From patchwork Thu Jun 29 23:42:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297435 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D70B6EB64D9 for ; Thu, 29 Jun 2023 23:43:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=afKU1vcHqYsWMGS28L3ulW/XcW9GLLW6fTdKTje20rg=; b=TudtiGq/ijZeBMHtXaf5Mz/R31 RzLU3e+R8txYsC4thTdQ2QONyI4yTmvMtLmCLOMJ61IHwnoVRx63ZbkqrhCUY4EVlhgSDrw8IVW6r jvXq+3thjfCcS+3rT1yIBFC5FEcVes02l2UZoJbuwgLJNN3CSM4b3o9xmhPXdQkR967K05BRLalpJ j+fof8GIZTnw3oPfwqc+7jb2C3F3oxoiiP0FzUTqxTIESTWTfLYQSxqc7GgF7u8ZMGM9HARG39AKk 5Sh4gEgOmX7BqMAtPRRyYWq40TmhFd07FkBNx1MBu6sRHhSBKXZiTtHigRhkQrZeKhRoo3xKs8/0Z qMc01HeQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hy-002Txm-28; Thu, 29 Jun 2023 23:43:02 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Ht-002Tuw-28 for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:42:59 +0000 Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-c0f35579901so1007839276.0 for ; Thu, 29 Jun 2023 16:42:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082171; x=1690674171; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5MN5onT38odilPSNEoZC1Mi9+3N8xJapfm8z7ugW2tI=; b=LtG+9f8lNr90fFI+0QMhjtDA8ze7b45VrCWFW4nvV+BMtZh+noaxCy8vJqhikyQx2W /g5bMoJfwQyzCxXHsfZMaqFOno/7vLhcsmQM8RRs6J1k10YbHdloEaoKRzHArlWZh2oe EMyA7aTeM8Qnncho/1othEg+1iuSj4eImUZAkMny/ecWcCcMigVSPquriE64cQkal2eG uf3oGzOxkGj24hiTpbJ8BT1j+GuEQWHjRQBG0IeNpg4NIWh71wJXzpCx3MJERhXPF0O8 35xcQAIAoT+Jorw4NbajO9g3CTzd1Qb87rZJfOVpmSV4VGjdMs/S+9kpDeCP/EvvqXfw 8Q5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082171; x=1690674171; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5MN5onT38odilPSNEoZC1Mi9+3N8xJapfm8z7ugW2tI=; b=R8BXmSNzUIVhxsGy1gp1uLTaqW+tT/bagcUNF8W3U7jKgK6FhpA782nq/v5GX+RMDi YN6IB9y1L2VxJXutpu/igrLFIwHlT4+fsqqHES2Es7943ewpPHt2dTF/MqvZnhjbaIhi 9Ch09Uw+nlqn6MnmkuXqYY1rZCyvxk9RurPYT3uq8G7pZXpmebf5Crpm7jrpRePs09LK NPC/JCP44MOdh8DbbN/rRebOgjHSijiiXGP0O7LaVXL0QKtoYYCEyLl71Vl0CjD/rBro TuO2hD061tWKTyqPfxqoXJ61AGRd13LJpsKIAep6y80GRvdIfqCYOS/aOin+8tzsSjYU IOfA== X-Gm-Message-State: ABy/qLZ52mP1w3yuv24sA2nG+amNwVzAeb1Td5sRjGoVWK3nksLPJpFk ryby43OHMz4AmwyarYLc3LjC8DVnlVjGWwTIQsU= X-Google-Smtp-Source: APBJJlGHGbByNsgOY724SZV19hkyK0T75VDbu520ooERhQ+lRG6ucOFyPWjbmLH7w+DGNK30QWPPvcGekMSjSa/C5O8= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a25:f621:0:b0:bc7:f6af:8cff with SMTP id t33-20020a25f621000000b00bc7f6af8cffmr7508ybd.2.1688082171394; Thu, 29 Jun 2023 16:42:51 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:46 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8711; i=samitolvanen@google.com; h=from:subject; bh=cH71RIetyr2QuAmRr+J7d1k89bDxV7/5s6ugVqwLMbQ=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1QV8f/gaDfpgpTdMqS+FPj4u7EksN/UAMk HNeYAk6CA+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7jLMDACCmPDnsW10/UuozU16UpwfnLDHLqBpkQ1jdeCXRT12jmKHWETnIC4WJcHOdF18tQO1AGa v1aeMP0Rr/WdyMDCNLTCcAuSX/Fl7gBgh2YHcPC4+gVO1j93qIopMPNalvL9MXVOuFJ5pjGlm32 j1xUE4gXh7w1wSpt+mQ3u74NLOLxdsIf1z1u01ydePmTR7KT6j5XWXBK8DxfbLq+RR1GgL1Rc7H Xdwhy0oj4WHnHNXvxlM0ECKp9uOYSVGdODHaIc5iB+2jnDHEPG+8bs8VO/u4RcjVnwcmtZSKbH9 7n+4xxrmyXjQPpE8SoiWZv85EubD+UvngtjZD/Waf8RrD1oc36lhI6yRl46DBFETa6OaHVu5WJw EHDXKZ2yBHyztJ/bAo952jMSHqTycccYNtU3yqdW9H9hKhFQX6tVwzoOxr+36T9oXLaQh0CBvX4 T6o09yy2NGeWpjZgLuUeZAlHJJYCtMrHFHsZFa+egS2GWjvvrGDOeGjYWGmmKWhR4K45U= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-9-samitolvanen@google.com> Subject: [PATCH 1/6] riscv: Implement syscall wrappers From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164257_704097_CF20449F X-CRM114-Status: GOOD ( 17.87 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_sys_ takes a pt_regs pointer and extracts arguments from registers, __se_sys_ is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_sys_. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/syscall.h | 5 +- arch/riscv/include/asm/syscall_wrapper.h | 87 ++++++++++++++++++++++++ arch/riscv/kernel/compat_syscall_table.c | 8 ++- arch/riscv/kernel/sys_riscv.c | 6 ++ arch/riscv/kernel/syscall_table.c | 8 ++- 6 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 arch/riscv/include/asm/syscall_wrapper.h diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a08917f681af..b54a830eb5c6 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -33,6 +33,7 @@ config RISCV select ARCH_HAS_SET_MEMORY if MMU select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL + select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_VDSO_DATA diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h index 0148c6bd9675..121fff429dce 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -75,7 +75,7 @@ static inline int syscall_get_arch(struct task_struct *task) #endif } -typedef long (*syscall_t)(ulong, ulong, ulong, ulong, ulong, ulong, ulong); +typedef long (*syscall_t)(const struct pt_regs *); static inline void syscall_handler(struct pt_regs *regs, ulong syscall) { syscall_t fn; @@ -87,8 +87,7 @@ static inline void syscall_handler(struct pt_regs *regs, ulong syscall) #endif fn = sys_call_table[syscall]; - regs->a0 = fn(regs->orig_a0, regs->a1, regs->a2, - regs->a3, regs->a4, regs->a5, regs->a6); + regs->a0 = fn(regs); } static inline bool arch_syscall_is_vdso_sigreturn(struct pt_regs *regs) diff --git a/arch/riscv/include/asm/syscall_wrapper.h b/arch/riscv/include/asm/syscall_wrapper.h new file mode 100644 index 000000000000..1d7942c8a6cb --- /dev/null +++ b/arch/riscv/include/asm/syscall_wrapper.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * syscall_wrapper.h - riscv specific wrappers to syscall definitions + * + * Based on arch/arm64/include/syscall_wrapper.h + */ + +#ifndef __ASM_SYSCALL_WRAPPER_H +#define __ASM_SYSCALL_WRAPPER_H + +#include + +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *); + +#define SC_RISCV_REGS_TO_ARGS(x, ...) \ + __MAP(x,__SC_ARGS \ + ,,regs->orig_a0,,regs->a1,,regs->a2 \ + ,,regs->a3,,regs->a4,,regs->a5,,regs->a6) + +#ifdef CONFIG_COMPAT + +#define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys##name, ERRNO); \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs) \ + { \ + return __se_compat_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + return __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define COMPAT_SYSCALL_DEFINE0(sname) \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys_##sname, ERRNO); \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL_COMPAT(name) \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define COMPAT_SYS_NI(name) \ + SYSCALL_ALIAS(__riscv_compat_sys_##name, sys_ni_posix_timers); + +#endif /* CONFIG_COMPAT */ + +#define __SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_sys##name, ERRNO); \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs) \ + { \ + return __se_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + long ret = __do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__)); \ + __MAP(x,__SC_TEST,__VA_ARGS__); \ + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define SYSCALL_DEFINE0(sname) \ + SYSCALL_METADATA(_##sname, 0); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_sys_##sname, ERRNO); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL(name) \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define SYS_NI(name) SYSCALL_ALIAS(__riscv_sys_##name, sys_ni_posix_timers); + +#endif /* __ASM_SYSCALL_WRAPPER_H */ diff --git a/arch/riscv/kernel/compat_syscall_table.c b/arch/riscv/kernel/compat_syscall_table.c index 651f2b009c28..ad7f2d712f5f 100644 --- a/arch/riscv/kernel/compat_syscall_table.c +++ b/arch/riscv/kernel/compat_syscall_table.c @@ -9,11 +9,15 @@ #include #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] = (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt_regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] = __riscv_##call, asmlinkage long compat_sys_rt_sigreturn(void); void * const compat_sys_call_table[__NR_syscalls] = { - [0 ... __NR_syscalls - 1] = sys_ni_syscall, + [0 ... __NR_syscalls - 1] = __riscv_sys_ni_syscall, #include }; diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 5db29683ebee..5cc3b9457dfd 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -297,3 +297,9 @@ SYSCALL_DEFINE5(riscv_hwprobe, struct riscv_hwprobe __user *, pairs, return do_riscv_hwprobe(pairs, pair_count, cpu_count, cpus, flags); } + +/* Not defined using SYSCALL_DEFINE0 to avoid error injection */ +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *__unused) +{ + return -ENOSYS; +} diff --git a/arch/riscv/kernel/syscall_table.c b/arch/riscv/kernel/syscall_table.c index 44b1420a2270..dda913764903 100644 --- a/arch/riscv/kernel/syscall_table.c +++ b/arch/riscv/kernel/syscall_table.c @@ -10,9 +10,13 @@ #include #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] = (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt_regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] = __riscv_##call, void * const sys_call_table[__NR_syscalls] = { - [0 ... __NR_syscalls - 1] = sys_ni_syscall, + [0 ... __NR_syscalls - 1] = __riscv_sys_ni_syscall, #include }; From patchwork Thu Jun 29 23:42:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297434 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 18EE5EB64DD for ; Thu, 29 Jun 2023 23:43:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=m6tiwM+Gxd6KWdEbdMkcigAJzh8pFHI3G37SDer3/oU=; b=wGrU5TJt5P086a/7CARRm47eIO XAe1HVHDz3rjlnraGmhMDGQiXyeqD2Dp1Gw+b+kyFo/HSPhGxjw41xY44LrS88MN1pyGgBL08tyFJ lT95/KI5Z8/bpqG0HmMT5KhJP/47NictxqP/SUFnuCJ9JNPB4jSHrP3gHdbPrjhHTBZJQtvf46vrO uN2pNpTFfActpUV4LH2R0N4AVIakW0y9icxOfCe0fUBphRIkgcg10WMI4In2Ypzt0GSI6n8UXxGdl g+5npgzdUnYziIf5ms/cY93V6uSJmNQdfMHrHM/sBcvDB1PoP3oSXkfidjFdj3Vky2+rFqNQXRJ4V 7EJE1Hzg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hz-002Tyk-2g; Thu, 29 Jun 2023 23:43:03 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Ht-002Tv1-30 for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:43:00 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-56ff81be091so11102947b3.0 for ; Thu, 29 Jun 2023 16:42:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082173; x=1690674173; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rwKLI/qRUKPULIlBC3OTUhb6lfrxfVtcL7RWgMXp+DM=; b=xZ4gzYmgSDP58mOKR8hM46Nd3CktXTb7BWdOsL40ZpOowsFja8hHx4hEpRu7h+8XXt MXlo89FDD72TAUb0aNZwUN9hsD5krX9N6BIDIdgNZjO2+Q9hqoPmMO0wHRAE3CanaHoU CADHRRVIOfgsXUI7G64inFFIC6roC6nRP9g9q4FoTqTZt29i4bySfE6PCOpQKuDFFD+S qmiO+EA4gU+2Idsy+Qnduwt2kaRDhqdZTG4p59yUdS5hMXfpchMb7zXP+BfLtVyISxVO bziwFW/aif6c2MFD81O0+6TPzmJ57qD6QsqQF1V8sU5pSP48L18NjLafTtvf7VZj/Uf6 mi7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082173; x=1690674173; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rwKLI/qRUKPULIlBC3OTUhb6lfrxfVtcL7RWgMXp+DM=; b=bXVRyV/23OTggekKyuaNmTh4qIlzxyjMw/q9Zr7SXhllLj8yNNc+DC7rYTZ0W56GIB OgMpNcGKgx89W8AXv/n3VtseoGC73EQ4jnvrnSUpdGzyRNsb5115Co56wlZruB2/GkJx FgGBgNFU6n/x3cCvWbgfhLw6AgjseDWlufdqwXSLWbwW1kYhdbtY8BN1o01IKxhCAk0f Gzq4uZW2/d9FDUA7kDh6nsFre8OAVMhycjkwHtoEuDFM8JEL5F0kuN3HgEtWdsZCO9C+ Y/g9/VQsyDjufs89wsKwO5wtpHAyO53MQIk4KS+INxZrXPLXPpDG+CbV62VLD6MZSyFj t1tA== X-Gm-Message-State: ABy/qLZEAnX8Y2SakeYw+NbUlIgO+VPPQhgplkmdABRzJDJq8ngRg4MX aDsbFd9P84aiNF4Tprd6NhHu2vGh3uHQlrLc8rA= X-Google-Smtp-Source: APBJJlGvY9o8TdVQA2iFVhCCB50GqC+vEYRFxxtjURS+zUxZ3uCTPfePcPm+HJkTvW8UT4zvI1DCpmZcRMm1arw/G+E= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:7e0a:0:b0:56f:f62b:7a11 with SMTP id o10-20020a817e0a000000b0056ff62b7a11mr6436ywn.8.1688082173423; Thu, 29 Jun 2023 16:42:53 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:47 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1898; i=samitolvanen@google.com; h=from:subject; bh=Gkp1NJ2f7yYUqQXHMI7a2x2tGYxFA1ILvi7IEKTnass=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1WHJAgo4Uq6U6j6NflafXu9jZGHzv6JSKG I68vAHUjwOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7ra7DACnV4oH9Zp+lDg83B8KilPxMfwy2imQEk7g4tL0+joJ7XhULu9MfK90xn7TM7i4gtaSYlw WWtBPr32oT+mqBypw6Zzzh3TjqvFxGw6L4NBPrew6Zv8Q2DnCsPP3MdTja4RKLIR9eYZz/6MKhY KoJ1U2HlLEczeZs9jBPFvTUBeodHLyEcItxzzSMGaK8gSj0HUgan9Y0jDi1r2wlPF9qgKtm/5lF e3pkg/Uv3sTKtwhfqNeCqnkBuo3UwEAuXmUP2BKHh1RVZRRHkXsYPbi6hckTUsHIsz/Ei36AaKy dYHxMndLyrFMOV55dL9x2qlhOYEwmNjRDotAMG/b0sT09z4txrkykyuszG4sHikOQg5drQ6Qt5K Fjw/DqnV9FeYOjowphHAm21MgWwnxwBUALJrWe92r5LVU+EqWAZEFtROnZlRkcsTrt3D8P6ozhM kSPl2dnVwxy5LCbyOS8SfKJPZbyg7P3geJcOGAJ3DcZ0TRSuOpXbTvdhgxFYPSa++A5FQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-10-samitolvanen@google.com> Subject: [PATCH 2/6] riscv: Add types to indirectly called assembly functions From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164257_966214_E5BC52C8 X-CRM114-Status: UNSURE ( 9.78 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use the SYM_TYPED_START macro to add types to the relevant functions. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/riscv/kernel/mcount.S | 5 +++-- arch/riscv/kernel/suspend_entry.S | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 30102aadc4d7..712c1d2c2723 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -3,6 +3,7 @@ #include #include +#include #include #include #include @@ -47,13 +48,13 @@ addi sp, sp, 4*SZREG .endm -ENTRY(ftrace_stub) +SYM_TYPED_FUNC_START(ftrace_stub) #ifdef CONFIG_DYNAMIC_FTRACE .global MCOUNT_NAME .set MCOUNT_NAME, ftrace_stub #endif ret -ENDPROC(ftrace_stub) +SYM_FUNC_END(ftrace_stub) #ifdef CONFIG_FUNCTION_GRAPH_TRACER ENTRY(return_to_handler) diff --git a/arch/riscv/kernel/suspend_entry.S b/arch/riscv/kernel/suspend_entry.S index 12b52afe09a4..f7960c7c5f9e 100644 --- a/arch/riscv/kernel/suspend_entry.S +++ b/arch/riscv/kernel/suspend_entry.S @@ -5,6 +5,7 @@ */ #include +#include #include #include #include @@ -58,7 +59,7 @@ ENTRY(__cpu_suspend_enter) ret END(__cpu_suspend_enter) -ENTRY(__cpu_resume_enter) +SYM_TYPED_FUNC_START(__cpu_resume_enter) /* Load the global pointer */ .option push .option norelax @@ -94,4 +95,4 @@ ENTRY(__cpu_resume_enter) /* Return to C code */ ret -END(__cpu_resume_enter) +SYM_FUNC_END(__cpu_resume_enter) From patchwork Thu Jun 29 23:42:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297436 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B6D14C001B3 for ; Thu, 29 Jun 2023 23:43:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=feQC9B3Nt2mQyEH6l0qNdwwb+KJAKZ96Y79v84K+6yU=; b=SvYUS1qyIUvUQn6QWYfgqoGUW9 r2cZnxqQT/m9I2Fcee0Uy0VllPgLAT3/loi8+KCTNL/8LI+tmPR20+q3myXgmzeKfgbB/L63jYucD lAMLA6yV1YkNmee9CsRugUHW7zRzdpSPtyxolgptKaZsnaRIw1wjBIwayotFKTL9BSHNgmfzXuGPK tsfkHLB5HrwzGoVdRbRc9yd1MqTGOHB1Sxqr/33HhRAcBwCnImLa0Wo1A2SiUf3lDGbNwWsp3yyjL ZNN0D0HoOudgURa9AFCxkpqAMAXT3GoFdV1iBaPGU4vg0NjucS3ODb0iX7PrnQGSU1FQZYF9WDFy6 5km+FS1w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hz-002Txx-0i; Thu, 29 Jun 2023 23:43:03 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Ht-002TvI-2D for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:43:00 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-bfee5fd909aso1071844276.1 for ; Thu, 29 Jun 2023 16:42:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082175; x=1690674175; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5Xnc4kEY4EbaBnYfn4j7l+LmuswSwMsWgqgbgeywLsM=; b=kp2ERfWqnMk1aYCcY3Lh5Z6gm14ZJ3i2mXlb/00TiljzMsnxeQFs5kbVGLwdlHdXWH 1Pr+W0hxAGlZuFtJ34Gw8FWCTQKcdth2yYQ4kpxbIRDw+N4gAfjsiMTV7jzpomXHcLTS 0kT2wDspmdW0ky6LKXOjJbvqFbwXOfI+Uqy9S8KBiTg+C/CpcRA4cNvS8TaL+WBXZhiJ gqG0bbHz3u6ZHweyCgmLfplLh+OdA+qcH5DUy3t0ecNfXfQIxRtzjJjc8ialYxW+YbE9 hNIbzRRmtDZvI0K4dsHoLvVVFESxxWxy+57P+dee5eOgXSh7DXoAPg7ADh/35TMj2lK4 3t9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082175; x=1690674175; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5Xnc4kEY4EbaBnYfn4j7l+LmuswSwMsWgqgbgeywLsM=; b=cWX6r0/XM05Qq3HyVbJ1IThCngem0SYT7j+tgBDjDCZS+qdonlFmnAANSHUtA/qR1F clX5XSFhS82xvqD+kHscteLXKB/NfL+A+EbTLisox6gDjgk5Nb0H9hYxAT4OTCZ6F3WX bNvIaVJGdBC0wlaHRCPKa4VEioljQTKao1S+Kl26ailPHvfQ8F0Ww0PBuMUP6iBh4qqC hJCUg+6jLkGBOqy8+qOqbA90OPR8ECH+fS+80GTSQyvcqroO/Y/pfr+1sJtKW+BN2hzS h4Ty//9tmRe01iga1y6aKFHwBVT7fp2orzhu4z3Vqf+mdLCwFBGa/+nvpaaOzhdZzAQ4 I6fg== X-Gm-Message-State: ABy/qLZrxhrv+9hI8SEYzxh3q3B8NsmqO6zmGSte5yvj4gsBKYIIstCz qPAdAoh4QhkNR/fn5JZp+Mzm9YIOjoIhHKMGD78= X-Google-Smtp-Source: APBJJlELQmIdC0rGqtb4VJitzpWLBDF1z2wW/3vjqsBQPQv0tSZIA2LaC77zwb28Y653cXNP4FPxNLuggPDhhv7s5Yw= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a25:3f44:0:b0:c39:4e0b:2f05 with SMTP id m65-20020a253f44000000b00c394e0b2f05mr7310yba.6.1688082175113; Thu, 29 Jun 2023 16:42:55 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:48 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=879; i=samitolvanen@google.com; h=from:subject; bh=jTMsDVHp3vLP+kp6kYa8Yt2xhzF3g8PflLJEr5zwipc=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb19IaK8IPSrcbSiqkp1zwKDFD22eRwAN9KJ 9YK7ujl6kKJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7hKeC/9phxEf9/+dB3hfrEFRxhxmmCZAlHL7B2GBUkQCOpdHg2ck1MABWcoko419h0tlSz45RPv IyV9eudwY59txN8eLDO2Lh+KuGtj/I/xL9yy+6j71mkvxiRbmFzuLHv/QwdBqbMDOUZdK9LNjwC hjDZ12Mk+tdQ2pAfhWRG7oI2pvSd76+bgvv5glho5QYig7FnKmOdl6Lly7gAjjaP/bsB2ESWl/f 5wZ6tCp/E/iOu6m6yF4LBt0RObJUIyuvpYsPmObRxGFVZVAQkogHlMGdi0l0XVwpHY2xcKqzusS HhpVp8d4J/FreeR1zKHdC3oJqbkgtBa0poSZnm9iOzOtdaMNnRRYqf5ih9YbDcrim2hjDQGfTZc iaP32nHcDEaHWHNpHRw0gEionM52PXSz8IxY4GPajiUthGRen5n5T/2UzAho1Odw6xFE36Kvd3/ ayJR/eygigxaJNCGU8rkS9ho97aA+Ng4gci+jDMa+FPMitZDgr6U1fYKqpHrXzUK/jUjA= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-11-samitolvanen@google.com> Subject: [PATCH 3/6] riscv: Add ftrace_stub_graph From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164257_728618_ADE3C2E4 X-CRM114-Status: UNSURE ( 8.76 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Commit 883bbbffa5a4 ("ftrace,kcfi: Separate ftrace_stub() and ftrace_stub_graph()") added a separate ftrace_stub_graph function for CFI_CLANG. Add the stub to fix FUNCTION_GRAPH_TRACER compatibility with CFI. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/riscv/kernel/mcount.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 712c1d2c2723..c73d7514e45f 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -57,6 +57,10 @@ SYM_TYPED_FUNC_START(ftrace_stub) SYM_FUNC_END(ftrace_stub) #ifdef CONFIG_FUNCTION_GRAPH_TRACER +SYM_TYPED_FUNC_START(ftrace_stub_graph) + ret +SYM_FUNC_END(ftrace_stub_graph) + ENTRY(return_to_handler) /* * On implementing the frame point test, the ideal way is to compare the From patchwork Thu Jun 29 23:42:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297433 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 755EAEB64D9 for ; Thu, 29 Jun 2023 23:43:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=oyHGt6h9jnU9OfVE3JJUsWxhfqsEu+kErqN+/ysYSrw=; b=I8G1gk8TEVDLvKKQ2lua+Xy/3+ i7BqkFJ52+oWRkzU+NyKmIjkMPXdPpndW3Lv/SrpwKJxBgBPXtcfbgpDPup5Ff70QfVkU4bieKt6k duiHG6zYQgiY387HcFkbifJSWttS3ed4CnDSbRdQAxLacr0HKHappLhRu+e0tYb33z5O55FyXL5Lq NPj7aaOGuBAeCylZvCfJSFaIllwUHt2LGKQB2w1g+Kp4iAiI0/pcm8BqMDgE/HYusgFoAhwkRM5MD DyaFc8BHYVt/umXWZSQrPmiKSqBcDZcGp+GzJcHvspYT67uW1k/XHZUNjUanD30FHAiS50rry+BEh WOryrIyQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1I0-002Tyq-1N; Thu, 29 Jun 2023 23:43:04 +0000 Received: from mail-pf1-x449.google.com ([2607:f8b0:4864:20::449]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hu-002TvS-2I for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:43:00 +0000 Received: by mail-pf1-x449.google.com with SMTP id d2e1a72fcca58-66a44bf4651so843836b3a.1 for ; Thu, 29 Jun 2023 16:42:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082177; x=1690674177; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=kH7bkPbO18xX/Wp0GpqGpLlOQ0f95hD6FnRtLDJvT1U=; b=MOrJxSP3sVqGm+w0js/kIw42CYZEUP0oOJNMS+uIOa3MELAjgpbyTEzy/4B24ur+OK qM7qAuosF6u0oM27xEmeVggBJ+6/NH+9EoAVMOBltCUDX8waMif7DUAE8zgVrP066VKz JZYmWrGCxkCV1ew5vNDDksZ/wRF/Zoujs622lDGtfKg6dUgwqu1Buhk5NRH1fTLjNmt8 NUyWcokBJNyaKD+b76OJOILtSe24hjIImin9Dzgx3z7SSWX+3BpmVK9w1Ah3TO1Ekw6T q0BczkHxDyFoQVa4T2Ls121wOtYzOA/qMkqb3C89vnQyR85YIGae/1Kwcla942IWNnDu AXTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082177; x=1690674177; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=kH7bkPbO18xX/Wp0GpqGpLlOQ0f95hD6FnRtLDJvT1U=; b=PmrSIcElwT1EvsSbiGnQjpfOIW25C+1ta/Qb/67SHfUKdDDwXV5Z3GedxNDc8BqtR4 VDsWYC4xtvm+ubgKDCfvOrKjMJ6lVttq4zxsUrvuyDTkUFkNKoH+Q257cURB3HCIaWsA T8hnqXe2I8i1H08lWQ5iuy4EqHi9CcJoXM7FhVL+n5Xiez3YNimdGv2PIQZV7eAaWuiw HY+gSdzylfrPexUaHnXSGvcn9UOMQAxKZwUrw72sP87HSwKvzq5qwucdSsEsySNsLIa2 fiwZkcIRHbk8JnVQaN1o/ZCvhymvP/ewmpnI4ok8fn9BvepZlMNum2+PjNJXRnkTvts1 6bnw== X-Gm-Message-State: AC+VfDw0bc20NljqYa0y3ltyUKZPT6Kwqshdkwlbcd0JxmtMChdd+2Ne bkFebw5qpYu4HhWsazbPnf8kjWZSjZi+WJlAST8= X-Google-Smtp-Source: ACHHUZ54tMcYLAqtFQ4eD7Co9823u9Z85Yql+d2HDqherGgBCI4z4EkToq8lC91y+5fbCwaKDbVpEDDVYz5UAdJejDo= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:18a6:b0:67b:8602:aa10 with SMTP id x38-20020a056a0018a600b0067b8602aa10mr1871084pfh.0.1688082176944; Thu, 29 Jun 2023 16:42:56 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:49 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=9436; i=samitolvanen@google.com; h=from:subject; bh=JZNR4FrhRgjhD3OE65/zHFRoFa/eW0jA8NKJ4VpUQAM=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb17pDdOWUqLhJ1JUH+3wVLRO6EhFWeGwkjK 7BieuQqsc+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7rBdC/9osT4E49rQweMxnUcqovViVIiMB+HeQOW+PQuZH8/EBALEW5KQD2WoZyN/to24b+CwgXK b1rrMZ+HQQlfYYiWdS8D1o3sa2GYK6f8koSaggQIj2kVFoNzOuYnLt5xGZBifcfUPONMLMaYZTf mlqJvD5HFVi6h4Qxs5ldTItdrbjOaLz/T4eTqRVHaQOkhd2rJgu+WAgJbOngaGxxtR70yikAiCf W0pw2m8Pwk1v7zso9VmFhwmvof8W6Xnu4bG+knxaOu/U7ih2C0X/PQNHEOXbF7W9mUdrDUbGqtU giHYTQDuORwbMfrlmL3LPs5lGweV3g2tiILj+obadtUVNSm4vVna8O6+bn7Jlke3doKZwCV6rYU nHzSfo1wvr5CVp+Ky0bLf3DY0QkL+ovuUbM1c5nRG3XxnKHXAUK25nrPmlq/z5ielGMqymHg7bC /GU8cbvrTijynsfGXpREBVxgFz5cPMaL4FG69n8bEaCVytbhhs/hrmLGwI0pno1dRpW4Y= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-12-samitolvanen@google.com> Subject: [PATCH 4/6] riscv: Add CFI error handling From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164258_748689_A8046167 X-CRM114-Status: GOOD ( 23.99 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble .word function: ... ; indirect call check lw t1, -4(a0) lui t2, addiw t2, t2, beq t1, t2, .Ltmp0 ebreak .Ltmp0: jarl a0 Implement error handling code for the ebreak traps emitted for the checks. This produces the following oops on a CFI failure (generated using lkdtm): [ 21.177245] CFI failure at lkdtm_indirect_call+0x22/0x32 [lkdtm] (target: lkdtm_increment_int+0x0/0x18 [lkdtm]; expected type: 0x3ad55aca) [ 21.178483] Kernel BUG [#1] [ 21.178671] Modules linked in: lkdtm [ 21.179037] CPU: 1 PID: 104 Comm: sh Not tainted 6.3.0-rc6-00037-g37d5ec6297ab #1 [ 21.179511] Hardware name: riscv-virtio,qemu (DT) [ 21.179818] epc : lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.180106] ra : lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.180426] epc : ffffffff01387092 ra : ffffffff01386f14 sp : ff20000000453cf0 [ 21.180792] gp : ffffffff81308c38 tp : ff6000000243f080 t0 : ff20000000453b78 [ 21.181157] t1 : 000000003ad55aca t2 : 000000007e0c52a5 s0 : ff20000000453d00 [ 21.181506] s1 : 0000000000000001 a0 : ffffffff0138d170 a1 : ffffffff013870bc [ 21.181819] a2 : b5fea48dd89aa700 a3 : 0000000000000001 a4 : 0000000000000fff [ 21.182169] a5 : 0000000000000004 a6 : 00000000000000b7 a7 : 0000000000000000 [ 21.182591] s2 : ff20000000453e78 s3 : ffffffffffffffea s4 : 0000000000000012 [ 21.183001] s5 : ff600000023c7000 s6 : 0000000000000006 s7 : ffffffff013882a0 [ 21.183653] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff0138d878 [ 21.184245] s11: ffffffff0138d878 t3 : 0000000000000003 t4 : 0000000000000000 [ 21.184591] t5 : ffffffff8133df08 t6 : ffffffff8133df07 [ 21.184858] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 21.185415] [] lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.185772] [] lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.186093] [] lkdtm_do_action+0x22/0x34 [lkdtm] [ 21.186445] [] direct_entry+0x128/0x13a [lkdtm] [ 21.186817] [] full_proxy_write+0x58/0xb2 [ 21.187352] [] vfs_write+0x14c/0x33a [ 21.187644] [] ksys_write+0x64/0xd4 [ 21.187832] [] sys_write+0xe/0x1a [ 21.188171] [] ret_from_syscall+0x0/0x2 [ 21.188595] Code: 0513 0f65 a303 ffc5 53b7 7e0c 839b 2a53 0363 0073 (9002) 9582 [ 21.189178] ---[ end trace 0000000000000000 ]--- [ 21.189590] Kernel panic - not syncing: Fatal exception Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Reviewed-by: Conor Dooley # ISA bits --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/cfi.h | 22 ++++++++++ arch/riscv/include/asm/insn.h | 10 +++++ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cfi.c | 77 +++++++++++++++++++++++++++++++++++ arch/riscv/kernel/traps.c | 4 +- 6 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 arch/riscv/include/asm/cfi.h create mode 100644 arch/riscv/kernel/cfi.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index b54a830eb5c6..20a40927175e 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -44,6 +44,7 @@ config RISCV select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU + select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU diff --git a/arch/riscv/include/asm/cfi.h b/arch/riscv/include/asm/cfi.h new file mode 100644 index 000000000000..56bf9d69d5e3 --- /dev/null +++ b/arch/riscv/include/asm/cfi.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_RISCV_CFI_H +#define _ASM_RISCV_CFI_H + +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ + +#include + +#ifdef CONFIG_CFI_CLANG +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs); +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + +#endif /* _ASM_RISCV_CFI_H */ diff --git a/arch/riscv/include/asm/insn.h b/arch/riscv/include/asm/insn.h index 8d5c84f2d5ef..45bc485fcf3f 100644 --- a/arch/riscv/include/asm/insn.h +++ b/arch/riscv/include/asm/insn.h @@ -63,6 +63,7 @@ #define RVG_RS1_OPOFF 15 #define RVG_RS2_OPOFF 20 #define RVG_RD_OPOFF 7 +#define RVG_RS1_MASK GENMASK(4, 0) #define RVG_RD_MASK GENMASK(4, 0) /* The bit field of immediate value in RVC J instruction */ @@ -129,6 +130,7 @@ #define RVC_C2_RS1_OPOFF 7 #define RVC_C2_RS2_OPOFF 2 #define RVC_C2_RD_OPOFF 7 +#define RVC_C2_RS1_MASK GENMASK(4, 0) /* parts of opcode for RVG*/ #define RVG_OPCODE_FENCE 0x0f @@ -258,6 +260,10 @@ static __always_inline bool riscv_insn_is_branch(u32 code) #define RV_X(X, s, mask) (((X) >> (s)) & (mask)) #define RVC_X(X, s, mask) RV_X(X, s, mask) +#define RV_EXTRACT_RS1_REG(x) \ + ({typeof(x) x_ = (x); \ + (RV_X(x_, RVG_RS1_OPOFF, RVG_RS1_MASK)); }) + #define RV_EXTRACT_RD_REG(x) \ ({typeof(x) x_ = (x); \ (RV_X(x_, RVG_RD_OPOFF, RVG_RD_MASK)); }) @@ -285,6 +291,10 @@ static __always_inline bool riscv_insn_is_branch(u32 code) (RV_X(x_, RV_B_IMM_11_OPOFF, RV_B_IMM_11_MASK) << RV_B_IMM_11_OFF) | \ (RV_IMM_SIGN(x_) << RV_B_IMM_SIGN_OFF); }) +#define RVC_EXTRACT_C2_RS1_REG(x) \ + ({typeof(x) x_ = (x); \ + (RV_X(x_, RVC_C2_RS1_OPOFF, RVC_C2_RS1_MASK)); }) + #define RVC_EXTRACT_JTYPE_IMM(x) \ ({typeof(x) x_ = (x); \ (RVC_X(x_, RVC_J_IMM_3_1_OPOFF, RVC_J_IMM_3_1_MASK) << RVC_J_IMM_3_1_OFF) | \ diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 153864e4f399..c173a7cbf4e1 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -90,6 +90,8 @@ obj-$(CONFIG_CRASH_CORE) += crash_core.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o +obj-$(CONFIG_CFI_CLANG) += cfi.o + obj-$(CONFIG_EFI) += efi.o obj-$(CONFIG_COMPAT) += compat_syscall_table.o obj-$(CONFIG_COMPAT) += compat_signal.o diff --git a/arch/riscv/kernel/cfi.c b/arch/riscv/kernel/cfi.c new file mode 100644 index 000000000000..820158d7a291 --- /dev/null +++ b/arch/riscv/kernel/cfi.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ +#include +#include + +/* + * Returns the target address and the expected type when regs->epc points + * to a compiler-generated CFI trap. + */ +static bool decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + u32 *type) +{ + unsigned long *regs_ptr = (unsigned long *)regs; + int rs1_num; + u32 insn; + + *target = *type = 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + *   lw t1, -4() + * lui t2, + * addiw t2, t2, + * beq t1, t2, .Ltmp1 + * ebreak ; <- regs->epc + * .Ltmp1: + * jalr + * + * We can read the expected type and the target address from the + * registers passed to the beq/jalr instructions. + */ + if (get_kernel_nofault(insn, (void *)regs->epc - 4)) + return false; + if (!riscv_insn_is_beq(insn)) + return false; + + *type = (u32)regs_ptr[RV_EXTRACT_RS1_REG(insn)]; + + if (get_kernel_nofault(insn, (void *)regs->epc) || + get_kernel_nofault(insn, (void *)regs->epc + GET_INSN_LENGTH(insn))) + return false; + + if (riscv_insn_is_jalr(insn)) + rs1_num = RV_EXTRACT_RS1_REG(insn); + else if (riscv_insn_is_c_jalr(insn)) + rs1_num = RVC_EXTRACT_C2_RS1_REG(insn); + else + return false; + + *target = regs_ptr[rs1_num]; + + return true; +} + +/* + * Checks if the ebreak trap is because of a CFI failure, and handles the trap + * if needed. Returns a bug_trap_type value similarly to report_bug. + */ +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + unsigned long target; + u32 type; + + if (!is_cfi_trap(regs->epc)) + return BUG_TRAP_TYPE_NONE; + + if (!decode_cfi_insn(regs, &target, &type)) + return report_cfi_failure_noaddr(regs, regs->epc); + + return report_cfi_failure(regs, regs->epc, &target, type); +} diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 8c258b78c925..39dce00c6ed7 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -242,7 +243,8 @@ void handle_break(struct pt_regs *regs) == NOTIFY_STOP) return; #endif - else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN) + else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) regs->epc += get_break_insn_length(regs->epc); else die(regs, "Kernel BUG"); From patchwork Thu Jun 29 23:42:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297439 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E3929EB64D9 for ; Thu, 29 Jun 2023 23:43:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=D4cEl1JfEgqHD7mecq2z+HGT7H4tgiw+BY4yf4R5wHI=; b=OOcQI82oFvDxrA0OTH8CiYeCGK CjQmLmTIRbeF0OeA04FtHT34ZEO+oAy+9GXofae57jt5nTeywEfVDPAAzpXII4m8fbC4RiIzNWeL9 DAVoqNKgHmbev7aaNPJXgMEBdFHKU8+yBdu0zAcWjqu5yHk5SjQkBw/xHQ+BA6SE8HO0lfjLm2MlY 0Rs/l26dxzzhCtLv6CpbyinRGdgeFZLFKvz2Vw+skngmmyoEg7Zv3h6X6V7smII5/K/91tdHIuSun 08TPS0zhzaRZt873HaAIqbACxK7uabWxrOl1WYsCTVQMjSwZ5BI9rBZwQfbggzg2WcPgS7mwSM+3r Ut+gZFUg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1I0-002Tz0-36; Thu, 29 Jun 2023 23:43:04 +0000 Received: from mail-pf1-x44a.google.com ([2607:f8b0:4864:20::44a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hw-002Twe-0k for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:43:01 +0000 Received: by mail-pf1-x44a.google.com with SMTP id d2e1a72fcca58-66eba523cd9so799956b3a.2 for ; Thu, 29 Jun 2023 16:42:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082179; x=1690674179; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c9Xlw8wqmc7m2gTD7N39tQeUlWC1WXyQLWb4QZRUB8Y=; b=p3VLofC9uBlj4VqikzkpTVhIEDvSp6dp7csrh8LTmsJ2AioG7ohNPCyZXFqNRY4xl2 67M3uESl94bLO1M1ieHMv3cFZxN3FFyNQ0yWBa3oxuxiEFwLMPd34J+muGl+kMjVt8sZ IaP7ZZcHfBi6OBW/hhL8waRnsfqbeMv3qP1yH2A1MZMIWsagGhMutscPGf6/l0CtmEJC eH4izIvergiWXqGTOpw9Vsbk5iEj4hbcxvhKT+YPCyTIG/cK4TBss9B64FaAeElrkph/ /FmsTHj9LxHPV+CVsN5UMIBeeHMoz+ubIgnc4AlwKuZkWfAvt5iWCuI+vv7VU5neuWXL aJyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082179; x=1690674179; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c9Xlw8wqmc7m2gTD7N39tQeUlWC1WXyQLWb4QZRUB8Y=; b=RMwoU54iT12mSOrkx3aOkpxdGv01qGzaU71TXd32h9TWKpK17MYvi2XIbBDHwAAgXq T7HAZDNznR2fVRuk1kzNTs1ZOzl+ka8paHcj/a428sjMT/PLLONE4tZ/M/PqMhEc68rQ 0WCIiLUL0Df+Md4+MgTIyENiwp+siM7OoEkApnGRfcR1/5frZWHaAiHQvE0NHarU+yNY lyazSXq20guujFep2fN91Zf/k1xeyRsOWjKNJPYKZl99JqHAdFGlVnf438+eZqUaGkau pucofGNXbPWDw0nfDAcD87LG8Rci57+qY6fQOlLaUhlKk7/1Bh1IeOuYIgfwDhXVrQra wOyQ== X-Gm-Message-State: ABy/qLbXr5/m57l0fTXBqkie8tQQln9EADh2LLKS4+rO/iG5dNOzxLZK h/dnfL7GtV4EK5flE4N/UNp3iPAR7Nuy9RG/2kk= X-Google-Smtp-Source: APBJJlFHLSu7NeB6EU8tOB3/UHptwEsU/4w39fszUoslEvKjGXk+rTe4axHVWR092ZKjtQWWIfnwLK3jAyxYC69lOLA= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:1783:b0:668:69fa:f795 with SMTP id s3-20020a056a00178300b0066869faf795mr751698pfg.2.1688082178828; Thu, 29 Jun 2023 16:42:58 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:50 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=722; i=samitolvanen@google.com; h=from:subject; bh=gs+HqEOxqge1JD2H3C2OtV2QqbKbTGj0I3LUMBMWFOw=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1mBbGJYC+ijqffqvxPbBoNNe723klVhBkW m8HhCBORNaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7nW7DACWpElrAA2aMey2/F1+uNsTn4cuQjvpzYjhSgMneDZUzTvG9j2obc9IHVDVv2V35NZZ4Rx qYnhvOXv6ow3iGv+8NVoRor2ccyLXINBkBk/bdzyJ+g5Iz6AutmOsyLdDODLa+au96lNnKDLqq+ Txok6LqZKNvnTtmBO01sSp+NaX0Fhils37JKcU6zNe4QxFb9dq6jTzowqNUjIX5wJ5zoAHL2T0s tLymrEt+OZ5ON9rDFrhMSYiF/P47V6jz8+j2F6hEFzx/c06i14VwYtWoLPoOv/HD6BOPuit+m3q W9JWzrIJwcyWdDLlG9ukewzXluZOrbvAQVgin2f6Le7Y2mvWOHldJvFbUa8nYeErwxYpRjXoIFy 8tVOHkO6lNvnaruOkuaq0Szw25ktCiQV0nrgU30ZQ/JnEO6BozZdXZC/CZ6K3n3QL1cUDQqAgHg I0w0CpD9whXokITAv8X6e6UXd4zEDbwHvv3Zk7/XIwHjMo0Doyr1T55fqBfmjLc35Zmb0= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-13-samitolvanen@google.com> Subject: [PATCH 5/6] riscv/purgatory: Disable CFI From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164300_277117_C25E022B X-CRM114-Status: UNSURE ( 7.03 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Filter out CC_FLAGS_CFI when CONFIG_CFI_CLANG. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/riscv/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/purgatory/Makefile b/arch/riscv/purgatory/Makefile index dc20e166983e..9e6476719abb 100644 --- a/arch/riscv/purgatory/Makefile +++ b/arch/riscv/purgatory/Makefile @@ -77,6 +77,10 @@ ifdef CONFIG_STACKPROTECTOR_STRONG PURGATORY_CFLAGS_REMOVE += -fstack-protector-strong endif +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) From patchwork Thu Jun 29 23:42:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13297437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3192BC001DD for ; Thu, 29 Jun 2023 23:43:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=4ZiGZVQF5mqLZ+Vy0s8XMfYihdmJkEItWoXKQ1X8rL0=; b=3kNFjSO4mq9qFpe8lVPENo78bf Dn/jUsoWRujpz4S8CVnqZAeB/7kgcSH1sIv0jpILg7KBy/3AXbid5Lm9d03TVuGl3quwIgQC17wTa rzN3sDPzUv5U40m083ALXxYB8pkRsdU6zxXyZsiEU7F3j2K/aHsISqh9AEJLYVEzY3S8Ks/Qj8F0/ EWhBN8QQzFa96IpBQ4sBc1Q94GIGyyUGgBU6YNI5JZOX44HUG1zeVX6KFWu6LqAFcWZzZ7GlS4OGF d3U6WG/X5qBnj4t4oMmxv3ooD7YA1HPPXKS9H1bkemdb2xxJ09f1bhzOGHbHDrYLEqxsdUOEAdNwa uHTWv0gQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qF1I9-002U2A-2i; Thu, 29 Jun 2023 23:43:13 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qF1Hx-002TxN-2m for linux-riscv@lists.infradead.org; Thu, 29 Jun 2023 23:43:03 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-57704a25be9so18842277b3.1 for ; Thu, 29 Jun 2023 16:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082180; x=1690674180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hI1W3vZtR+9nkE20l1uechEUk7Tap/X/lCCO/vArtS0=; b=Q99ataBrVMMj1/30tDgNlRKyHCZSqEUzPhraQDs3af5FWGxtd2xiR791ZBqr2urUmj VziLScNBQ/wNWoPtUo1GAUxfiWBt9Z23+sb2cvAXrkc5X6S+q+YKXakjQkafV4+c0wMV mIem4WXC4+1cb9fZ9sMvLDHFBHfw3NE6HVnt4gkfrtdFFWcfUvvFGQSX5ZMSg58mbuEq uFN3qIf9GcgB+gPtV18WbJfCQ7HjodVRNQg0sLGufXuzlI7jOu5cBkVrjaC5a7vvLQmi PPaIQ1ztJBsIFlA4BHqNj+Clm1YzG7bFL2WSAqSMtwK6hgryaYoOO4zbuc+E7FsISDe8 v99g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082180; x=1690674180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hI1W3vZtR+9nkE20l1uechEUk7Tap/X/lCCO/vArtS0=; b=As5jZ/dP2nYVItVT/ZJvdCD7FCGLPFXtpSJ9kBAi3KUe0aWTb8odQOASMiHlgVPUWq m8C+1SNU4Ni7VtVYuZr3zAJfH7L6N+f3CUhwbEkXL/bN007njk4VpZB40KciUlBp2eJ5 HjoPgAS/SeNy/4kPCJ10jeAFFj36qiE9+S8uGQn/FhCno/OGmQRaeFl28Lt+C2CYH5Uo DDrLqu2Brw/VQA1y6xL4H8VeuzWkRJKepeQrxkdRYu1bA3HCuvI5Kx79uKnk0G8pnDiN pXua/s46Tv+M8lqJyM01aim1VrgmnFl6L3GJ2nVmND7sSGkj4KJeXNewGkL2g+0h4Uun /8ZQ== X-Gm-Message-State: ABy/qLY9F7e4z3sMfjWHYRCCLV3+zjoGMa2alSv1+QpRBbG0mJbRg5wk IE7v5wgH+Iic4u+Xr2ID/PBJSf2RnG2tGq/rjmI= X-Google-Smtp-Source: APBJJlE4AEhOYTb7QMh6sXfCMc5LWtWpbgzK5p/x1CWtYt1uO+ltyY9NSG2IJzuCFHi/jJ3JABHe8OLe7NSpTPp8OvA= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:aa0b:0:b0:56c:ed45:442c with SMTP id i11-20020a81aa0b000000b0056ced45442cmr22810ywh.5.1688082180469; Thu, 29 Jun 2023 16:43:00 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:51 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=689; i=samitolvanen@google.com; h=from:subject; bh=g8cSbJ3YqGqII3Es78fHzl0mN4OnPxVObPCoUIO2Cw0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1jX6BLvnk0FKQHZsmyPKyvo4TJBI2RL/Fa sauJUMVL5yJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7nuMC/wLrmKtkYfd+iRZVIIgu+Y5m2M9if9FoIpZHdzE1sPHuEoeRb71eU9RY0XTpDiHCGPiMNP YbjG6hBOYmthlFvkkZe34E7uxSmP2qlWDjGtIh0Z+psbI9KOhxLdNO6136VZOaifKjMNtqGQvlz rAgmqkVNLA6Q710CI5OrJ/lUad7tNT7cx5lRpvzeTrgaUXI9mcWBOP5vr0xb3P7K+bjMf6WOWLa w/RroR5VNlXhzLL3pamA1Y55QzNu7u8sbUvvaZgRSfOvpNWm1tfqGS+vci2Q5WBLkmGw2lawL43 d3BruriP5Q3JTisr5jHg8Zysv4VFxW78GL7dTSAkv7nPLw21lFpZtWpyBU274NKrD4PeFzdqjaJ /8ZopxIQJG64TVeMX+Dwfx0bhZ6Pz5B7r5CxdwL0z+p15PaXWqhx6uTWtmMEKOFLB2AAprrNsZS 5mth9xbFP0G2ongMFbaDFjlNdXZ5tmF94r/B3WQ9UzapWOCids09pksdQ/AFipOMR1Dkw= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-14-samitolvanen@google.com> Subject: [PATCH 6/6] riscv: Allow CONFIG_CFI_CLANG to be selected From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230629_164301_895650_F4D786AB X-CRM114-Status: UNSURE ( 7.59 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Select ARCH_SUPPORTS_CFI_CLANG to allow CFI_CLANG to be selected on riscv. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/riscv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 20a40927175e..2699e1f8fe33 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -44,6 +44,7 @@ config RISCV select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU + select ARCH_SUPPORTS_CFI_CLANG select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS