From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B433EB64D9 for ; Thu, 29 Jun 2023 23:43:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230327AbjF2Xm7 (ORCPT ); Thu, 29 Jun 2023 19:42:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231874AbjF2Xmx (ORCPT ); Thu, 29 Jun 2023 19:42:53 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 490E62D50 for ; Thu, 29 Jun 2023 16:42:52 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-bd69ee0edacso996437276.3 for ; Thu, 29 Jun 2023 16:42:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082171; x=1690674171; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5MN5onT38odilPSNEoZC1Mi9+3N8xJapfm8z7ugW2tI=; b=LtG+9f8lNr90fFI+0QMhjtDA8ze7b45VrCWFW4nvV+BMtZh+noaxCy8vJqhikyQx2W /g5bMoJfwQyzCxXHsfZMaqFOno/7vLhcsmQM8RRs6J1k10YbHdloEaoKRzHArlWZh2oe EMyA7aTeM8Qnncho/1othEg+1iuSj4eImUZAkMny/ecWcCcMigVSPquriE64cQkal2eG uf3oGzOxkGj24hiTpbJ8BT1j+GuEQWHjRQBG0IeNpg4NIWh71wJXzpCx3MJERhXPF0O8 35xcQAIAoT+Jorw4NbajO9g3CTzd1Qb87rZJfOVpmSV4VGjdMs/S+9kpDeCP/EvvqXfw 8Q5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082171; x=1690674171; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5MN5onT38odilPSNEoZC1Mi9+3N8xJapfm8z7ugW2tI=; b=gjAAQNdoBC+VBQNVMKhWiQ9Zu/f+4jKh0T+mjB5XnklMYXyRNzziAiqK+brxcvMzOW sLZI89M0N30L3yOvO+Ioq96D1dOB0lJf0WE0c+TFVvtgJM6W62wVjAgdomrJfjCfkOYq 3b7zevN8lWQC6q4bJXHfafRnnHmZTUlQjf6p7tAQaizpC6whKl8sRHbLwixHBQ0VJEmG 65x61bneBJfIoCGL2DMANw1sHxeYdrJZ8xGTKEl2KViz+xE4Px5G1TVphs9LHnuuWcc2 IGuOJJGV7rdH7/cr9Q6PFJxNhsZml4YNdDLWjWNJI2NH4rBCjeR9sNCMb0HFA6pNzieh 56fA== X-Gm-Message-State: ABy/qLaRtAMU2P5Xwhn+vevZQxJM0T/WjO5IOwv3jzaLm7cL5N6B45gA ps0+vbk53MlYAvDtyfkfXKr08mZoUxhiOT/I0bQ= X-Google-Smtp-Source: APBJJlGHGbByNsgOY724SZV19hkyK0T75VDbu520ooERhQ+lRG6ucOFyPWjbmLH7w+DGNK30QWPPvcGekMSjSa/C5O8= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a25:f621:0:b0:bc7:f6af:8cff with SMTP id t33-20020a25f621000000b00bc7f6af8cffmr7508ybd.2.1688082171394; Thu, 29 Jun 2023 16:42:51 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:46 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8711; i=samitolvanen@google.com; h=from:subject; bh=cH71RIetyr2QuAmRr+J7d1k89bDxV7/5s6ugVqwLMbQ=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1QV8f/gaDfpgpTdMqS+FPj4u7EksN/UAMk HNeYAk6CA+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7jLMDACCmPDnsW10/UuozU16UpwfnLDHLqBpkQ1jdeCXRT12jmKHWETnIC4WJcHOdF18tQO1AGa v1aeMP0Rr/WdyMDCNLTCcAuSX/Fl7gBgh2YHcPC4+gVO1j93qIopMPNalvL9MXVOuFJ5pjGlm32 j1xUE4gXh7w1wSpt+mQ3u74NLOLxdsIf1z1u01ydePmTR7KT6j5XWXBK8DxfbLq+RR1GgL1Rc7H Xdwhy0oj4WHnHNXvxlM0ECKp9uOYSVGdODHaIc5iB+2jnDHEPG+8bs8VO/u4RcjVnwcmtZSKbH9 7n+4xxrmyXjQPpE8SoiWZv85EubD+UvngtjZD/Waf8RrD1oc36lhI6yRl46DBFETa6OaHVu5WJw EHDXKZ2yBHyztJ/bAo952jMSHqTycccYNtU3yqdW9H9hKhFQX6tVwzoOxr+36T9oXLaQh0CBvX4 T6o09yy2NGeWpjZgLuUeZAlHJJYCtMrHFHsZFa+egS2GWjvvrGDOeGjYWGmmKWhR4K45U= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-9-samitolvanen@google.com> Subject: [PATCH 1/6] riscv: Implement syscall wrappers From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_sys_ takes a pt_regs pointer and extracts arguments from registers, __se_sys_ is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_sys_. Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/syscall.h | 5 +- arch/riscv/include/asm/syscall_wrapper.h | 87 ++++++++++++++++++++++++ arch/riscv/kernel/compat_syscall_table.c | 8 ++- arch/riscv/kernel/sys_riscv.c | 6 ++ arch/riscv/kernel/syscall_table.c | 8 ++- 6 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 arch/riscv/include/asm/syscall_wrapper.h diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a08917f681af..b54a830eb5c6 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -33,6 +33,7 @@ config RISCV select ARCH_HAS_SET_MEMORY if MMU select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL + select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_VDSO_DATA diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/sysc= all.h index 0148c6bd9675..121fff429dce 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -75,7 +75,7 @@ static inline int syscall_get_arch(struct task_struct *ta= sk) #endif } =20 -typedef long (*syscall_t)(ulong, ulong, ulong, ulong, ulong, ulong, ulong); +typedef long (*syscall_t)(const struct pt_regs *); static inline void syscall_handler(struct pt_regs *regs, ulong syscall) { syscall_t fn; @@ -87,8 +87,7 @@ static inline void syscall_handler(struct pt_regs *regs, = ulong syscall) #endif fn =3D sys_call_table[syscall]; =20 - regs->a0 =3D fn(regs->orig_a0, regs->a1, regs->a2, - regs->a3, regs->a4, regs->a5, regs->a6); + regs->a0 =3D fn(regs); } =20 static inline bool arch_syscall_is_vdso_sigreturn(struct pt_regs *regs) diff --git a/arch/riscv/include/asm/syscall_wrapper.h b/arch/riscv/include/= asm/syscall_wrapper.h new file mode 100644 index 000000000000..1d7942c8a6cb --- /dev/null +++ b/arch/riscv/include/asm/syscall_wrapper.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * syscall_wrapper.h - riscv specific wrappers to syscall definitions + * + * Based on arch/arm64/include/syscall_wrapper.h + */ + +#ifndef __ASM_SYSCALL_WRAPPER_H +#define __ASM_SYSCALL_WRAPPER_H + +#include + +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *); + +#define SC_RISCV_REGS_TO_ARGS(x, ...) \ + __MAP(x,__SC_ARGS \ + ,,regs->orig_a0,,regs->a1,,regs->a2 \ + ,,regs->a3,,regs->a4,,regs->a5,,regs->a6) + +#ifdef CONFIG_COMPAT + +#define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys##name, ERRNO); \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));= \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs) \ + { \ + return __se_compat_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + return __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define COMPAT_SYSCALL_DEFINE0(sname) \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused= ); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys_##sname, ERRNO); \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL_COMPAT(name) \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *re= gs); \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *re= gs) \ + { \ + return sys_ni_syscall(); \ + } + +#define COMPAT_SYS_NI(name) \ + SYSCALL_ALIAS(__riscv_compat_sys_##name, sys_ni_posix_timers); + +#endif /* CONFIG_COMPAT */ + +#define __SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_sys##name, ERRNO); \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs) \ + { \ + return __se_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + long ret =3D __do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__)); \ + __MAP(x,__SC_TEST,__VA_ARGS__); \ + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define SYSCALL_DEFINE0(sname) \ + SYSCALL_METADATA(_##sname, 0); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_sys_##sname, ERRNO); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL(name) \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define SYS_NI(name) SYSCALL_ALIAS(__riscv_sys_##name, sys_ni_posix_timers= ); + +#endif /* __ASM_SYSCALL_WRAPPER_H */ diff --git a/arch/riscv/kernel/compat_syscall_table.c b/arch/riscv/kernel/c= ompat_syscall_table.c index 651f2b009c28..ad7f2d712f5f 100644 --- a/arch/riscv/kernel/compat_syscall_table.c +++ b/arch/riscv/kernel/compat_syscall_table.c @@ -9,11 +9,15 @@ #include =20 #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] =3D (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt= _regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] =3D __riscv_##call, =20 asmlinkage long compat_sys_rt_sigreturn(void); =20 void * const compat_sys_call_table[__NR_syscalls] =3D { - [0 ... __NR_syscalls - 1] =3D sys_ni_syscall, + [0 ... __NR_syscalls - 1] =3D __riscv_sys_ni_syscall, #include }; diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 5db29683ebee..5cc3b9457dfd 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -297,3 +297,9 @@ SYSCALL_DEFINE5(riscv_hwprobe, struct riscv_hwprobe __u= ser *, pairs, return do_riscv_hwprobe(pairs, pair_count, cpu_count, cpus, flags); } + +/* Not defined using SYSCALL_DEFINE0 to avoid error injection */ +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *__unused) +{ + return -ENOSYS; +} diff --git a/arch/riscv/kernel/syscall_table.c b/arch/riscv/kernel/syscall_= table.c index 44b1420a2270..dda913764903 100644 --- a/arch/riscv/kernel/syscall_table.c +++ b/arch/riscv/kernel/syscall_table.c @@ -10,9 +10,13 @@ #include =20 #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] =3D (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt= _regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] =3D __riscv_##call, =20 void * const sys_call_table[__NR_syscalls] =3D { - [0 ... __NR_syscalls - 1] =3D sys_ni_syscall, + [0 ... __NR_syscalls - 1] =3D __riscv_sys_ni_syscall, #include }; --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D17AC0015E for ; Thu, 29 Jun 2023 23:43:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231967AbjF2XnB (ORCPT ); Thu, 29 Jun 2023 19:43:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231882AbjF2Xmz (ORCPT ); Thu, 29 Jun 2023 19:42:55 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B7CBEC for ; Thu, 29 Jun 2023 16:42:54 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-570553a18deso11017607b3.2 for ; Thu, 29 Jun 2023 16:42:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082173; x=1690674173; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rwKLI/qRUKPULIlBC3OTUhb6lfrxfVtcL7RWgMXp+DM=; b=xZ4gzYmgSDP58mOKR8hM46Nd3CktXTb7BWdOsL40ZpOowsFja8hHx4hEpRu7h+8XXt MXlo89FDD72TAUb0aNZwUN9hsD5krX9N6BIDIdgNZjO2+Q9hqoPmMO0wHRAE3CanaHoU CADHRRVIOfgsXUI7G64inFFIC6roC6nRP9g9q4FoTqTZt29i4bySfE6PCOpQKuDFFD+S qmiO+EA4gU+2Idsy+Qnduwt2kaRDhqdZTG4p59yUdS5hMXfpchMb7zXP+BfLtVyISxVO bziwFW/aif6c2MFD81O0+6TPzmJ57qD6QsqQF1V8sU5pSP48L18NjLafTtvf7VZj/Uf6 mi7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082173; x=1690674173; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rwKLI/qRUKPULIlBC3OTUhb6lfrxfVtcL7RWgMXp+DM=; b=keKnIR8ZKzBmhNg9J/oiA1ia7oqOvACmfP/nFRr3oxLb8WrnzFxsk7tR+d0PyXuKIO i2uhGmsf6LvWjWl8dVO+O85W5NAjEX+gbw8QWTvlbxv3Gotwu2qdRPRsHFXFut/qX+xx pcJjfPvxmUuR+4hTswTSJwZCrq/wJsvL3EaTKrVQ2rORJe6TSL+cEd/j6GsMJJ5xqeAS Pd5LZcxesRo7EXUAkqy2AxYPMK/rctL7I0hY+Owx/0qecKonSV8FIYqFPeoY+wo9CdUo U4LFDziBJXajtuy1wBEjUgepNN8qteh5Mi1KdFa1XGSgYFLiCzvvIvvh2k/5PVKI8aVY B2AQ== X-Gm-Message-State: ABy/qLbLft95GFcqXw8325HlZD2wt2xj7tnmhz4IGRoJSsFoSsQt1m3O ZTmZRuEvM44gLBtoHE2FF2lhuI7gKx9n8VgYHO4= X-Google-Smtp-Source: APBJJlGvY9o8TdVQA2iFVhCCB50GqC+vEYRFxxtjURS+zUxZ3uCTPfePcPm+HJkTvW8UT4zvI1DCpmZcRMm1arw/G+E= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:7e0a:0:b0:56f:f62b:7a11 with SMTP id o10-20020a817e0a000000b0056ff62b7a11mr6436ywn.8.1688082173423; Thu, 29 Jun 2023 16:42:53 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:47 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1898; i=samitolvanen@google.com; h=from:subject; bh=Gkp1NJ2f7yYUqQXHMI7a2x2tGYxFA1ILvi7IEKTnass=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1WHJAgo4Uq6U6j6NflafXu9jZGHzv6JSKG I68vAHUjwOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7ra7DACnV4oH9Zp+lDg83B8KilPxMfwy2imQEk7g4tL0+joJ7XhULu9MfK90xn7TM7i4gtaSYlw WWtBPr32oT+mqBypw6Zzzh3TjqvFxGw6L4NBPrew6Zv8Q2DnCsPP3MdTja4RKLIR9eYZz/6MKhY KoJ1U2HlLEczeZs9jBPFvTUBeodHLyEcItxzzSMGaK8gSj0HUgan9Y0jDi1r2wlPF9qgKtm/5lF e3pkg/Uv3sTKtwhfqNeCqnkBuo3UwEAuXmUP2BKHh1RVZRRHkXsYPbi6hckTUsHIsz/Ei36AaKy dYHxMndLyrFMOV55dL9x2qlhOYEwmNjRDotAMG/b0sT09z4txrkykyuszG4sHikOQg5drQ6Qt5K Fjw/DqnV9FeYOjowphHAm21MgWwnxwBUALJrWe92r5LVU+EqWAZEFtROnZlRkcsTrt3D8P6ozhM kSPl2dnVwxy5LCbyOS8SfKJPZbyg7P3geJcOGAJ3DcZ0TRSuOpXbTvdhgxFYPSa++A5FQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-10-samitolvanen@google.com> Subject: [PATCH 2/6] riscv: Add types to indirectly called assembly functions From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use the SYM_TYPED_START macro to add types to the relevant functions. Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/kernel/mcount.S | 5 +++-- arch/riscv/kernel/suspend_entry.S | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 30102aadc4d7..712c1d2c2723 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -3,6 +3,7 @@ =20 #include #include +#include #include #include #include @@ -47,13 +48,13 @@ addi sp, sp, 4*SZREG .endm =20 -ENTRY(ftrace_stub) +SYM_TYPED_FUNC_START(ftrace_stub) #ifdef CONFIG_DYNAMIC_FTRACE .global MCOUNT_NAME .set MCOUNT_NAME, ftrace_stub #endif ret -ENDPROC(ftrace_stub) +SYM_FUNC_END(ftrace_stub) =20 #ifdef CONFIG_FUNCTION_GRAPH_TRACER ENTRY(return_to_handler) diff --git a/arch/riscv/kernel/suspend_entry.S b/arch/riscv/kernel/suspend_= entry.S index 12b52afe09a4..f7960c7c5f9e 100644 --- a/arch/riscv/kernel/suspend_entry.S +++ b/arch/riscv/kernel/suspend_entry.S @@ -5,6 +5,7 @@ */ =20 #include +#include #include #include #include @@ -58,7 +59,7 @@ ENTRY(__cpu_suspend_enter) ret END(__cpu_suspend_enter) =20 -ENTRY(__cpu_resume_enter) +SYM_TYPED_FUNC_START(__cpu_resume_enter) /* Load the global pointer */ .option push .option norelax @@ -94,4 +95,4 @@ ENTRY(__cpu_resume_enter) =20 /* Return to C code */ ret -END(__cpu_resume_enter) +SYM_FUNC_END(__cpu_resume_enter) --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62A22EB64D9 for ; Thu, 29 Jun 2023 23:43:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231961AbjF2XnK (ORCPT ); Thu, 29 Jun 2023 19:43:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231886AbjF2Xm4 (ORCPT ); Thu, 29 Jun 2023 19:42:56 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE7602D55 for ; Thu, 29 Jun 2023 16:42:55 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-c118efd0c3cso1081688276.0 for ; Thu, 29 Jun 2023 16:42:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082175; x=1690674175; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5Xnc4kEY4EbaBnYfn4j7l+LmuswSwMsWgqgbgeywLsM=; b=kp2ERfWqnMk1aYCcY3Lh5Z6gm14ZJ3i2mXlb/00TiljzMsnxeQFs5kbVGLwdlHdXWH 1Pr+W0hxAGlZuFtJ34Gw8FWCTQKcdth2yYQ4kpxbIRDw+N4gAfjsiMTV7jzpomXHcLTS 0kT2wDspmdW0ky6LKXOjJbvqFbwXOfI+Uqy9S8KBiTg+C/CpcRA4cNvS8TaL+WBXZhiJ gqG0bbHz3u6ZHweyCgmLfplLh+OdA+qcH5DUy3t0ecNfXfQIxRtzjJjc8ialYxW+YbE9 hNIbzRRmtDZvI0K4dsHoLvVVFESxxWxy+57P+dee5eOgXSh7DXoAPg7ADh/35TMj2lK4 3t9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082175; x=1690674175; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5Xnc4kEY4EbaBnYfn4j7l+LmuswSwMsWgqgbgeywLsM=; b=mGQafSENtUyDg44/AfOBCLh5vfgyQTb4pFlSQRLdtxPnn93nwH543ox3gbdvPtKl8M sJvZusj/lKppeQYdtRRPHMoWfE6BQSPLoRdTRm2LpWC3ULcdKlXELcuum3mfWwSEt1y1 4wGVCUNt3zdbzF5iCGT6AgFlzYyeEEbNWOCp61DerfLnSVtOPYjiZRNuZixq2tZ2HoaL tChiycV8xcmMOD/3/I1iXAbmiBh/Lfx0vdFiJzYkDsrEboq8NGAJGq9OILGPwuy4d03y 8CPH8VVwWHfwN0/nOyEziHKY8BgyxyE/Pe6kGg1eLoJtRTDlohfwK8ujcwH8jPENLulB hEnA== X-Gm-Message-State: ABy/qLbsjqZC6lFPGzy8YIViVK0yon91QCewKYaPpHUvevZBxqzRNsPx mxQEhXo2t7sEthKHke0OnjC7koAa48UcO1eY4X8= X-Google-Smtp-Source: APBJJlELQmIdC0rGqtb4VJitzpWLBDF1z2wW/3vjqsBQPQv0tSZIA2LaC77zwb28Y653cXNP4FPxNLuggPDhhv7s5Yw= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a25:3f44:0:b0:c39:4e0b:2f05 with SMTP id m65-20020a253f44000000b00c394e0b2f05mr7310yba.6.1688082175113; Thu, 29 Jun 2023 16:42:55 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:48 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=879; i=samitolvanen@google.com; h=from:subject; bh=jTMsDVHp3vLP+kp6kYa8Yt2xhzF3g8PflLJEr5zwipc=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb19IaK8IPSrcbSiqkp1zwKDFD22eRwAN9KJ 9YK7ujl6kKJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7hKeC/9phxEf9/+dB3hfrEFRxhxmmCZAlHL7B2GBUkQCOpdHg2ck1MABWcoko419h0tlSz45RPv IyV9eudwY59txN8eLDO2Lh+KuGtj/I/xL9yy+6j71mkvxiRbmFzuLHv/QwdBqbMDOUZdK9LNjwC hjDZ12Mk+tdQ2pAfhWRG7oI2pvSd76+bgvv5glho5QYig7FnKmOdl6Lly7gAjjaP/bsB2ESWl/f 5wZ6tCp/E/iOu6m6yF4LBt0RObJUIyuvpYsPmObRxGFVZVAQkogHlMGdi0l0XVwpHY2xcKqzusS HhpVp8d4J/FreeR1zKHdC3oJqbkgtBa0poSZnm9iOzOtdaMNnRRYqf5ih9YbDcrim2hjDQGfTZc iaP32nHcDEaHWHNpHRw0gEionM52PXSz8IxY4GPajiUthGRen5n5T/2UzAho1Odw6xFE36Kvd3/ ayJR/eygigxaJNCGU8rkS9ho97aA+Ng4gci+jDMa+FPMitZDgr6U1fYKqpHrXzUK/jUjA= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-11-samitolvanen@google.com> Subject: [PATCH 3/6] riscv: Add ftrace_stub_graph From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit 883bbbffa5a4 ("ftrace,kcfi: Separate ftrace_stub() and ftrace_stub_graph()") added a separate ftrace_stub_graph function for CFI_CLANG. Add the stub to fix FUNCTION_GRAPH_TRACER compatibility with CFI. Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/kernel/mcount.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 712c1d2c2723..c73d7514e45f 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -57,6 +57,10 @@ SYM_TYPED_FUNC_START(ftrace_stub) SYM_FUNC_END(ftrace_stub) =20 #ifdef CONFIG_FUNCTION_GRAPH_TRACER +SYM_TYPED_FUNC_START(ftrace_stub_graph) + ret +SYM_FUNC_END(ftrace_stub_graph) + ENTRY(return_to_handler) /* * On implementing the frame point test, the ideal way is to compare the --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6A99EB64DD for ; Thu, 29 Jun 2023 23:43:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232002AbjF2XnG (ORCPT ); Thu, 29 Jun 2023 19:43:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231903AbjF2Xm6 (ORCPT ); Thu, 29 Jun 2023 19:42:58 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75BC62D56 for ; Thu, 29 Jun 2023 16:42:57 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id d2e1a72fcca58-66a634b2cf5so852010b3a.0 for ; Thu, 29 Jun 2023 16:42:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082177; x=1690674177; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=kH7bkPbO18xX/Wp0GpqGpLlOQ0f95hD6FnRtLDJvT1U=; b=MOrJxSP3sVqGm+w0js/kIw42CYZEUP0oOJNMS+uIOa3MELAjgpbyTEzy/4B24ur+OK qM7qAuosF6u0oM27xEmeVggBJ+6/NH+9EoAVMOBltCUDX8waMif7DUAE8zgVrP066VKz JZYmWrGCxkCV1ew5vNDDksZ/wRF/Zoujs622lDGtfKg6dUgwqu1Buhk5NRH1fTLjNmt8 NUyWcokBJNyaKD+b76OJOILtSe24hjIImin9Dzgx3z7SSWX+3BpmVK9w1Ah3TO1Ekw6T q0BczkHxDyFoQVa4T2Ls121wOtYzOA/qMkqb3C89vnQyR85YIGae/1Kwcla942IWNnDu AXTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082177; x=1690674177; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=kH7bkPbO18xX/Wp0GpqGpLlOQ0f95hD6FnRtLDJvT1U=; b=WI0TPLIJcaJ84nED5I+zPvsb1wtjd7XEkDi19gQX9UVFdZB4A6smJ0hmTyTMWHZdWV tMkBeOO/r+iAHy47emZ+JiJqN+IMm2KtJIO0PEwTf/INOfhw9tQGpJvFooGq80Zeo5LK y1NAjUzRPM76TVTtI01Z+X0TGdF/ARBzDPS9YwpYBjQ5kJqDVKWQ8cB86UwEu6hJ5cWP 8Ks9g6vqpx8c0SpiMbD6jq78WFe2YrTZDDHx9Wh+m7NGQYOsWYmjWfiW8b21RYDxDQLb BkxLlQN9kJNIZWgjCNMQqCPgv0Q6DGXMGRthcuhObXQ5QMxTx2fI726PXCKAuxwry3gP YV+Q== X-Gm-Message-State: AC+VfDwGyHLw2/fQCJLuNUW/iUPKwrieR88NmSCnCGQluiSS6y9NSn9h HM3104RATnI2gO7jBnAaOrUeM4eF08fiH/uVhqI= X-Google-Smtp-Source: ACHHUZ54tMcYLAqtFQ4eD7Co9823u9Z85Yql+d2HDqherGgBCI4z4EkToq8lC91y+5fbCwaKDbVpEDDVYz5UAdJejDo= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:18a6:b0:67b:8602:aa10 with SMTP id x38-20020a056a0018a600b0067b8602aa10mr1871084pfh.0.1688082176944; Thu, 29 Jun 2023 16:42:56 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:49 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=9436; i=samitolvanen@google.com; h=from:subject; bh=JZNR4FrhRgjhD3OE65/zHFRoFa/eW0jA8NKJ4VpUQAM=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb17pDdOWUqLhJ1JUH+3wVLRO6EhFWeGwkjK 7BieuQqsc+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7rBdC/9osT4E49rQweMxnUcqovViVIiMB+HeQOW+PQuZH8/EBALEW5KQD2WoZyN/to24b+CwgXK b1rrMZ+HQQlfYYiWdS8D1o3sa2GYK6f8koSaggQIj2kVFoNzOuYnLt5xGZBifcfUPONMLMaYZTf mlqJvD5HFVi6h4Qxs5ldTItdrbjOaLz/T4eTqRVHaQOkhd2rJgu+WAgJbOngaGxxtR70yikAiCf W0pw2m8Pwk1v7zso9VmFhwmvof8W6Xnu4bG+knxaOu/U7ih2C0X/PQNHEOXbF7W9mUdrDUbGqtU giHYTQDuORwbMfrlmL3LPs5lGweV3g2tiILj+obadtUVNSm4vVna8O6+bn7Jlke3doKZwCV6rYU nHzSfo1wvr5CVp+Ky0bLf3DY0QkL+ovuUbM1c5nRG3XxnKHXAUK25nrPmlq/z5ielGMqymHg7bC /GU8cbvrTijynsfGXpREBVxgFz5cPMaL4FG69n8bEaCVytbhhs/hrmLGwI0pno1dRpW4Y= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-12-samitolvanen@google.com> Subject: [PATCH 4/6] riscv: Add CFI error handling From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble .word function: ... ; indirect call check lw t1, -4(a0) lui t2, addiw t2, t2, beq t1, t2, .Ltmp0 ebreak .Ltmp0: jarl a0 Implement error handling code for the ebreak traps emitted for the checks. This produces the following oops on a CFI failure (generated using lkdtm): [ 21.177245] CFI failure at lkdtm_indirect_call+0x22/0x32 [lkdtm] (target: lkdtm_increment_int+0x0/0x18 [lkdtm]; expected type: 0x3ad55aca) [ 21.178483] Kernel BUG [#1] [ 21.178671] Modules linked in: lkdtm [ 21.179037] CPU: 1 PID: 104 Comm: sh Not tainted 6.3.0-rc6-00037-g37d5ec6297ab #1 [ 21.179511] Hardware name: riscv-virtio,qemu (DT) [ 21.179818] epc : lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.180106] ra : lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.180426] epc : ffffffff01387092 ra : ffffffff01386f14 sp : ff20000000= 453cf0 [ 21.180792] gp : ffffffff81308c38 tp : ff6000000243f080 t0 : ff20000000= 453b78 [ 21.181157] t1 : 000000003ad55aca t2 : 000000007e0c52a5 s0 : ff20000000= 453d00 [ 21.181506] s1 : 0000000000000001 a0 : ffffffff0138d170 a1 : ffffffff01= 3870bc [ 21.181819] a2 : b5fea48dd89aa700 a3 : 0000000000000001 a4 : 0000000000= 000fff [ 21.182169] a5 : 0000000000000004 a6 : 00000000000000b7 a7 : 0000000000= 000000 [ 21.182591] s2 : ff20000000453e78 s3 : ffffffffffffffea s4 : 0000000000= 000012 [ 21.183001] s5 : ff600000023c7000 s6 : 0000000000000006 s7 : ffffffff01= 3882a0 [ 21.183653] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff01= 38d878 [ 21.184245] s11: ffffffff0138d878 t3 : 0000000000000003 t4 : 0000000000= 000000 [ 21.184591] t5 : ffffffff8133df08 t6 : ffffffff8133df07 [ 21.184858] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 21.185415] [] lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.185772] [] lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdt= m] [ 21.186093] [] lkdtm_do_action+0x22/0x34 [lkdtm] [ 21.186445] [] direct_entry+0x128/0x13a [lkdtm] [ 21.186817] [] full_proxy_write+0x58/0xb2 [ 21.187352] [] vfs_write+0x14c/0x33a [ 21.187644] [] ksys_write+0x64/0xd4 [ 21.187832] [] sys_write+0xe/0x1a [ 21.188171] [] ret_from_syscall+0x0/0x2 [ 21.188595] Code: 0513 0f65 a303 ffc5 53b7 7e0c 839b 2a53 0363 0073 (900= 2) 9582 [ 21.189178] ---[ end trace 0000000000000000 ]--- [ 21.189590] Kernel panic - not syncing: Fatal exception Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/cfi.h | 22 ++++++++++ arch/riscv/include/asm/insn.h | 10 +++++ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cfi.c | 77 +++++++++++++++++++++++++++++++++++ arch/riscv/kernel/traps.c | 4 +- 6 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 arch/riscv/include/asm/cfi.h create mode 100644 arch/riscv/kernel/cfi.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index b54a830eb5c6..20a40927175e 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -44,6 +44,7 @@ config RISCV select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU + select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU diff --git a/arch/riscv/include/asm/cfi.h b/arch/riscv/include/asm/cfi.h new file mode 100644 index 000000000000..56bf9d69d5e3 --- /dev/null +++ b/arch/riscv/include/asm/cfi.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_RISCV_CFI_H +#define _ASM_RISCV_CFI_H + +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ + +#include + +#ifdef CONFIG_CFI_CLANG +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs); +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + +#endif /* _ASM_RISCV_CFI_H */ diff --git a/arch/riscv/include/asm/insn.h b/arch/riscv/include/asm/insn.h index 8d5c84f2d5ef..45bc485fcf3f 100644 --- a/arch/riscv/include/asm/insn.h +++ b/arch/riscv/include/asm/insn.h @@ -63,6 +63,7 @@ #define RVG_RS1_OPOFF 15 #define RVG_RS2_OPOFF 20 #define RVG_RD_OPOFF 7 +#define RVG_RS1_MASK GENMASK(4, 0) #define RVG_RD_MASK GENMASK(4, 0) =20 /* The bit field of immediate value in RVC J instruction */ @@ -129,6 +130,7 @@ #define RVC_C2_RS1_OPOFF 7 #define RVC_C2_RS2_OPOFF 2 #define RVC_C2_RD_OPOFF 7 +#define RVC_C2_RS1_MASK GENMASK(4, 0) =20 /* parts of opcode for RVG*/ #define RVG_OPCODE_FENCE 0x0f @@ -258,6 +260,10 @@ static __always_inline bool riscv_insn_is_branch(u32 c= ode) #define RV_X(X, s, mask) (((X) >> (s)) & (mask)) #define RVC_X(X, s, mask) RV_X(X, s, mask) =20 +#define RV_EXTRACT_RS1_REG(x) \ + ({typeof(x) x_ =3D (x); \ + (RV_X(x_, RVG_RS1_OPOFF, RVG_RS1_MASK)); }) + #define RV_EXTRACT_RD_REG(x) \ ({typeof(x) x_ =3D (x); \ (RV_X(x_, RVG_RD_OPOFF, RVG_RD_MASK)); }) @@ -285,6 +291,10 @@ static __always_inline bool riscv_insn_is_branch(u32 c= ode) (RV_X(x_, RV_B_IMM_11_OPOFF, RV_B_IMM_11_MASK) << RV_B_IMM_11_OFF) | \ (RV_IMM_SIGN(x_) << RV_B_IMM_SIGN_OFF); }) =20 +#define RVC_EXTRACT_C2_RS1_REG(x) \ + ({typeof(x) x_ =3D (x); \ + (RV_X(x_, RVC_C2_RS1_OPOFF, RVC_C2_RS1_MASK)); }) + #define RVC_EXTRACT_JTYPE_IMM(x) \ ({typeof(x) x_ =3D (x); \ (RVC_X(x_, RVC_J_IMM_3_1_OPOFF, RVC_J_IMM_3_1_MASK) << RVC_J_IMM_3_1_OFF)= | \ diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 153864e4f399..c173a7cbf4e1 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -90,6 +90,8 @@ obj-$(CONFIG_CRASH_CORE) +=3D crash_core.o =20 obj-$(CONFIG_JUMP_LABEL) +=3D jump_label.o =20 +obj-$(CONFIG_CFI_CLANG) +=3D cfi.o + obj-$(CONFIG_EFI) +=3D efi.o obj-$(CONFIG_COMPAT) +=3D compat_syscall_table.o obj-$(CONFIG_COMPAT) +=3D compat_signal.o diff --git a/arch/riscv/kernel/cfi.c b/arch/riscv/kernel/cfi.c new file mode 100644 index 000000000000..820158d7a291 --- /dev/null +++ b/arch/riscv/kernel/cfi.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ +#include +#include + +/* + * Returns the target address and the expected type when regs->epc points + * to a compiler-generated CFI trap. + */ +static bool decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + u32 *type) +{ + unsigned long *regs_ptr =3D (unsigned long *)regs; + int rs1_num; + u32 insn; + + *target =3D *type =3D 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + * =C2=A0 lw t1, -4() + * lui t2, + * addiw t2, t2, + * beq t1, t2, .Ltmp1 + * ebreak ; <- regs->epc + * .Ltmp1: + * jalr + * + * We can read the expected type and the target address from the + * registers passed to the beq/jalr instructions. + */ + if (get_kernel_nofault(insn, (void *)regs->epc - 4)) + return false; + if (!riscv_insn_is_beq(insn)) + return false; + + *type =3D (u32)regs_ptr[RV_EXTRACT_RS1_REG(insn)]; + + if (get_kernel_nofault(insn, (void *)regs->epc) || + get_kernel_nofault(insn, (void *)regs->epc + GET_INSN_LENGTH(insn))) + return false; + + if (riscv_insn_is_jalr(insn)) + rs1_num =3D RV_EXTRACT_RS1_REG(insn); + else if (riscv_insn_is_c_jalr(insn)) + rs1_num =3D RVC_EXTRACT_C2_RS1_REG(insn); + else + return false; + + *target =3D regs_ptr[rs1_num]; + + return true; +} + +/* + * Checks if the ebreak trap is because of a CFI failure, and handles the = trap + * if needed. Returns a bug_trap_type value similarly to report_bug. + */ +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + unsigned long target; + u32 type; + + if (!is_cfi_trap(regs->epc)) + return BUG_TRAP_TYPE_NONE; + + if (!decode_cfi_insn(regs, &target, &type)) + return report_cfi_failure_noaddr(regs, regs->epc); + + return report_cfi_failure(regs, regs->epc, &target, type); +} diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 8c258b78c925..39dce00c6ed7 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -21,6 +21,7 @@ =20 #include #include +#include #include #include #include @@ -242,7 +243,8 @@ void handle_break(struct pt_regs *regs) =3D=3D NOTIFY_STOP) return; #endif - else if (report_bug(regs->epc, regs) =3D=3D BUG_TRAP_TYPE_WARN) + else if (report_bug(regs->epc, regs) =3D=3D BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) =3D=3D BUG_TRAP_TYPE_WARN) regs->epc +=3D get_break_insn_length(regs->epc); else die(regs, "Kernel BUG"); --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE35FEB64D9 for ; Thu, 29 Jun 2023 23:43:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232037AbjF2XnS (ORCPT ); Thu, 29 Jun 2023 19:43:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231933AbjF2Xm7 (ORCPT ); Thu, 29 Jun 2023 19:42:59 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 405D730DD for ; Thu, 29 Jun 2023 16:42:59 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-55b2ab496ecso729383a12.2 for ; Thu, 29 Jun 2023 16:42:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082179; x=1690674179; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=c9Xlw8wqmc7m2gTD7N39tQeUlWC1WXyQLWb4QZRUB8Y=; b=p3VLofC9uBlj4VqikzkpTVhIEDvSp6dp7csrh8LTmsJ2AioG7ohNPCyZXFqNRY4xl2 67M3uESl94bLO1M1ieHMv3cFZxN3FFyNQ0yWBa3oxuxiEFwLMPd34J+muGl+kMjVt8sZ IaP7ZZcHfBi6OBW/hhL8waRnsfqbeMv3qP1yH2A1MZMIWsagGhMutscPGf6/l0CtmEJC eH4izIvergiWXqGTOpw9Vsbk5iEj4hbcxvhKT+YPCyTIG/cK4TBss9B64FaAeElrkph/ /FmsTHj9LxHPV+CVsN5UMIBeeHMoz+ubIgnc4AlwKuZkWfAvt5iWCuI+vv7VU5neuWXL aJyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082179; x=1690674179; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=c9Xlw8wqmc7m2gTD7N39tQeUlWC1WXyQLWb4QZRUB8Y=; b=ffHLdZTDRrjPKIk8mhe6WZpq9iJwWjGbMpOxevcTfgi/JyUpUEvDuokH3K4v9aGAHu J/FWGHFQaCcDX/bZeXyJTMM9TP/7i96g1C8GiQbmDaRrXg5WGKISvWdmRWyYXjg2lsil Wm8Rb0GsqzJxGteFO0vVnzebSyd5+hEu0GMhBcEk9N56mkKNwOacT4wmZDx6jyrNZlat jMC2K+T/ru2B23q7Aws8zN/EkDoiI/VqBxXPIrMZJ8hdx85vm7qKProDF0kEcl8Xdwty GW9BjoNYWoMaCzVgvpcZIVn7bWDUW+myUFnFrhuRsoNYPGdjS+rBCIKvaAc9pYT026n/ jIwQ== X-Gm-Message-State: ABy/qLYcv5rDsm+fQCd1KPsTARStuWdQqaeaftomC5Ir60oDWGDhiBVh x+cmVZMFDru4co6STV00Up3CFsKZbiiYVyvoXbw= X-Google-Smtp-Source: APBJJlFHLSu7NeB6EU8tOB3/UHptwEsU/4w39fszUoslEvKjGXk+rTe4axHVWR092ZKjtQWWIfnwLK3jAyxYC69lOLA= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:1783:b0:668:69fa:f795 with SMTP id s3-20020a056a00178300b0066869faf795mr751698pfg.2.1688082178828; Thu, 29 Jun 2023 16:42:58 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:50 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=722; i=samitolvanen@google.com; h=from:subject; bh=gs+HqEOxqge1JD2H3C2OtV2QqbKbTGj0I3LUMBMWFOw=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1mBbGJYC+ijqffqvxPbBoNNe723klVhBkW m8HhCBORNaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7nW7DACWpElrAA2aMey2/F1+uNsTn4cuQjvpzYjhSgMneDZUzTvG9j2obc9IHVDVv2V35NZZ4Rx qYnhvOXv6ow3iGv+8NVoRor2ccyLXINBkBk/bdzyJ+g5Iz6AutmOsyLdDODLa+au96lNnKDLqq+ Txok6LqZKNvnTtmBO01sSp+NaX0Fhils37JKcU6zNe4QxFb9dq6jTzowqNUjIX5wJ5zoAHL2T0s tLymrEt+OZ5ON9rDFrhMSYiF/P47V6jz8+j2F6hEFzx/c06i14VwYtWoLPoOv/HD6BOPuit+m3q W9JWzrIJwcyWdDLlG9ukewzXluZOrbvAQVgin2f6Le7Y2mvWOHldJvFbUa8nYeErwxYpRjXoIFy 8tVOHkO6lNvnaruOkuaq0Szw25ktCiQV0nrgU30ZQ/JnEO6BozZdXZC/CZ6K3n3QL1cUDQqAgHg I0w0CpD9whXokITAv8X6e6UXd4zEDbwHvv3Zk7/XIwHjMo0Doyr1T55fqBfmjLc35Zmb0= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-13-samitolvanen@google.com> Subject: [PATCH 5/6] riscv/purgatory: Disable CFI From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Filter out CC_FLAGS_CFI when CONFIG_CFI_CLANG. Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/purgatory/Makefile b/arch/riscv/purgatory/Makefile index dc20e166983e..9e6476719abb 100644 --- a/arch/riscv/purgatory/Makefile +++ b/arch/riscv/purgatory/Makefile @@ -77,6 +77,10 @@ ifdef CONFIG_STACKPROTECTOR_STRONG PURGATORY_CFLAGS_REMOVE +=3D -fstack-protector-strong endif =20 +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE +=3D $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o +=3D $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o +=3D $(PURGATORY_CFLAGS) =20 --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 19:45:20 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C595EB64DD for ; Thu, 29 Jun 2023 23:43:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232138AbjF2Xnh (ORCPT ); Thu, 29 Jun 2023 19:43:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36708 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231979AbjF2XnC (ORCPT ); Thu, 29 Jun 2023 19:43:02 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 493B43588 for ; Thu, 29 Jun 2023 16:43:01 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-57059e6f9c7so19020357b3.0 for ; Thu, 29 Jun 2023 16:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1688082180; x=1690674180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hI1W3vZtR+9nkE20l1uechEUk7Tap/X/lCCO/vArtS0=; b=Q99ataBrVMMj1/30tDgNlRKyHCZSqEUzPhraQDs3af5FWGxtd2xiR791ZBqr2urUmj VziLScNBQ/wNWoPtUo1GAUxfiWBt9Z23+sb2cvAXrkc5X6S+q+YKXakjQkafV4+c0wMV mIem4WXC4+1cb9fZ9sMvLDHFBHfw3NE6HVnt4gkfrtdFFWcfUvvFGQSX5ZMSg58mbuEq uFN3qIf9GcgB+gPtV18WbJfCQ7HjodVRNQg0sLGufXuzlI7jOu5cBkVrjaC5a7vvLQmi PPaIQ1ztJBsIFlA4BHqNj+Clm1YzG7bFL2WSAqSMtwK6hgryaYoOO4zbuc+E7FsISDe8 v99g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688082180; x=1690674180; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hI1W3vZtR+9nkE20l1uechEUk7Tap/X/lCCO/vArtS0=; b=iA0qgyGKZl4ol22u1bLs0jsGf8TyfStm8s+F3/u5nwMZzaLqB00JQyy/fXUEnEBPQz AoUdyI+HflGEoCCqEOjjwEd40l5uSkDBsIWFUrgULfe1o/mJBCo+4b6dV9/BBh33lSLk /NhnILCZPi3gabFXebMPJqoZcrcKAPUyPyTvJPV9A703vhZEYpn6Bqpbh9Ekc6f1gIBr Y5t808EKLgcSWoXNIdfOw6qvFEqVpVtL3QMIiyF/IAAhXycGaR+6ByajnL7AYyAa2S1E zct2eZyNO/VsuEnrac/3M509jFtriFgTYNHj7HxTR7d6BQFTL/owrh1DnoxzYzbDqQRv 6eEQ== X-Gm-Message-State: ABy/qLajEbLvmG05RCnjCfLpcMkFNR5Yb80vRy4LAO0wtVIN6JiY/Agw 6IrD0RAvsu9/pIrtIxCqyWtQT9CkRcpIrPDwLMo= X-Google-Smtp-Source: APBJJlE4AEhOYTb7QMh6sXfCMc5LWtWpbgzK5p/x1CWtYt1uO+ltyY9NSG2IJzuCFHi/jJ3JABHe8OLe7NSpTPp8OvA= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:aa0b:0:b0:56c:ed45:442c with SMTP id i11-20020a81aa0b000000b0056ced45442cmr22810ywh.5.1688082180469; Thu, 29 Jun 2023 16:43:00 -0700 (PDT) Date: Thu, 29 Jun 2023 23:42:51 +0000 In-Reply-To: <20230629234244.1752366-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230629234244.1752366-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=689; i=samitolvanen@google.com; h=from:subject; bh=g8cSbJ3YqGqII3Es78fHzl0mN4OnPxVObPCoUIO2Cw0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb1jX6BLvnk0FKQHZsmyPKyvo4TJBI2RL/Fa sauJUMVL5yJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9QAKCRBMtfaEi7xW 7nuMC/wLrmKtkYfd+iRZVIIgu+Y5m2M9if9FoIpZHdzE1sPHuEoeRb71eU9RY0XTpDiHCGPiMNP YbjG6hBOYmthlFvkkZe34E7uxSmP2qlWDjGtIh0Z+psbI9KOhxLdNO6136VZOaifKjMNtqGQvlz rAgmqkVNLA6Q710CI5OrJ/lUad7tNT7cx5lRpvzeTrgaUXI9mcWBOP5vr0xb3P7K+bjMf6WOWLa w/RroR5VNlXhzLL3pamA1Y55QzNu7u8sbUvvaZgRSfOvpNWm1tfqGS+vci2Q5WBLkmGw2lawL43 d3BruriP5Q3JTisr5jHg8Zysv4VFxW78GL7dTSAkv7nPLw21lFpZtWpyBU274NKrD4PeFzdqjaJ /8ZopxIQJG64TVeMX+Dwfx0bhZ6Pz5B7r5CxdwL0z+p15PaXWqhx6uTWtmMEKOFLB2AAprrNsZS 5mth9xbFP0G2ongMFbaDFjlNdXZ5tmF94r/B3WQ9UzapWOCids09pksdQ/AFipOMR1Dkw= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230629234244.1752366-14-samitolvanen@google.com> Subject: [PATCH 6/6] riscv: Allow CONFIG_CFI_CLANG to be selected From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Select ARCH_SUPPORTS_CFI_CLANG to allow CFI_CLANG to be selected on riscv. Signed-off-by: Sami Tolvanen Tested-by: Nathan Chancellor --- arch/riscv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 20a40927175e..2699e1f8fe33 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -44,6 +44,7 @@ config RISCV select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU + select ARCH_SUPPORTS_CFI_CLANG select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS --=20 2.41.0.255.g8b1d071c50-goog