From patchwork Mon Nov 11 20:54:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13871394 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 69477D3ABF4 for ; Mon, 11 Nov 2024 21:07:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References:Message-Id :MIME-Version:Subject:Date:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=r1a5CSkpq+jG4lqhhwj+9tGSoJ5yNOPjymSzqPGEchA=; b=PDt9lIQpMA8DAK s8XiYLtNfy+Y19jDeEqovNrDI7j27FswQRT10P1nX6Jy4uVv7fsIHvmpBK0wPvhszDnAR3DuG0e5p EG0adVn0ex+iNBE7sObRffbmUfz5W+HUfUWh+6oD0mlTF+cpqVoRQphNnq2XuPRmJ3AteVDRX0StT 1YXME7PBQBsQ1DZXCf4dyhsz/YeaZ5ntFol6n1WdDBG028zzfKveZNsXcHA6DRCyZUHpnt363wMfH AP0dUkFA8LFMScZQcRRbbeDKfb370fyaS/WmhAd5SXTTfQc4JjIUOSjnton7jy94DHgXEYAUcTk1L jKaWSX0zm7BBKyotuSSg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1tAbd2-00000001JsP-3YLN; Mon, 11 Nov 2024 21:07:20 +0000 Received: from mail-pj1-x1034.google.com ([2607:f8b0:4864:20::1034]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1tAbR7-00000001GKT-19rN for linux-riscv@lists.infradead.org; Mon, 11 Nov 2024 20:55:03 +0000 Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-2e2eba31d3aso3709162a91.2 for ; Mon, 11 Nov 2024 12:55:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1731358500; x=1731963300; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=; b=uoRVL2pLG4tEzh0A1MzM8iOhQf9wOJC3atTKpslTkABhyYMVNRDDjSI01nZsdJcQC5 1twwEXdPMuYw+ABtE86MfvdQpNUsaZKU4PTDJB6aIWIvRSnJNtMNlFWsBhS4yXDEu8hL 4hBg1hxFgwPH4qwCiGrK/Mgx3iMcgsFOtT406G68xPnaOpUZMMGZjIFdwypByTWB+ebO VdtlqPiF7QRnKZ8sBiEJHeKk1WpO8EyS6Muex/ZGA4bnMXG2kt9XySBv8fGZd7fr90VN 7DCzgObK/tgPx9ezonddBwwZ9rHiud4BaVGjDrMEPml8hAgbDu5W7nrZd5Dv8OU3cXRE AicQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731358500; x=1731963300; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=; b=LiT7JOpk2Hq1VF7MnIg+Zj5PfzXZAs5Vwgq9aveDAYWZbITuu7/50jzuzk0SjhlRpE tTp9Qk7Vbhq7DL9Kv5qP9J8mww2LyeWza90KeXU/vJF7x/cVhBmbGGkbZemnm1m5/e+f /wYVpBJwcWrL0Ej8tEeWz5kZnUF/gZw8jyrdoRrLTRGxRlPCj/f2k/0QDIaqw6YTC26d 8hfsCnHeAQ37nuAeFVY52GiJjGJr1wYCOxSgt8q/RC9HCp1QIDdRT3/oz/xFhTVl7vuq TeypiNEGQ/NF638Rhzn4+KkuvztoY+9FjvlH/5PZJrXlqQzpQFgwDQsXAQU+xG7sedU8 xJHQ== X-Forwarded-Encrypted: i=1; AJvYcCUXDL7+rgULPU4ki/hNnDSq28dpDZKQ9hA3nTN/bDHcavhBrFGWMhuuqXhZNX+c/nW/sVybTCbvyOi+xA==@lists.infradead.org X-Gm-Message-State: AOJu0Yzzruh7QGpvoUKqskvfhQ2lMzuRztSfGaFTpLRp5dIeeAJVG1yH sHh7LNN0OjD+Ilfsk1M3SJ4DxHxofY2GGbnrAemVS8v7V6ppd9VqjdcVtus3DXo= X-Google-Smtp-Source: AGHT+IFvSKyWTz2kcUW7fEzv9S54SRzP8RrRWSKRH6ajavmfQ0Uq0te3J0ha2EpgH4EyhyNJMDyysA== X-Received: by 2002:a17:90b:2dcc:b0:2e9:2bef:6552 with SMTP id 98e67ed59e1d1-2e9b1793d60mr18560030a91.32.1731358500420; Mon, 11 Nov 2024 12:55:00 -0800 (PST) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e9a5fd1534sm9059974a91.42.2024.11.11.12.54.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Nov 2024 12:54:59 -0800 (PST) From: Deepak Gupta Date: Mon, 11 Nov 2024 12:54:09 -0800 Subject: [PATCH v8 24/29] riscv: enable kernel access to shadow stack memory via FWFT sbi call MIME-Version: 1.0 Message-Id: <20241111-v5_user_cfi_series-v8-24-dce14aa30207@rivosinc.com> References: <20241111-v5_user_cfi_series-v8-0-dce14aa30207@rivosinc.com> In-Reply-To: <20241111-v5_user_cfi_series-v8-0-dce14aa30207@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, Deepak Gupta X-Mailer: b4 0.14.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241111_125501_347136_75D07E7E X-CRM114-Status: GOOD ( 10.51 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled. In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled. Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index 766bd33f10cb..a22ab8a41672 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -517,4 +517,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct ftrace_regs, a7)); #endif + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..6244408ca917 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -164,6 +164,12 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall scs_load_current call smp_callin #endif /* CONFIG_SMP */ @@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_SHADOW_STACK + li a1, 1 /* enable supervisor to access shadow stack access */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall scs_load_current #ifdef CONFIG_KASAN