Stat-Signature: tzquxnrbcr5ryj7e8eamg8oo54jeqh5p
X-Rspamd-Server: rspam02
X-Rspam-User:
X-HE-Tag: 1741618404-247033
X-HE-Meta:
U2FsdGVkX19zxFqjqnANKHTSnMlOITzv1/g5Q/wv7yNm5RRakxJuaN8O2vM5qmPdBCy6qwHmshyWJg66RKuT2KOwLMgA88cGW8mwbErBUwHcHjZXN4FaVDBZyZzKlsPw5drxCNN0g5sUNp000gmq6xCsnSxNp1CNYwGcNJbJlN0NNMK4l3VtKiRpKME22UYlv2RBb+MD77thkNbZ8S3boX7PhdID4og9CVlWt8hJ4+naLnmHXw8j0SGSn7prmkKwH2i2yZNbYqEAaVHtRTshpov9b3jmmSf944gb61vXnaY3ong4K2e/Pi+Ra5Zf+R1RthzofhaimE+aC9tt7D6PzSd/gGrxVLWCL3X8R/zNbLBXHJx5KFK/4eUnvBwZQp6jEXc8GgqtKJThhkAy1lvtnOB7E6EPyp/dtBf2Ww1C1ncXj6NzgRoMY5buQCx0sZB1OoU//6TA80cN4pcPknjrKbszwE7Bknrbt6i/mhwUmSgcu/+EeZ/IJuOtpvgJ9H7yVh/pUYY/VRBu+uwjQ6P24gB2JIhSF/ZZnlR/1f9zgJeK680LdYR/KWMvis+JnbwKT1m0tNnrOgnIfMm0MHgkbAJX9RnwRrkwmYYHG/G4z5OzXfIRLr56vAshtKZKYJv1gcJIQrTF+P9lxKnue54vsShsT2nlftxnAcHE7eAFIFmcN1fXfPO9kW7ZSb8Z/NqryKpoCNe0E/fx2BINRTBdZETxRtDi9cmlOlQikM7C6fHOQ46CpXuS6o8jwJio3tSuO4h2BygsbaRLnhPM7D8x8YUsTeuufTWdVAt6cfHVLsgBDibHj9iEG037SqHnXv+Z4hSqYmsgmTtVmfa4sgVqmpEgSsJEHHgdLp/KPM6zCislpWN8V2Uix9p8HXuOtXpeoGBTdX7TthSz7/wRJaGVr0YsTAE1poZRS0kUN/Cr6RxUsQX2NOKrXVU0A+0hme2TLo8QNrqKcT9AJfoiYyw
IIFcqaJY
uXO99y+PtvNCmut7DEpKmGNpy4m2Z6T4e6ah3LXggRr8zYOPS9qhh1zwTf6k+stHl803KbrWoVmeOKZ1j+L9IWgI89jL8TP2OrbPJ/PPDZqI64cYq0SqK/TGzh22/LZFHkHraG38vh7daSY8kEnVnlebje1oxElkvjQFXf2n6x4CLcDaDZQMWWe38Lld7RrsinnUP92x9py8JeHgo6iZD1d6aQ1Imxr+Kd3H3BbX58r4oq+63LhVX47FcXQAn7Dg32rPkxSt7XoT0HlmAAKeG9R7dAPc5Zz6nBo51E8LBsd3W2iQn8rM3uoyswiZemMKxf53IpT/eh2quxpcdGDaSo0Wm4l5pXiM0Ux7PpTL+5Pw8h8bM5sjrXqh8lGXoPRvPO5ErZ/VRbVhnQZOT23+2LFE7hBl8yVj/exSmyoolsPZH9lswEmKwOVBBqb6n6WUvToRwyBYUvlIPAvM=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>
|
| Series |
riscv control-flow integrity for usermode
|
expand
|
diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index 0c188aaf3925..21f99d5757b6 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -515,4 +515,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..6244408ca917 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -164,6 +164,12 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall scs_load_current #ifdef CONFIG_KASAN
Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Signed-off-by: Deepak Gupta <debug@rivosinc.com> --- arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 12 ++++++++++++ 2 files changed, 16 insertions(+)