From patchwork Mon Jul 10 18:35:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 827FAC001B0 for ; Mon, 10 Jul 2023 18:36:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1CBQzC54Kl5Ep7pknptvW6by2zKhhf9fy9/uGpKllWk=; b=cvSsv6+dBvg7OqIHYDsCVk7LGs tNAvOWwsj1mYtXLMXRDYQ/ip0cG0WoNJb6Jn0c6qjUbOvSFw8kY6kS7dduuKpc5ZuZ5cNGW0KtIoX BK4HnF0MDVzgM+lmHorV7ydvwsABv9DtHfzc0s/GNBKSyoYLqdX8xfPNwVID42WGuhDXCNRKLgM+2 Ro1atZ1JlvBmk/TWCOywBO66vFvcwly0rf8iSW7fB8mrLo56rtFCUFt/v5j86pj0X6cwiyDF0ihRQ EHTiWou8g3Uh421SALqHzUDwEgy3h4zvSOYH3LIlV5z45Y3XNcaiznU4JnrtKyWegrxyi1JA9Z81l rry3o5Gg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjo-00CTEx-1h; Mon, 10 Jul 2023 18:35:56 +0000 Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjk-00CTCv-2A for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:35:54 +0000 Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-569e7aec37bso45683557b3.2 for ; Mon, 10 Jul 2023 11:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014150; x=1691606150; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JfuHjbGr9PeJ0PR5WLnTESMLUU2NVQbFj+yFH1gqRF8=; b=mfJmD/FVxdps7T5hJgcEwE8ThNbmRX23y5+EPxfWQlxj6UzddODlWvVoSL6wC7wQRF 7XAhpM5lbDJKg8TKuoGB1c1ue1+UMDBnHKcnrWz8EKF/iuOpk8L1mVDJpZq89pYBqhpg dJxY6yG5Hu9cekfrYhwzL7ozTUlwtvElo14dPK7U8ueUvqwY93fFiORY2RIGwjr2de52 4IdpdZBJc1AcpSC8qxgX+Td/y6IyIUqYG7m8AvU3WpDk4lhmLnoOxwesVjgCxSHltEaC hxJxlgkH1y7pNyDb9DldBddfDFXrpa3X9yMIdkBe7XuSHYH1BiSExntrPr9ZdQGIM3lG y7Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014150; x=1691606150; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JfuHjbGr9PeJ0PR5WLnTESMLUU2NVQbFj+yFH1gqRF8=; b=D1hjqNm2yRZqmOzWEoBmiewr1DNCp74ooX9to+DLUiwfJFwNDENDXhxMkB6L/pbr4u 6SS310u85zQ8odIVVAVZDaFInI35N5xDVPO8VTiXTR4EmI1efp38slpmXIjyRZF/e5uE mHOuGoC2fIrjswAiEhr1aHUt3duRJ6qCfqXsqn1PA9E2gwiFEelK8nwWHjUGDa2G28qN Gc64jdV4wuAnWF3HqGWohTU/Gs3sn0cKiw6xp+Lb+BTC7v+MP4mKO/V4Vg2nZznBSLCi WuDjf+R+rddeB2p8pdPi33bSo9+GCeDoqRpuBnRUiHD7l65Ima3ykoZSnErD4i+bOhpj r39A== X-Gm-Message-State: ABy/qLaNTGmrjaJ2fIhhJm8n/hXDfnh7we2AElSdkai4brLflIRghf/L SyyMHnH0lPqya5wPjLXM619OIYKaUm3OuZCBnGc= X-Google-Smtp-Source: APBJJlEUb5UKL1MoSsyogYSLs7WHlDzV7fhet/hBVyc5/uQaybIB1vy1s68RPBBiLePBq9ferUaZYZvQPVwzmK3DUbY= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:ac47:0:b0:56c:e2da:f440 with SMTP id z7-20020a81ac47000000b0056ce2daf440mr91792ywj.0.1689014149963; Mon, 10 Jul 2023 11:35:49 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:46 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8809; i=samitolvanen@google.com; h=from:subject; bh=7+cMm1pNGnHHsX43z/oJuDPuAORNOaBoot6v/Dk88QA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AWvBzRqwMc4no+3K7g72jpT5CxxsH8+M57 5Pfxcns1zGJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7klBC/9woGxzCUzYKiDh4bV8sfcQRvfqQcNafvzua53LYJu8Dhb5EZI7ZgbdCtX0uFHmX85kpj0 zb80cpbqN0YKtlVtlK2bneO0lRb23IA4K56CkSIbkJ/PNTf6szlM6WSgiAkRBur5AcBrhZghQAE hKR6k/TkktuSLXvR48ACKZ83MqBceKQuAw/pXViv7IjyGfZhMp9yH9E0HzmABzQaAJWj2IB3cEs BthBLLw4VeeUf/5YNbXwuEInwCpRi5sXiYjILikglUyym+cYd9Fs4xgorzJtuDs3eOqp5/WuS3o 3LriBrlnEyA92fiA+eg/tkzqQ020dz5y5v2xQwWFm/zK8Rfcve3BWxl4LwKHPOUPy2q0aj1bn8J tqnf5BBS/pyj0W2SNjKIELmWzeGqRKO3XfEngeuffy4yKSQJ490huNwXXEm+UhOVahsyumOSne7 5nCRwwKiII8ocld8d1+UqeN+5TJyFtO635ztUB2mSkScfansrXAjy3jafaGBEIdL1z6tY= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-9-samitolvanen@google.com> Subject: [PATCH v2 1/6] riscv: Implement syscall wrappers From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113552_712164_60156542 X-CRM114-Status: GOOD ( 17.97 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_sys_ takes a pt_regs pointer and extracts arguments from registers, __se_sys_ is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_sys_. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/syscall.h | 5 +- arch/riscv/include/asm/syscall_wrapper.h | 87 ++++++++++++++++++++++++ arch/riscv/kernel/compat_syscall_table.c | 8 ++- arch/riscv/kernel/sys_riscv.c | 6 ++ arch/riscv/kernel/syscall_table.c | 8 ++- 6 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 arch/riscv/include/asm/syscall_wrapper.h diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 4c07b9189c86..a475ef1a0c1c 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -35,6 +35,7 @@ config RISCV select ARCH_HAS_SET_MEMORY if MMU select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL + select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_VDSO_DATA diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/syscall.h index 0148c6bd9675..121fff429dce 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -75,7 +75,7 @@ static inline int syscall_get_arch(struct task_struct *task) #endif } -typedef long (*syscall_t)(ulong, ulong, ulong, ulong, ulong, ulong, ulong); +typedef long (*syscall_t)(const struct pt_regs *); static inline void syscall_handler(struct pt_regs *regs, ulong syscall) { syscall_t fn; @@ -87,8 +87,7 @@ static inline void syscall_handler(struct pt_regs *regs, ulong syscall) #endif fn = sys_call_table[syscall]; - regs->a0 = fn(regs->orig_a0, regs->a1, regs->a2, - regs->a3, regs->a4, regs->a5, regs->a6); + regs->a0 = fn(regs); } static inline bool arch_syscall_is_vdso_sigreturn(struct pt_regs *regs) diff --git a/arch/riscv/include/asm/syscall_wrapper.h b/arch/riscv/include/asm/syscall_wrapper.h new file mode 100644 index 000000000000..1d7942c8a6cb --- /dev/null +++ b/arch/riscv/include/asm/syscall_wrapper.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * syscall_wrapper.h - riscv specific wrappers to syscall definitions + * + * Based on arch/arm64/include/syscall_wrapper.h + */ + +#ifndef __ASM_SYSCALL_WRAPPER_H +#define __ASM_SYSCALL_WRAPPER_H + +#include + +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *); + +#define SC_RISCV_REGS_TO_ARGS(x, ...) \ + __MAP(x,__SC_ARGS \ + ,,regs->orig_a0,,regs->a1,,regs->a2 \ + ,,regs->a3,,regs->a4,,regs->a5,,regs->a6) + +#ifdef CONFIG_COMPAT + +#define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys##name, ERRNO); \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs) \ + { \ + return __se_compat_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + return __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define COMPAT_SYSCALL_DEFINE0(sname) \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys_##sname, ERRNO); \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL_COMPAT(name) \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define COMPAT_SYS_NI(name) \ + SYSCALL_ALIAS(__riscv_compat_sys_##name, sys_ni_posix_timers); + +#endif /* CONFIG_COMPAT */ + +#define __SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_sys##name, ERRNO); \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs) \ + { \ + return __se_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + long ret = __do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__)); \ + __MAP(x,__SC_TEST,__VA_ARGS__); \ + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define SYSCALL_DEFINE0(sname) \ + SYSCALL_METADATA(_##sname, 0); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_sys_##sname, ERRNO); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL(name) \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define SYS_NI(name) SYSCALL_ALIAS(__riscv_sys_##name, sys_ni_posix_timers); + +#endif /* __ASM_SYSCALL_WRAPPER_H */ diff --git a/arch/riscv/kernel/compat_syscall_table.c b/arch/riscv/kernel/compat_syscall_table.c index 651f2b009c28..ad7f2d712f5f 100644 --- a/arch/riscv/kernel/compat_syscall_table.c +++ b/arch/riscv/kernel/compat_syscall_table.c @@ -9,11 +9,15 @@ #include #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] = (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt_regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] = __riscv_##call, asmlinkage long compat_sys_rt_sigreturn(void); void * const compat_sys_call_table[__NR_syscalls] = { - [0 ... __NR_syscalls - 1] = sys_ni_syscall, + [0 ... __NR_syscalls - 1] = __riscv_sys_ni_syscall, #include }; diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 26ef5526bfb4..473159b5f303 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -335,3 +335,9 @@ SYSCALL_DEFINE5(riscv_hwprobe, struct riscv_hwprobe __user *, pairs, return do_riscv_hwprobe(pairs, pair_count, cpu_count, cpus, flags); } + +/* Not defined using SYSCALL_DEFINE0 to avoid error injection */ +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *__unused) +{ + return -ENOSYS; +} diff --git a/arch/riscv/kernel/syscall_table.c b/arch/riscv/kernel/syscall_table.c index 44b1420a2270..dda913764903 100644 --- a/arch/riscv/kernel/syscall_table.c +++ b/arch/riscv/kernel/syscall_table.c @@ -10,9 +10,13 @@ #include #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] = (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt_regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] = __riscv_##call, void * const sys_call_table[__NR_syscalls] = { - [0 ... __NR_syscalls - 1] = sys_ni_syscall, + [0 ... __NR_syscalls - 1] = __riscv_sys_ni_syscall, #include }; From patchwork Mon Jul 10 18:35:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 79661EB64DC for ; Mon, 10 Jul 2023 18:36:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=uGDkYLx+UPcjIW+1MJa8xCn4BqEHR9n6fZYZWt4fm+A=; b=rttQ4KcGbsVReLjC7rUs7ykeoU dWimHUwwiYQp8z/s1qPzD9p6Q54f0T+30kW93w1USTjlVDxb1D3kL1bN+yY+oaot8s1/RViKZ3QE0 H1jfPRDGC7TL1b4w3LrhzrPNvMVUyakIpYNkD/QkGxgaGdHOgY+HMap1+ujZ1pZNknTpbFf/4KlXD SxtOzRZPo+mgWz+G7HUnYrkBVf/UxwLtM6/FD+cE/AdlgSg1fnbQOg5er6g0I4vaRxdnH9FR3SiIk 3KMtqeqQRZYwTFHfDUIJa1hjKCfI8YrDj1eGaeZU12QugESu8cwp8Rd8fX3LiGofou2qqy5tIxgD+ yT4VNoKA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjq-00CTFd-0O; Mon, 10 Jul 2023 18:35:58 +0000 Received: from mail-pj1-x104a.google.com ([2607:f8b0:4864:20::104a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjm-00CTDF-0q for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:35:55 +0000 Received: by mail-pj1-x104a.google.com with SMTP id 98e67ed59e1d1-262d69faef9so6087125a91.3 for ; Mon, 10 Jul 2023 11:35:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014151; x=1691606151; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+Lmw3qam11jRSo1H1z3ye084M7cKP++evQKCp2c6VGA=; b=mBak734wMFR6S9+GtbGpTrkghWF+xr1fRhSK0yzJKLx0aVQpIh/dJA08JpJj0Dspmv +KbhrJ1C2ctjEr/1mPfjOLMv2MbYo0us/2F7/8vx2tcXngA5q7eTaZ67JcQRTRYHOu5h 8muHVf2PQjWeu46I51Zsb1knY7eaQnEy4NmF1rWIF9TEchAsuxDYzeXnnAtTHL23VWH+ oxJSCthj46MWSMAttTVrGpHOMejythMECwFTW988R748Ji6HIYOI2Dtt6GQ+aEaySBSr YdYX6GRMU7PTiffp1+4F4pOPCeWqwdawHz7JdI8gfFK8pVDdHxB4qkSizIV8TETm576h gD4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014151; x=1691606151; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+Lmw3qam11jRSo1H1z3ye084M7cKP++evQKCp2c6VGA=; b=Ujtl9xatcMZTqU2T0617gXkI8Nvsh2PqYE6V1Hzwc7wyaKV45bBHo1UhHhwudQBVL4 VWiBKHInk73h9FlOR9ls1WQuyiKz0citbbF341Y9/m/ruJd2sbHjWPmfIn4cdgcvrei1 Jig8asdP3QFuRhx+5cDXnjwY077ywvqQJfoZX5Z9NgXYfN/9Pz0ePqcDO+TxdDkhCXrV 20cD2uPaNpZoI3KRovdWIeHVbPCNEj/CTmfSkTHXz39B+rHtJ1BzZc2VfYTDawwt0lG9 iMh+F80bgltHF0l/VZuJRhQH5enJYkcfQN6kcgwe0gYcEWctvjTZGVCpoR17szU7GZUZ ierw== X-Gm-Message-State: ABy/qLZn0mlEO73arPFvSeNSTyIqT1d7BXcsVv5Z+TqxS8q8fYsowZLk +FhORpwp9G+MAhefbo5xvXykC5K2FTgg63kFtSA= X-Google-Smtp-Source: APBJJlFU00+7gY7YBrESlPEsWXN0HjjU8yiIxkSBDPukNPRNwI/iq87FZheK3yIXtLj3iPKAZwQFHXwHjUoK9+pnV18= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a17:90a:d511:b0:263:4d9e:64f1 with SMTP id t17-20020a17090ad51100b002634d9e64f1mr11001626pju.0.1689014151573; Mon, 10 Jul 2023 11:35:51 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:47 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1996; i=samitolvanen@google.com; h=from:subject; bh=q4ijnPW2Mn1tvBetsRvgpl+qoFykStv8yW3UK+1fGGg=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+ABPMDmB0fh0LjTs3/VHFrPcBar3PHMmw3b h6Q9A6DPKuJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7jgpC/9553yUfoqA9C4FRMa2OFuUbOCPwbvDRNsX7Y9zDAkutsoIgeg23FWNH3zegBmF5hA7+uW gmc4wt+WIt8lObecQrM8afOor4zIgp36iPBEyXWKQWiV6rzZqTev31yXsHzaeOxi/S0pUVykNZ2 BVisTBwjLdMO2wO0WJRMCtoQheGw7NreTHf6ke1uYaqM71zvVaIijKaJL82bOoZGYc9tuUSeBnw i7Ve2L/W+lCEs0THbayq+7Z+wGOQ3f8YyU5VedjHsi1v0wki1Q0ekFH5I/BhQDq65ae4cHHfBQZ 8faWYq/uAteKnSDn52Y5KqaH9pnHBKpFpYAUSI4Y1m1s1JQlpKwyIWsL+v9Lv5VqnVibdLXvZRD baULUYdoNKvc0fUPv746yPn/Ty1RsLoyaulv1PWezPFQ2WvsaAlhmAHtxKrC4tm19h8ptxDztlL MUIMlLVQLmpTSJZH9C4VsYCQuhJhmC6eljPY8UdNAn8rs0Lsd0Bzo6uRDWaYza3fi9HwQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-10-samitolvanen@google.com> Subject: [PATCH v2 2/6] riscv: Add types to indirectly called assembly functions From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113554_298793_D5F15FAD X-CRM114-Status: UNSURE ( 9.85 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use the SYM_TYPED_START macro to add types to the relevant functions. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/kernel/mcount.S | 5 +++-- arch/riscv/kernel/suspend_entry.S | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 8a6e5a9e842a..6c9469050f4c 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -3,6 +3,7 @@ #include #include +#include #include #include #include @@ -47,13 +48,13 @@ addi sp, sp, 4*SZREG .endm -ENTRY(ftrace_stub) +SYM_TYPED_FUNC_START(ftrace_stub) #ifdef CONFIG_DYNAMIC_FTRACE .global MCOUNT_NAME .set MCOUNT_NAME, ftrace_stub #endif ret -ENDPROC(ftrace_stub) +SYM_FUNC_END(ftrace_stub) #ifdef CONFIG_FUNCTION_GRAPH_TRACER ENTRY(return_to_handler) diff --git a/arch/riscv/kernel/suspend_entry.S b/arch/riscv/kernel/suspend_entry.S index 12b52afe09a4..f7960c7c5f9e 100644 --- a/arch/riscv/kernel/suspend_entry.S +++ b/arch/riscv/kernel/suspend_entry.S @@ -5,6 +5,7 @@ */ #include +#include #include #include #include @@ -58,7 +59,7 @@ ENTRY(__cpu_suspend_enter) ret END(__cpu_suspend_enter) -ENTRY(__cpu_resume_enter) +SYM_TYPED_FUNC_START(__cpu_resume_enter) /* Load the global pointer */ .option push .option norelax @@ -94,4 +95,4 @@ ENTRY(__cpu_resume_enter) /* Return to C code */ ret -END(__cpu_resume_enter) +SYM_FUNC_END(__cpu_resume_enter) From patchwork Mon Jul 10 18:35:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 34FCBC001B0 for ; Mon, 10 Jul 2023 18:36:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=jIQu2PzNl1i/KEWl1T2FBTv1m06TwebdFg6RWaBpHaA=; b=38wFR3W4OhyU/ecPFTclQHHvA5 Vm9K0lVZ1cK3jhELkBtL14YH4F6aW83xdCQrp739Lyo4zC9e4MB4nx/+zcBYCFqSG53olk0N5DRGQ 4fP6tStocF54EEh06p/4qA0NONl+Ng/m6J9bKEKF/1yXG+sBKzuOCGZ29CgByl42iPLweWehhMd2W a1tYxwpP8ffuBCUH02dy4d6Ys4xSOiVQEfRmAVAOUNUUnhl/NaXJjERbp2WwQRYnhuMAEncXP7xGr mGgqt+TQfRymQwXKTQMHxbEM2czK82kiS9GqhVZm7g3OlhDeWEmM56jL5UR5O3iC5q/Yjah/Vz5kg QTn9sUEg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjq-00CTG7-2J; Mon, 10 Jul 2023 18:35:58 +0000 Received: from mail-pj1-x104a.google.com ([2607:f8b0:4864:20::104a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjm-00CTDk-23 for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:35:55 +0000 Received: by mail-pj1-x104a.google.com with SMTP id 98e67ed59e1d1-262d296873aso8040760a91.1 for ; Mon, 10 Jul 2023 11:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014153; x=1691606153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=S9zW43FbHuOlleSu+un6XWqUn1fn2QP5MnKtge68NZw=; b=2BvIE+7Cb5J6MVl7t68AQmPcTEFhZlWe+/b7KN/uzDN9+Ao94fJCMlNpxZlDgcGKeB m7Tl+0X9ccOfZ5iYWxiMFwYu8nN55HeVYr4+ygARqmsVCzleZFu1hQDTPf+6UsV5eCOl kLBmxXHq0U/yhc0QwEqq00hwEhv3CEZRvWM7eMi65KLJY6UXulbtXwlfFOOvNvw9zY1U yedqcc3skBZ6xL9hEdYz7sPiFHWBSANUiAkJAZOILfsY9K1OSZgWw3wcPdmj7Kt8fZcu ZjEHV76VEFbS5c51oWd9V7kbiPIXZgzl+hqRGNa3UlpuufenDyzzjDzQuQYbYuxS7VeN VuIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014153; x=1691606153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=S9zW43FbHuOlleSu+un6XWqUn1fn2QP5MnKtge68NZw=; b=B2WrleHtschn5zCNytZGJqSkJTicCKIdmRLKloBFV5/FBsLSIwsM3ZGNQgxb25lRFD J6Z9S5NR4/A50xsv7ziGJpf/HBlxh3zL2Bvin843sB6L1eKusq/j4TY97guNQTwTDmZG 4z/KeYthTOdLA2+ComBFTztCw7hpBz1uGIGgfLFooDWIr+sLuz/mbfvB9MoxZo/tvMoI eOHiKHRPSu9paYxkxrCg++4c7/x50fibioS+7IERSPxw291uwMesY2J5SFzD42z+KDLr UuAL+h6m+zjpcvxb2KdKZFnPBXt58tMmrIr1+K/jVaD5KW8/LCNej7Ef2n3secvhBESY CQiQ== X-Gm-Message-State: ABy/qLaV7fZqnkktOC8MV+XaNpyEemLEgILsANvMaqMFBeO3v5MPIGSS AT1DM7y+MnnAAsBT/h78WWT8e97orvZbVEDYOvk= X-Google-Smtp-Source: APBJJlEHUxfZq7uWFQrz0VKHKSqMYGKtLRHE2eeMBabDYg36u9soDrUt3GcdQwg/5s00tNoVMufWeUuLPI80l6/+3Fc= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a17:90a:8912:b0:263:dcce:ca9a with SMTP id u18-20020a17090a891200b00263dcceca9amr10877384pjn.1.1689014153561; Mon, 10 Jul 2023 11:35:53 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:48 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=977; i=samitolvanen@google.com; h=from:subject; bh=SyYGssy02WwznPseKLFWBeRZamjspo0IenMK/78d1Tw=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AvhWQwKiqzsK7Notr2TR4pdX+nw6HsLRg3 vakDRSEwnyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7m1tC/9kAC6G5E9nlSHjofInL/y8Zju/2BQWR+G6A2hA1YqzCT8IGkEC1AOGiEzHTcV3GCT/87U h87Ilj+zvqCqR/d+1E7J9h46MhhF+f91eFa3Q5kJ2dnf1eX0M4HYypa5V/CoQ7RZNtqr4I39GY8 v5SyYiUxkMUMEemjvdfuawjqjnFuPAyWyWVdfZICe+4Sz3zISBhytRl/GX56rQnYFBa3M97kAq+ AM8FE6CO1URei4DbbZk7iNcBStfCfgywRwJonIGhtU7ySqz56WP4VVchnPlMDd2/uFrWwVfnaOR gHgFbUIGyvvJRDS2ioIDNTWhYuiAwUzyqbpnysqXGWuSm4fshKMe2+HwhBVABEk2757Tq21sNoN jvxlF6Rf8fhicoFRZHmWrSpYAHFemEceYre4wE8AI9ZC1v6f1raY1lMDD5QEk9XE3mFHOQDjdU0 BmpHkd0OocbQjGmBzxP6u2W+S41FuvElG8m9BI30J7iGdiMFpjgsS9pXwLLwK75J6Z0PQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-11-samitolvanen@google.com> Subject: [PATCH v2 3/6] riscv: Add ftrace_stub_graph From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113554_691982_A72C3087 X-CRM114-Status: UNSURE ( 8.83 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Commit 883bbbffa5a4 ("ftrace,kcfi: Separate ftrace_stub() and ftrace_stub_graph()") added a separate ftrace_stub_graph function for CFI_CLANG. Add the stub to fix FUNCTION_GRAPH_TRACER compatibility with CFI. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/kernel/mcount.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 6c9469050f4c..8818a8fa9ff3 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -57,6 +57,10 @@ SYM_TYPED_FUNC_START(ftrace_stub) SYM_FUNC_END(ftrace_stub) #ifdef CONFIG_FUNCTION_GRAPH_TRACER +SYM_TYPED_FUNC_START(ftrace_stub_graph) + ret +SYM_FUNC_END(ftrace_stub_graph) + ENTRY(return_to_handler) /* * On implementing the frame point test, the ideal way is to compare the From patchwork Mon Jul 10 18:35:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E590CEB64DA for ; Mon, 10 Jul 2023 18:36:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=LCouAti7UR2j8+cpBRKn9jX5O3QuGzkAvcYqN2i0OmQ=; b=38y2IoxWfLd0UKHXqEKozObeUJ qqgPl1RrFR8jz88kBcrLZHlsuhBukWe7TLpmHVn70pv03AO/kTpL7D1AlMrvE31VeRFJ9toCHXym5 AJOlhayqUL59YGqrlga/IDNkd4V6vdCus4+G4bjbtQNNn8VklJrypxwAeh+6RJZucST3s/ccKRFIw 2Pf9qfvPGv4Pkj1EfUtbgaayRT7fvJHGXeSoacC3ApDQzdC+cPHdPGlzjNR7GdJpthvw96yHvxl+G QvQs4ZeZi4CRJB7RHezvKVdd6iM1BxoCVz5gWjmUIB92IRYIeI97YrGTxdYhfFuf9ACsjp5Zrmlhv loRnyEAg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjv-00CTIY-0O; Mon, 10 Jul 2023 18:36:03 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjq-00CTEm-1B for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:36:00 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-bfae0f532e4so5737028276.2 for ; Mon, 10 Jul 2023 11:35:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014155; x=1691606155; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=eswTZL14/0lbniOzURaNQN7FEq6zurstCyikDF3vkhM=; b=mHXw4bXuQ7mteNju7x5RettqxmsL3nzNMvjatyU7cakrchbgnqgeh/uJDWKgLamt4x C4Xzhq4sjaYfzMLKVoynFKRvTwC+TjyVeUSMj6dF8hY3fuLx0WbL3+OOle9Tfo44WV62 uC16FFSOSmucbJUO5rm3e6k7swahcwOmIwsHGY/x2v88h6NoXbSMuDbDMx0AkoIQpJaA lpZ22oonYN//0xTzIYB9VViMUKAUoRlSe7xhrk7BJ+4+bA3tRjw+edYdsytGn7S6ZQTj ng9khanqFWbetv8vwXovZTsSSQ9QUGK4ZJn5Npl1DKQciIy5/MskFNwXJgk1TFpB/wIv //IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014155; x=1691606155; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=eswTZL14/0lbniOzURaNQN7FEq6zurstCyikDF3vkhM=; b=NQKKXoeT2ZwZvE6XIfgomhqt/6cQb2i1BghCZxORCiE0lX3SpLW+tPzIRFtMaMvZlO gEgMMPEftmzzo47R3tZQGajMqcDTVe/0H5Qco6QsjxHZpmzpUanehVCu0PryJjDTanpr xe07u1xsGbbTGOPBUqBOn5rbTZDqghR3RV0PgEfSCUN3LyCcxg0fjEPeNZR025rZ8kHJ mWAD5e1KVKKCkx59JBpXX6Ws2HQh8QyPdO1Pvbkper7gKxeBaDhOeSG8+BbilZ6npJPs tSSDbDhZ/WfVKKcCnrrm9SBBlgjwEcPckICVHD0FkMILMauoJv0d4jyXPOKDgfAfJkDO f5og== X-Gm-Message-State: ABy/qLZJarLk3rUU3dCS4tem+iwbdF8Fkii4nb3F+HKzjt77EcgW2hBe 53A4fGxLvmWWAdtKUIdkyytTcJ3fRNe1UMevFJU= X-Google-Smtp-Source: APBJJlFQIZF+igmluOU2bMS5mr8gBJbp/xeb3V0KPaxzgO0oO8YmIRMtUSVCKW3jEDd2PO1KFSRPD2K5B4tN3umd5nw= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a5b:54b:0:b0:c4e:27df:1a0f with SMTP id r11-20020a5b054b000000b00c4e27df1a0fmr99818ybp.13.1689014155420; Mon, 10 Jul 2023 11:35:55 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:49 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=9602; i=samitolvanen@google.com; h=from:subject; bh=IA2WgXxwoWMBmayegrcrafXII/0/7DYZosX7v/GLBck=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AzDEYUQi8BUsweEAdZIzultO1gPrFhWnsI jtkRlq4AveJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7ta1C/9wVoJcIYEMVHSgyqgnPHp4livqoTH2BLIv0xCc+oPtCaZ0eaH7XVR4T6q3lQycYnczBk4 1mR2GTxEkGzihjmY9K2GmbjFNVcg7LOfnEnxsmijLPOvDqY0gszNdNjdmhi8WxHWUwJFM9haa8l Yi1XnlYhUxJv3gfg4FxvLzxcg79nus3gQFVJ+IUm4elFPQi6fcoESs67OuWdDxfeQaQ1+x1ayz6 4HH80CFSL07N5Ey9CbNAqHpXEOOfIhZjRpe0J3rRRmJfKysc8TPeP7Dea5/7dlxcw6Wi7vXrAHb AURq+fs9/5rZ7vdTBg8ZEnI+gaoQoBp9jiCSN32evpWtkzj0bySSVSiREaDLYbTIVhDBTEsn/F4 AFyJRq1R0M+IGVwmydqsXPbL3KEyy+31A1uqXk+l2rWNVdEYCzH3/7gDzHVteYnzu8p3/JJPHVG xUPUsbc8EqzDDllkEN4v42pH4ZCayK8K2GXX/Qc8JCSPI7VitZX0JC9akH9JxgGau1lws= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-12-samitolvanen@google.com> Subject: [PATCH v2 4/6] riscv: Add CFI error handling From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113558_405283_DACE3A8D X-CRM114-Status: GOOD ( 24.19 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble .word function: ... ; indirect call check lw t1, -4(a0) lui t2, addiw t2, t2, beq t1, t2, .Ltmp0 ebreak .Ltmp0: jarl a0 Implement error handling code for the ebreak traps emitted for the checks. This produces the following oops on a CFI failure (generated using lkdtm): [ 21.177245] CFI failure at lkdtm_indirect_call+0x22/0x32 [lkdtm] (target: lkdtm_increment_int+0x0/0x18 [lkdtm]; expected type: 0x3ad55aca) [ 21.178483] Kernel BUG [#1] [ 21.178671] Modules linked in: lkdtm [ 21.179037] CPU: 1 PID: 104 Comm: sh Not tainted 6.3.0-rc6-00037-g37d5ec6297ab #1 [ 21.179511] Hardware name: riscv-virtio,qemu (DT) [ 21.179818] epc : lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.180106] ra : lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.180426] epc : ffffffff01387092 ra : ffffffff01386f14 sp : ff20000000453cf0 [ 21.180792] gp : ffffffff81308c38 tp : ff6000000243f080 t0 : ff20000000453b78 [ 21.181157] t1 : 000000003ad55aca t2 : 000000007e0c52a5 s0 : ff20000000453d00 [ 21.181506] s1 : 0000000000000001 a0 : ffffffff0138d170 a1 : ffffffff013870bc [ 21.181819] a2 : b5fea48dd89aa700 a3 : 0000000000000001 a4 : 0000000000000fff [ 21.182169] a5 : 0000000000000004 a6 : 00000000000000b7 a7 : 0000000000000000 [ 21.182591] s2 : ff20000000453e78 s3 : ffffffffffffffea s4 : 0000000000000012 [ 21.183001] s5 : ff600000023c7000 s6 : 0000000000000006 s7 : ffffffff013882a0 [ 21.183653] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff0138d878 [ 21.184245] s11: ffffffff0138d878 t3 : 0000000000000003 t4 : 0000000000000000 [ 21.184591] t5 : ffffffff8133df08 t6 : ffffffff8133df07 [ 21.184858] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 21.185415] [] lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.185772] [] lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.186093] [] lkdtm_do_action+0x22/0x34 [lkdtm] [ 21.186445] [] direct_entry+0x128/0x13a [lkdtm] [ 21.186817] [] full_proxy_write+0x58/0xb2 [ 21.187352] [] vfs_write+0x14c/0x33a [ 21.187644] [] ksys_write+0x64/0xd4 [ 21.187832] [] sys_write+0xe/0x1a [ 21.188171] [] ret_from_syscall+0x0/0x2 [ 21.188595] Code: 0513 0f65 a303 ffc5 53b7 7e0c 839b 2a53 0363 0073 (9002) 9582 [ 21.189178] ---[ end trace 0000000000000000 ]--- [ 21.189590] Kernel panic - not syncing: Fatal exception Reviewed-by: Kees Cook Reviewed-by: Conor Dooley # ISA bits Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/cfi.h | 22 ++++++++++ arch/riscv/include/asm/insn.h | 10 +++++ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cfi.c | 77 +++++++++++++++++++++++++++++++++++ arch/riscv/kernel/traps.c | 4 +- 6 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 arch/riscv/include/asm/cfi.h create mode 100644 arch/riscv/kernel/cfi.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a475ef1a0c1c..29fdba9d8514 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -49,6 +49,7 @@ config RISCV select ARCH_SUPPORTS_PER_VMA_LOCK if MMU select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS + select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU select ARCH_WANT_FRAME_POINTERS select ARCH_WANT_GENERAL_HUGETLB if !RISCV_ISA_SVNAPOT diff --git a/arch/riscv/include/asm/cfi.h b/arch/riscv/include/asm/cfi.h new file mode 100644 index 000000000000..56bf9d69d5e3 --- /dev/null +++ b/arch/riscv/include/asm/cfi.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_RISCV_CFI_H +#define _ASM_RISCV_CFI_H + +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ + +#include + +#ifdef CONFIG_CFI_CLANG +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs); +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + +#endif /* _ASM_RISCV_CFI_H */ diff --git a/arch/riscv/include/asm/insn.h b/arch/riscv/include/asm/insn.h index 4e1505cef8aa..9c23f598434c 100644 --- a/arch/riscv/include/asm/insn.h +++ b/arch/riscv/include/asm/insn.h @@ -63,6 +63,7 @@ #define RVG_RS1_OPOFF 15 #define RVG_RS2_OPOFF 20 #define RVG_RD_OPOFF 7 +#define RVG_RS1_MASK GENMASK(4, 0) #define RVG_RD_MASK GENMASK(4, 0) /* The bit field of immediate value in RVC J instruction */ @@ -129,6 +130,7 @@ #define RVC_C2_RS1_OPOFF 7 #define RVC_C2_RS2_OPOFF 2 #define RVC_C2_RD_OPOFF 7 +#define RVC_C2_RS1_MASK GENMASK(4, 0) /* parts of opcode for RVG*/ #define RVG_OPCODE_FENCE 0x0f @@ -278,6 +280,10 @@ static __always_inline bool riscv_insn_is_branch(u32 code) #define RV_X(X, s, mask) (((X) >> (s)) & (mask)) #define RVC_X(X, s, mask) RV_X(X, s, mask) +#define RV_EXTRACT_RS1_REG(x) \ + ({typeof(x) x_ = (x); \ + (RV_X(x_, RVG_RS1_OPOFF, RVG_RS1_MASK)); }) + #define RV_EXTRACT_RD_REG(x) \ ({typeof(x) x_ = (x); \ (RV_X(x_, RVG_RD_OPOFF, RVG_RD_MASK)); }) @@ -305,6 +311,10 @@ static __always_inline bool riscv_insn_is_branch(u32 code) (RV_X(x_, RV_B_IMM_11_OPOFF, RV_B_IMM_11_MASK) << RV_B_IMM_11_OFF) | \ (RV_IMM_SIGN(x_) << RV_B_IMM_SIGN_OFF); }) +#define RVC_EXTRACT_C2_RS1_REG(x) \ + ({typeof(x) x_ = (x); \ + (RV_X(x_, RVC_C2_RS1_OPOFF, RVC_C2_RS1_MASK)); }) + #define RVC_EXTRACT_JTYPE_IMM(x) \ ({typeof(x) x_ = (x); \ (RVC_X(x_, RVC_J_IMM_3_1_OPOFF, RVC_J_IMM_3_1_MASK) << RVC_J_IMM_3_1_OFF) | \ diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 506cc4a9a45a..6ac56af42f4a 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -91,6 +91,8 @@ obj-$(CONFIG_CRASH_CORE) += crash_core.o obj-$(CONFIG_JUMP_LABEL) += jump_label.o +obj-$(CONFIG_CFI_CLANG) += cfi.o + obj-$(CONFIG_EFI) += efi.o obj-$(CONFIG_COMPAT) += compat_syscall_table.o obj-$(CONFIG_COMPAT) += compat_signal.o diff --git a/arch/riscv/kernel/cfi.c b/arch/riscv/kernel/cfi.c new file mode 100644 index 000000000000..820158d7a291 --- /dev/null +++ b/arch/riscv/kernel/cfi.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ +#include +#include + +/* + * Returns the target address and the expected type when regs->epc points + * to a compiler-generated CFI trap. + */ +static bool decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + u32 *type) +{ + unsigned long *regs_ptr = (unsigned long *)regs; + int rs1_num; + u32 insn; + + *target = *type = 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + *   lw t1, -4() + * lui t2, + * addiw t2, t2, + * beq t1, t2, .Ltmp1 + * ebreak ; <- regs->epc + * .Ltmp1: + * jalr + * + * We can read the expected type and the target address from the + * registers passed to the beq/jalr instructions. + */ + if (get_kernel_nofault(insn, (void *)regs->epc - 4)) + return false; + if (!riscv_insn_is_beq(insn)) + return false; + + *type = (u32)regs_ptr[RV_EXTRACT_RS1_REG(insn)]; + + if (get_kernel_nofault(insn, (void *)regs->epc) || + get_kernel_nofault(insn, (void *)regs->epc + GET_INSN_LENGTH(insn))) + return false; + + if (riscv_insn_is_jalr(insn)) + rs1_num = RV_EXTRACT_RS1_REG(insn); + else if (riscv_insn_is_c_jalr(insn)) + rs1_num = RVC_EXTRACT_C2_RS1_REG(insn); + else + return false; + + *target = regs_ptr[rs1_num]; + + return true; +} + +/* + * Checks if the ebreak trap is because of a CFI failure, and handles the trap + * if needed. Returns a bug_trap_type value similarly to report_bug. + */ +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + unsigned long target; + u32 type; + + if (!is_cfi_trap(regs->epc)) + return BUG_TRAP_TYPE_NONE; + + if (!decode_cfi_insn(regs, &target, &type)) + return report_cfi_failure_noaddr(regs, regs->epc); + + return report_cfi_failure(regs, regs->epc, &target, type); +} diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index f910dfccbf5d..212dc20631fb 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include @@ -271,7 +272,8 @@ void handle_break(struct pt_regs *regs) == NOTIFY_STOP) return; #endif - else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN) + else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) regs->epc += get_break_insn_length(regs->epc); else die(regs, "Kernel BUG"); From patchwork Mon Jul 10 18:35:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307487 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 54D88EB64DC for ; Mon, 10 Jul 2023 18:36:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=mu71qn5LTOL20Uv4WuOws6gpr/4SoYIzCbQEgJbILx0=; b=nyg6TjP16lThR9SR780s3Sv1WI Tou6ac/87kREJQEeOPLgbez7nLrpkf42D9XHos+2cjiaQ5RCFwN16s/gpEC8coB7Jrjcy7qST8I5E S3UhiwaicMhe6Cd3ttf+g16ifJcq3bulvHchB16MS0dv1H+a5GsX7v60ZuI+vlMCh4CqkfhrLp24w A+/1v3TS91qIkuXcbING05KCrZRJW55RZYI8mHzJpXCGY7tqP9oeFH6UHYiCcvCcqHIkmaE+cypsD 4CBPWJQCmrgnQpZRrHALsguC5muqU2+ZqOYpmeYy+kRYYUa1LzU7zIduOo4T2RjBsa45xExSo/9bW n4XaNTfQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjt-00CTHQ-1e; Mon, 10 Jul 2023 18:36:01 +0000 Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjq-00CTFQ-2F for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:36:00 +0000 Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-56cf9a86277so59215167b3.3 for ; Mon, 10 Jul 2023 11:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014157; x=1691606157; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=aa5lQRof/F8cmDC3HRDbQ84WnKxCQ1duxxw+zC9cpn4=; b=23a/BYJOg6q/fOh8fzxml3B4m2aOP1zFQvS2kQGJ08o95ldNeS0IPbiHDbR9gH9Fp6 kR6Sl8+BgYjzrFsG6yb+Rkk6MNGZW8hEsapNMPKNtCJKuk6nYjCRdQQ+uQb3B9UfB++f utBahDQJYg1o4JuRkSh968uQqvT98b9OmdJjbsrIk3o42Fk2d/ok29nfEUL7UUhqzHJv prPYLaV/c2enA8e2PLnR/POxy31CGGLrstg7H7frJDcw+SCozmYUGTbmwg1dBvxg2NPq 3w+buPLo/MfK/E/uNGpXJFH28p0Ada1smGQG/jSaDr/sxTRRhtnyAA/kKPGymQX7nGfJ 8FSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014157; x=1691606157; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aa5lQRof/F8cmDC3HRDbQ84WnKxCQ1duxxw+zC9cpn4=; b=a9BUs9K7hnoWuyIOfPSVjuY1PhZ7zwVddDV+3WJ8siKbyf+l/8XJoZzWmLlCTQ+R3S B24YHeC2PrRdwLhcZYgoCNArWKePbfbelDmtJzG2aphG/c6oWowEJEOJKBMJ0QmAw4FY 5zsEch+TPrS9bRO6wdGVcWD1I9hw8eGdiJj36u/ITJPxWonGRjs0nuy7MrAaqjNSijKY KRgA2r2MSwDpb0FS4DcSxtONO+8UWtoPAGBzIEP1zowGezuCSpQPOFbs2zN+ozGcQbtw 5RrnNJY89ea5OO6H/wurSmz4FN79T0LqDMiDjbXM038m1cWtHdUK87e623o7eJuBBI2z UKkg== X-Gm-Message-State: ABy/qLa4UlytgYtTTMiCUOx3DSqeDDAEcZl8tK9LRS0QlpBRDIBOBUNd pSv0Dnqgp7jVoVZi7+Tp7PN+APXL5mKQAZoqw3w= X-Google-Smtp-Source: APBJJlF1HS/nqxQGVVm7Sw+Lyqck7QIthyrJFOTZrHwkstg/4ASzhXm/9W1XHOsTeD182p89+d7OuhX8FazlF9+8Pwg= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:b3c3:0:b0:569:e04a:239d with SMTP id r186-20020a81b3c3000000b00569e04a239dmr97416ywh.0.1689014157245; Mon, 10 Jul 2023 11:35:57 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:50 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=820; i=samitolvanen@google.com; h=from:subject; bh=kymeq10zoWFqiY+GAwwmAwqNZBv1fmNg5qliMfkaSfY=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+BqQqqxzq7jHsOZNuj+FFSkh4kaftmf8PyY jDkFEmsHKSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgQAKCRBMtfaEi7xW 7hR1DACL7wNpbhOW9RbbJ6wgRvYcoTTSZDHUgsClXupLaaeipyUO9QC9zsPf4Q1iemCy/NFGNyC JF7AS7FxhKhD5Cc5XVhwyColrHi1xcvd6H9jUoiE6UhKSdLbDa11uc/dH6nMQk1B7K8bUV8dq7y BTGqNZBzFvNBEXKspIzcxH+1qhZUKR5L+PcoVhaM1MPO22DQXRL7bBhknQ68Q4DNRNN/fEhIFd/ x1VO+WAhzdrmbt0UsBsYs8Iins8w4y3rr5takR5uFJjejP9YWDAusk8aDsuvoWfbYgMEh5xbCxa 1Fj/kfCx+v2CLL5VbmgP5kseMz5eTtbE1oxt4oMWlYHEMHcUwrS7+8W2qXt0k99dOtQnHVRZRuP 8luFpa8IutHZkKTVnPrLhUyCkK1TJjo4EjU8L589pXW39fW/up+mozwX985Km0FeB3Z220FUTGL zfFr01PoMwotR0AcrDE2aotdqMYL1mWrkB1IF3Umg3PtPxFoKaU+zURdOn13bxn/CxtbI= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-13-samitolvanen@google.com> Subject: [PATCH v2 5/6] riscv/purgatory: Disable CFI From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113558_743421_0ED0FB24 X-CRM114-Status: UNSURE ( 7.21 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Filter out CC_FLAGS_CFI when CONFIG_CFI_CLANG. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/purgatory/Makefile b/arch/riscv/purgatory/Makefile index dc20e166983e..9e6476719abb 100644 --- a/arch/riscv/purgatory/Makefile +++ b/arch/riscv/purgatory/Makefile @@ -77,6 +77,10 @@ ifdef CONFIG_STACKPROTECTOR_STRONG PURGATORY_CFLAGS_REMOVE += -fstack-protector-strong endif +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) From patchwork Mon Jul 10 18:35:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 13307489 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D5C9DEB64D9 for ; Mon, 10 Jul 2023 18:36:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID: References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8XFT/+Wk7WTr5oNh00e/3Wzp8TQe3l7XhYL5lW5KhqY=; b=sm2j46k1pKvfJy/w4QprXlMfJ8 DD5OiSSj9JKW2Cn/TwOeXQPoZOk71SYDsT25mdl2JuIzlX0aJcf4qR4fzr/YbosJ6Ic60zqRLwPyw MP74v1vtyDPngFhNQ6AXzRB0F7hHRmbqSfBzACDOYKzvNBswzCs9OMjx3M1cJzxDZ1+lCx6026lUM koSOWdAiMsZt/rIzKT7VBfkJF2x+HLkhkBVlITgCCn4WXg3DKSN2fsnOKY39W3f1o4hBCrUbO3KSa Gi5eJmyeir3mOy4Ehv9vj7gpqVG6/QqJuM/sLcF5V4TblyUWBZ7QlWJH5Q7GAXxHY98bUMPjlh9Kz 7OK4zy5A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjv-00CTIz-2G; Mon, 10 Jul 2023 18:36:03 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qIvjs-00CTGb-0L for linux-riscv@lists.infradead.org; Mon, 10 Jul 2023 18:36:01 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-c6ab0d1b1dcso5068257276.0 for ; Mon, 10 Jul 2023 11:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014159; x=1691606159; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=U5TIV77Gf9BVe9e6kCB4/ILVtLRCWpn2g7fhFOBoE3s=; b=qwyEfW3Cmou0wgR8ApNwjEhaMEQudKFycuSBNRASsvYbO6BVLK0h2HB5eRL+9FdoMU cHkqVYioIwvINUHdXDqouKSsUkMhNEt3vlZ5EhDdG/GJ7aS6sxT9BTuMO57QznLtk4Do UOyDz2FVIrzepF2aCMOr8gdFR+IFDr8Yizd130zu+X1a5ZNeGj0E1pS9r4u2rgJl03cn LvhEifvwZc9TS+BeKevDHotAcWKC0F37ns1qqWpTSOjO5WQ638Ecmx2sZTcvgnkz4ikm f0djXHkpR6yjiOb0JfKYanYVo4ymoKD9Tm6gnQSjri0cs478Yrmox99UBLIWxPCVcuw2 insg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014159; x=1691606159; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=U5TIV77Gf9BVe9e6kCB4/ILVtLRCWpn2g7fhFOBoE3s=; b=PFnAdovzcydxdWKkCBLij5yreOf3fbO1FjdTlsev/H4tocxRCem2MnPQXTSopkAD9I e64VFpMtdXqGyf6F+V5Xl+Ieh/Dt02MRbFM5PtnaAzZQtQ27y+Z2oZiNYFIyhEkd7ICS uiqPv306wKzPURK1KL14Vfm4OnXBcYj7LWv3QhAbgiw19mpwendTtgr4rI13iZzZ4cNc 1t1RNmz8vd3fbB8VgLP2A3StKRHAfGA0Aw3z1CAfGWjhyAq558MVKjiZgTEabKLeqQzy MLoaPAZsUbGThwQrMHFTGfgidQu78biuxXun8YiOpseI2n5ceu3Mlw9/E3MMmtXVKsCi BuLg== X-Gm-Message-State: ABy/qLa5aqXtOLhliF5/IRvaKYPgqexXN6HCa6nkLj/RF5bvIm82F0Gk 5QA0SrHtsYkA5qDduCZ+joiJhZNaSf3NjgJ1Vuo= X-Google-Smtp-Source: APBJJlHCBpDFRan8lF/OCBAcQRzjHMIn7AKZyi8KrXyHj/pOEPwKO6DHb0dieV8Bld6b3gSNsuAgryF6lwn80bKvU1E= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a5b:90e:0:b0:bc0:bfa7:7647 with SMTP id a14-20020a5b090e000000b00bc0bfa77647mr78507ybq.0.1689014159077; Mon, 10 Jul 2023 11:35:59 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:51 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=786; i=samitolvanen@google.com; h=from:subject; bh=Kirtl/2CH574RlVli6RH7Tr3lxFM3RdB5GGPayWpFT0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+BGANkjs7x+hs99YYaMrhZLk9av9PmK51ek dJTYVpr+pWJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgQAKCRBMtfaEi7xW 7nVMC/0YbuLZxw85M9u6LDaUUwcWbWuX73K0i6Ow+fZlwze0XWWIw6HwbB4a4LtG5NRd9Tb+RYJ j6jVsSUO6MPXn4uUYYiSa9lKiKsUoXUkG02C9xDkX6cCn9Zd507LQGKmZW/mzDns+m5H6sdb4O+ 9tuXpgxHMtOmmnM9pQseqzSsfOHRdBqZat4JjmG7GjuAU4mco3J7hCmubi/E4RyACCVYpYkk+wb gKCmfg89QQ/bzonXsdRv8Wj2wGDw0IOP+vQvx+19bw1u/LnPEx3L4TuXxYIXoVxS/vpYmdH56dc MNLQWYITWJbBzw5z9es2HByxf1uOi1N7FAVFxi9/wKQruIfPbzdUCWTSfhXRFBJ9bfh5ByFoLAx mOa+Dld6KrZPLvF+QuOnUt5fiMN8Fk77zFkUYLruYGIDyhJci/wxjNRwjHzVLnN4VwJPWlqZnUZ xd4WtDmOT5gKbgSr/iqHLa2YfhwhUraInyaAMD6csG1kxRAfyFOeiEWRFpP63KzG8Oz78= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-14-samitolvanen@google.com> Subject: [PATCH v2 6/6] riscv: Allow CONFIG_CFI_CLANG to be selected From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230710_113600_144926_921962BC X-CRM114-Status: UNSURE ( 7.61 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Select ARCH_SUPPORTS_CFI_CLANG to allow CFI_CLANG to be selected on riscv. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 29fdba9d8514..68c790b181c3 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -43,6 +43,7 @@ config RISCV select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT select ARCH_STACKWALK select ARCH_SUPPORTS_ATOMIC_RMW + select ARCH_SUPPORTS_CFI_CLANG select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU