From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5488EEB64D9 for ; Mon, 10 Jul 2023 18:35:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233088AbjGJSfz (ORCPT ); Mon, 10 Jul 2023 14:35:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232425AbjGJSfw (ORCPT ); Mon, 10 Jul 2023 14:35:52 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD953AB for ; Mon, 10 Jul 2023 11:35:50 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-573a92296c7so45721827b3.1 for ; Mon, 10 Jul 2023 11:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014150; x=1691606150; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JfuHjbGr9PeJ0PR5WLnTESMLUU2NVQbFj+yFH1gqRF8=; b=mfJmD/FVxdps7T5hJgcEwE8ThNbmRX23y5+EPxfWQlxj6UzddODlWvVoSL6wC7wQRF 7XAhpM5lbDJKg8TKuoGB1c1ue1+UMDBnHKcnrWz8EKF/iuOpk8L1mVDJpZq89pYBqhpg dJxY6yG5Hu9cekfrYhwzL7ozTUlwtvElo14dPK7U8ueUvqwY93fFiORY2RIGwjr2de52 4IdpdZBJc1AcpSC8qxgX+Td/y6IyIUqYG7m8AvU3WpDk4lhmLnoOxwesVjgCxSHltEaC hxJxlgkH1y7pNyDb9DldBddfDFXrpa3X9yMIdkBe7XuSHYH1BiSExntrPr9ZdQGIM3lG y7Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014150; x=1691606150; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JfuHjbGr9PeJ0PR5WLnTESMLUU2NVQbFj+yFH1gqRF8=; b=NecEi9xGi6HV/IhgAjBBrBX2wH96L9NK+ZyvkGzpkfQ+yuIegDPGfPfdH066p+OGTE qr1XHqXUPh/NfXqCtb/OsHAJAFdFGjaR/mw5GfUMMqpXHhpbr1pbvrdhqUM6oH//ajLr Dah02aYjo4xAOolkSwgvKejIT6l7ohdqkeGYbQpatLs+7UaDC/CUuGtbEBavG15AeCjV S5K9JKy/s/OxxlRz22k23KiG+nkyQqAD9V+Oi7KtcF34Q0/rkOGjRZEi2RUqm81ygouK 1k6vQfnntrdO+6w40zn1+xWIlOiGvwGIhpfirXL+QZUO7T47QpyOWU9zHvLEu9DcPzKU 941w== X-Gm-Message-State: ABy/qLZ4iv6zW+Slp42v6oTASwwneAvsGcUE2f79c7GA1yhqF2x2EMOi ZVEFDuDp8RLBboaoRqyepDnukvfvY2fElTilmtI= X-Google-Smtp-Source: APBJJlEUb5UKL1MoSsyogYSLs7WHlDzV7fhet/hBVyc5/uQaybIB1vy1s68RPBBiLePBq9ferUaZYZvQPVwzmK3DUbY= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:ac47:0:b0:56c:e2da:f440 with SMTP id z7-20020a81ac47000000b0056ce2daf440mr91792ywj.0.1689014149963; Mon, 10 Jul 2023 11:35:49 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:46 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8809; i=samitolvanen@google.com; h=from:subject; bh=7+cMm1pNGnHHsX43z/oJuDPuAORNOaBoot6v/Dk88QA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AWvBzRqwMc4no+3K7g72jpT5CxxsH8+M57 5Pfxcns1zGJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7klBC/9woGxzCUzYKiDh4bV8sfcQRvfqQcNafvzua53LYJu8Dhb5EZI7ZgbdCtX0uFHmX85kpj0 zb80cpbqN0YKtlVtlK2bneO0lRb23IA4K56CkSIbkJ/PNTf6szlM6WSgiAkRBur5AcBrhZghQAE hKR6k/TkktuSLXvR48ACKZ83MqBceKQuAw/pXViv7IjyGfZhMp9yH9E0HzmABzQaAJWj2IB3cEs BthBLLw4VeeUf/5YNbXwuEInwCpRi5sXiYjILikglUyym+cYd9Fs4xgorzJtuDs3eOqp5/WuS3o 3LriBrlnEyA92fiA+eg/tkzqQ020dz5y5v2xQwWFm/zK8Rfcve3BWxl4LwKHPOUPy2q0aj1bn8J tqnf5BBS/pyj0W2SNjKIELmWzeGqRKO3XfEngeuffy4yKSQJ490huNwXXEm+UhOVahsyumOSne7 5nCRwwKiII8ocld8d1+UqeN+5TJyFtO635ztUB2mSkScfansrXAjy3jafaGBEIdL1z6tY= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-9-samitolvanen@google.com> Subject: [PATCH v2 1/6] riscv: Implement syscall wrappers From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_sys_ takes a pt_regs pointer and extracts arguments from registers, __se_sys_ is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_sys_. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/syscall.h | 5 +- arch/riscv/include/asm/syscall_wrapper.h | 87 ++++++++++++++++++++++++ arch/riscv/kernel/compat_syscall_table.c | 8 ++- arch/riscv/kernel/sys_riscv.c | 6 ++ arch/riscv/kernel/syscall_table.c | 8 ++- 6 files changed, 108 insertions(+), 7 deletions(-) create mode 100644 arch/riscv/include/asm/syscall_wrapper.h diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 4c07b9189c86..a475ef1a0c1c 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -35,6 +35,7 @@ config RISCV select ARCH_HAS_SET_MEMORY if MMU select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL select ARCH_HAS_STRICT_MODULE_RWX if MMU && !XIP_KERNEL + select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_VDSO_DATA diff --git a/arch/riscv/include/asm/syscall.h b/arch/riscv/include/asm/sysc= all.h index 0148c6bd9675..121fff429dce 100644 --- a/arch/riscv/include/asm/syscall.h +++ b/arch/riscv/include/asm/syscall.h @@ -75,7 +75,7 @@ static inline int syscall_get_arch(struct task_struct *ta= sk) #endif } =20 -typedef long (*syscall_t)(ulong, ulong, ulong, ulong, ulong, ulong, ulong); +typedef long (*syscall_t)(const struct pt_regs *); static inline void syscall_handler(struct pt_regs *regs, ulong syscall) { syscall_t fn; @@ -87,8 +87,7 @@ static inline void syscall_handler(struct pt_regs *regs, = ulong syscall) #endif fn =3D sys_call_table[syscall]; =20 - regs->a0 =3D fn(regs->orig_a0, regs->a1, regs->a2, - regs->a3, regs->a4, regs->a5, regs->a6); + regs->a0 =3D fn(regs); } =20 static inline bool arch_syscall_is_vdso_sigreturn(struct pt_regs *regs) diff --git a/arch/riscv/include/asm/syscall_wrapper.h b/arch/riscv/include/= asm/syscall_wrapper.h new file mode 100644 index 000000000000..1d7942c8a6cb --- /dev/null +++ b/arch/riscv/include/asm/syscall_wrapper.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * syscall_wrapper.h - riscv specific wrappers to syscall definitions + * + * Based on arch/arm64/include/syscall_wrapper.h + */ + +#ifndef __ASM_SYSCALL_WRAPPER_H +#define __ASM_SYSCALL_WRAPPER_H + +#include + +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *); + +#define SC_RISCV_REGS_TO_ARGS(x, ...) \ + __MAP(x,__SC_ARGS \ + ,,regs->orig_a0,,regs->a1,,regs->a2 \ + ,,regs->a3,,regs->a4,,regs->a5,,regs->a6) + +#ifdef CONFIG_COMPAT + +#define COMPAT_SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys##name, ERRNO); \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));= \ + asmlinkage long __riscv_compat_sys##name(const struct pt_regs *regs) \ + { \ + return __se_compat_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_compat_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + return __do_compat_sys##name(__MAP(x,__SC_DELOUSE,__VA_ARGS__)); \ + } \ + static inline long __do_compat_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define COMPAT_SYSCALL_DEFINE0(sname) \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused= ); \ + ALLOW_ERROR_INJECTION(__riscv_compat_sys_##sname, ERRNO); \ + asmlinkage long __riscv_compat_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL_COMPAT(name) \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *re= gs); \ + asmlinkage long __weak __riscv_compat_sys_##name(const struct pt_regs *re= gs) \ + { \ + return sys_ni_syscall(); \ + } + +#define COMPAT_SYS_NI(name) \ + SYSCALL_ALIAS(__riscv_compat_sys_##name, sys_ni_posix_timers); + +#endif /* CONFIG_COMPAT */ + +#define __SYSCALL_DEFINEx(x, name, ...) \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs); \ + ALLOW_ERROR_INJECTION(__riscv_sys##name, ERRNO); \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)); \ + asmlinkage long __riscv_sys##name(const struct pt_regs *regs) \ + { \ + return __se_sys##name(SC_RISCV_REGS_TO_ARGS(x,__VA_ARGS__)); \ + } \ + static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \ + { \ + long ret =3D __do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__)); \ + __MAP(x,__SC_TEST,__VA_ARGS__); \ + __PROTECT(x, ret,__MAP(x,__SC_ARGS,__VA_ARGS__)); \ + return ret; \ + } \ + static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) + +#define SYSCALL_DEFINE0(sname) \ + SYSCALL_METADATA(_##sname, 0); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused); \ + ALLOW_ERROR_INJECTION(__riscv_sys_##sname, ERRNO); \ + asmlinkage long __riscv_sys_##sname(const struct pt_regs *__unused) + +#define COND_SYSCALL(name) \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs); \ + asmlinkage long __weak __riscv_sys_##name(const struct pt_regs *regs) \ + { \ + return sys_ni_syscall(); \ + } + +#define SYS_NI(name) SYSCALL_ALIAS(__riscv_sys_##name, sys_ni_posix_timers= ); + +#endif /* __ASM_SYSCALL_WRAPPER_H */ diff --git a/arch/riscv/kernel/compat_syscall_table.c b/arch/riscv/kernel/c= ompat_syscall_table.c index 651f2b009c28..ad7f2d712f5f 100644 --- a/arch/riscv/kernel/compat_syscall_table.c +++ b/arch/riscv/kernel/compat_syscall_table.c @@ -9,11 +9,15 @@ #include =20 #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] =3D (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt= _regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] =3D __riscv_##call, =20 asmlinkage long compat_sys_rt_sigreturn(void); =20 void * const compat_sys_call_table[__NR_syscalls] =3D { - [0 ... __NR_syscalls - 1] =3D sys_ni_syscall, + [0 ... __NR_syscalls - 1] =3D __riscv_sys_ni_syscall, #include }; diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 26ef5526bfb4..473159b5f303 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -335,3 +335,9 @@ SYSCALL_DEFINE5(riscv_hwprobe, struct riscv_hwprobe __u= ser *, pairs, return do_riscv_hwprobe(pairs, pair_count, cpu_count, cpus, flags); } + +/* Not defined using SYSCALL_DEFINE0 to avoid error injection */ +asmlinkage long __riscv_sys_ni_syscall(const struct pt_regs *__unused) +{ + return -ENOSYS; +} diff --git a/arch/riscv/kernel/syscall_table.c b/arch/riscv/kernel/syscall_= table.c index 44b1420a2270..dda913764903 100644 --- a/arch/riscv/kernel/syscall_table.c +++ b/arch/riscv/kernel/syscall_table.c @@ -10,9 +10,13 @@ #include =20 #undef __SYSCALL -#define __SYSCALL(nr, call) [nr] =3D (call), +#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt= _regs *); +#include + +#undef __SYSCALL +#define __SYSCALL(nr, call) [nr] =3D __riscv_##call, =20 void * const sys_call_table[__NR_syscalls] =3D { - [0 ... __NR_syscalls - 1] =3D sys_ni_syscall, + [0 ... __NR_syscalls - 1] =3D __riscv_sys_ni_syscall, #include }; --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A251EB64DA for ; Mon, 10 Jul 2023 18:36:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231515AbjGJSgA (ORCPT ); Mon, 10 Jul 2023 14:36:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229848AbjGJSfw (ORCPT ); Mon, 10 Jul 2023 14:35:52 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29C10180 for ; Mon, 10 Jul 2023 11:35:52 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id 98e67ed59e1d1-263036d4c9dso6105845a91.2 for ; Mon, 10 Jul 2023 11:35:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014151; x=1691606151; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=+Lmw3qam11jRSo1H1z3ye084M7cKP++evQKCp2c6VGA=; b=mBak734wMFR6S9+GtbGpTrkghWF+xr1fRhSK0yzJKLx0aVQpIh/dJA08JpJj0Dspmv +KbhrJ1C2ctjEr/1mPfjOLMv2MbYo0us/2F7/8vx2tcXngA5q7eTaZ67JcQRTRYHOu5h 8muHVf2PQjWeu46I51Zsb1knY7eaQnEy4NmF1rWIF9TEchAsuxDYzeXnnAtTHL23VWH+ oxJSCthj46MWSMAttTVrGpHOMejythMECwFTW988R748Ji6HIYOI2Dtt6GQ+aEaySBSr YdYX6GRMU7PTiffp1+4F4pOPCeWqwdawHz7JdI8gfFK8pVDdHxB4qkSizIV8TETm576h gD4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014151; x=1691606151; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+Lmw3qam11jRSo1H1z3ye084M7cKP++evQKCp2c6VGA=; b=VFY64sxo0KrGpYdPJ7cNcb3SliL4gkaBmzeOI/9kTXrto//FfkZbRqOAmSUftyJZuj urnT42L9sx24i3EoCtoSsRV4D8G4F2VKdF5ZSnI34MbOmPQT9HF9nOqBgSmRvWLYhNmT N/K8vgKzaU/uBD+drjKF33D+YIyLg0B/MZGlb4p7i6geXg8J94RI9v+8UodCiOBFxmJv oCobF0Z4jp6r8+IVAZ47iU8LTWUGsL5BfRc2bRYMN7CX0o0AwsN9foH4KPDazhw9v+ln LMELZIpvcHVMtRibVieEmpbXeaTPzGUL1KBWWmrjqG4Xl2+W9ys8d2E94JTk5gTbqCvk oHyg== X-Gm-Message-State: ABy/qLaDUl84Ib27ttNjUo6Tu0qzxgJhCuO1T9pmULUmcnkqEfHsPPYU deUsKe8JxJcd6S40f/6F7IAVIlKLlUSdeAIgpqA= X-Google-Smtp-Source: APBJJlFU00+7gY7YBrESlPEsWXN0HjjU8yiIxkSBDPukNPRNwI/iq87FZheK3yIXtLj3iPKAZwQFHXwHjUoK9+pnV18= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a17:90a:d511:b0:263:4d9e:64f1 with SMTP id t17-20020a17090ad51100b002634d9e64f1mr11001626pju.0.1689014151573; Mon, 10 Jul 2023 11:35:51 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:47 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1996; i=samitolvanen@google.com; h=from:subject; bh=q4ijnPW2Mn1tvBetsRvgpl+qoFykStv8yW3UK+1fGGg=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+ABPMDmB0fh0LjTs3/VHFrPcBar3PHMmw3b h6Q9A6DPKuJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7jgpC/9553yUfoqA9C4FRMa2OFuUbOCPwbvDRNsX7Y9zDAkutsoIgeg23FWNH3zegBmF5hA7+uW gmc4wt+WIt8lObecQrM8afOor4zIgp36iPBEyXWKQWiV6rzZqTev31yXsHzaeOxi/S0pUVykNZ2 BVisTBwjLdMO2wO0WJRMCtoQheGw7NreTHf6ke1uYaqM71zvVaIijKaJL82bOoZGYc9tuUSeBnw i7Ve2L/W+lCEs0THbayq+7Z+wGOQ3f8YyU5VedjHsi1v0wki1Q0ekFH5I/BhQDq65ae4cHHfBQZ 8faWYq/uAteKnSDn52Y5KqaH9pnHBKpFpYAUSI4Y1m1s1JQlpKwyIWsL+v9Lv5VqnVibdLXvZRD baULUYdoNKvc0fUPv746yPn/Ty1RsLoyaulv1PWezPFQ2WvsaAlhmAHtxKrC4tm19h8ptxDztlL MUIMlLVQLmpTSJZH9C4VsYCQuhJhmC6eljPY8UdNAn8rs0Lsd0Bzo6uRDWaYza3fi9HwQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-10-samitolvanen@google.com> Subject: [PATCH v2 2/6] riscv: Add types to indirectly called assembly functions From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use the SYM_TYPED_START macro to add types to the relevant functions. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/kernel/mcount.S | 5 +++-- arch/riscv/kernel/suspend_entry.S | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 8a6e5a9e842a..6c9469050f4c 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -3,6 +3,7 @@ =20 #include #include +#include #include #include #include @@ -47,13 +48,13 @@ addi sp, sp, 4*SZREG .endm =20 -ENTRY(ftrace_stub) +SYM_TYPED_FUNC_START(ftrace_stub) #ifdef CONFIG_DYNAMIC_FTRACE .global MCOUNT_NAME .set MCOUNT_NAME, ftrace_stub #endif ret -ENDPROC(ftrace_stub) +SYM_FUNC_END(ftrace_stub) =20 #ifdef CONFIG_FUNCTION_GRAPH_TRACER ENTRY(return_to_handler) diff --git a/arch/riscv/kernel/suspend_entry.S b/arch/riscv/kernel/suspend_= entry.S index 12b52afe09a4..f7960c7c5f9e 100644 --- a/arch/riscv/kernel/suspend_entry.S +++ b/arch/riscv/kernel/suspend_entry.S @@ -5,6 +5,7 @@ */ =20 #include +#include #include #include #include @@ -58,7 +59,7 @@ ENTRY(__cpu_suspend_enter) ret END(__cpu_suspend_enter) =20 -ENTRY(__cpu_resume_enter) +SYM_TYPED_FUNC_START(__cpu_resume_enter) /* Load the global pointer */ .option push .option norelax @@ -94,4 +95,4 @@ ENTRY(__cpu_resume_enter) =20 /* Return to C code */ ret -END(__cpu_resume_enter) +SYM_FUNC_END(__cpu_resume_enter) --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EE64EB64D9 for ; Mon, 10 Jul 2023 18:36:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229990AbjGJSgD (ORCPT ); Mon, 10 Jul 2023 14:36:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232921AbjGJSfz (ORCPT ); Mon, 10 Jul 2023 14:35:55 -0400 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C6C4C3 for ; Mon, 10 Jul 2023 11:35:54 -0700 (PDT) Received: by mail-pj1-x1049.google.com with SMTP id 98e67ed59e1d1-262dc0ba9ceso8031232a91.3 for ; Mon, 10 Jul 2023 11:35:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014153; x=1691606153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=S9zW43FbHuOlleSu+un6XWqUn1fn2QP5MnKtge68NZw=; b=2BvIE+7Cb5J6MVl7t68AQmPcTEFhZlWe+/b7KN/uzDN9+Ao94fJCMlNpxZlDgcGKeB m7Tl+0X9ccOfZ5iYWxiMFwYu8nN55HeVYr4+ygARqmsVCzleZFu1hQDTPf+6UsV5eCOl kLBmxXHq0U/yhc0QwEqq00hwEhv3CEZRvWM7eMi65KLJY6UXulbtXwlfFOOvNvw9zY1U yedqcc3skBZ6xL9hEdYz7sPiFHWBSANUiAkJAZOILfsY9K1OSZgWw3wcPdmj7Kt8fZcu ZjEHV76VEFbS5c51oWd9V7kbiPIXZgzl+hqRGNa3UlpuufenDyzzjDzQuQYbYuxS7VeN VuIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014153; x=1691606153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=S9zW43FbHuOlleSu+un6XWqUn1fn2QP5MnKtge68NZw=; b=b8Rfdd3DReUjbsRQ17WGFA0m/vJKQkWm71H6nCzt7HuELcM6+MI4kH0EiUeXPsOySu nmAGNeCU+StZyNiRHtfCjAZwqfDh6xM/8o8Gss97eBWF2dmH5N1oDjswpJE26DkwOqtY fFhZQThmIUBw40n9RLX2zHcPOCpnwv1KqPg0MQrWFDePe2+4wP5+uzc1wTV5Voul7qfo rt9VCk3pf0tQ6Vw5+ifuWQSPI7jzbge47D6XdhXOszE9RNW2b5AWH2QTHFCGOhzRFniM alHNcTh+klSFjQlecwnivJ9E6fLoDv7gYQHlOJ+3ENiHgv6CL8d6x9CwUJ+zQX638y1a 6DBg== X-Gm-Message-State: ABy/qLZMsmSqXN5xWwqIu/q8NplD+n5TWk8Yk4Bl/YqR1m4v1DDXoy8z bOqqrByWGbKokhu5pEkQXNx3+p7Z7JFNHcTKGB4= X-Google-Smtp-Source: APBJJlEHUxfZq7uWFQrz0VKHKSqMYGKtLRHE2eeMBabDYg36u9soDrUt3GcdQwg/5s00tNoVMufWeUuLPI80l6/+3Fc= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a17:90a:8912:b0:263:dcce:ca9a with SMTP id u18-20020a17090a891200b00263dcceca9amr10877384pjn.1.1689014153561; Mon, 10 Jul 2023 11:35:53 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:48 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=977; i=samitolvanen@google.com; h=from:subject; bh=SyYGssy02WwznPseKLFWBeRZamjspo0IenMK/78d1Tw=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AvhWQwKiqzsK7Notr2TR4pdX+nw6HsLRg3 vakDRSEwnyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7m1tC/9kAC6G5E9nlSHjofInL/y8Zju/2BQWR+G6A2hA1YqzCT8IGkEC1AOGiEzHTcV3GCT/87U h87Ilj+zvqCqR/d+1E7J9h46MhhF+f91eFa3Q5kJ2dnf1eX0M4HYypa5V/CoQ7RZNtqr4I39GY8 v5SyYiUxkMUMEemjvdfuawjqjnFuPAyWyWVdfZICe+4Sz3zISBhytRl/GX56rQnYFBa3M97kAq+ AM8FE6CO1URei4DbbZk7iNcBStfCfgywRwJonIGhtU7ySqz56WP4VVchnPlMDd2/uFrWwVfnaOR gHgFbUIGyvvJRDS2ioIDNTWhYuiAwUzyqbpnysqXGWuSm4fshKMe2+HwhBVABEk2757Tq21sNoN jvxlF6Rf8fhicoFRZHmWrSpYAHFemEceYre4wE8AI9ZC1v6f1raY1lMDD5QEk9XE3mFHOQDjdU0 BmpHkd0OocbQjGmBzxP6u2W+S41FuvElG8m9BI30J7iGdiMFpjgsS9pXwLLwK75J6Z0PQ= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-11-samitolvanen@google.com> Subject: [PATCH v2 3/6] riscv: Add ftrace_stub_graph From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit 883bbbffa5a4 ("ftrace,kcfi: Separate ftrace_stub() and ftrace_stub_graph()") added a separate ftrace_stub_graph function for CFI_CLANG. Add the stub to fix FUNCTION_GRAPH_TRACER compatibility with CFI. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/kernel/mcount.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S index 6c9469050f4c..8818a8fa9ff3 100644 --- a/arch/riscv/kernel/mcount.S +++ b/arch/riscv/kernel/mcount.S @@ -57,6 +57,10 @@ SYM_TYPED_FUNC_START(ftrace_stub) SYM_FUNC_END(ftrace_stub) =20 #ifdef CONFIG_FUNCTION_GRAPH_TRACER +SYM_TYPED_FUNC_START(ftrace_stub_graph) + ret +SYM_FUNC_END(ftrace_stub_graph) + ENTRY(return_to_handler) /* * On implementing the frame point test, the ideal way is to compare the --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC4D0C001B0 for ; Mon, 10 Jul 2023 18:36:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233194AbjGJSgG (ORCPT ); Mon, 10 Jul 2023 14:36:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233188AbjGJSf6 (ORCPT ); Mon, 10 Jul 2023 14:35:58 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5600319A for ; Mon, 10 Jul 2023 11:35:56 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-c704df12425so3919443276.3 for ; Mon, 10 Jul 2023 11:35:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014155; x=1691606155; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=eswTZL14/0lbniOzURaNQN7FEq6zurstCyikDF3vkhM=; b=mHXw4bXuQ7mteNju7x5RettqxmsL3nzNMvjatyU7cakrchbgnqgeh/uJDWKgLamt4x C4Xzhq4sjaYfzMLKVoynFKRvTwC+TjyVeUSMj6dF8hY3fuLx0WbL3+OOle9Tfo44WV62 uC16FFSOSmucbJUO5rm3e6k7swahcwOmIwsHGY/x2v88h6NoXbSMuDbDMx0AkoIQpJaA lpZ22oonYN//0xTzIYB9VViMUKAUoRlSe7xhrk7BJ+4+bA3tRjw+edYdsytGn7S6ZQTj ng9khanqFWbetv8vwXovZTsSSQ9QUGK4ZJn5Npl1DKQciIy5/MskFNwXJgk1TFpB/wIv //IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014155; x=1691606155; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=eswTZL14/0lbniOzURaNQN7FEq6zurstCyikDF3vkhM=; b=HlDk4MtuAvLYb24fftLzOrDB5WEaoTsNIvnalPtsotgB2JkEKOBwGyyDxGz9bz1kG3 zsKm3ZJFOLtgGJw4TZ9URBri8a+DIJr4OBdRorpMWpOR2XIYzf6jD7euvrc3WcfyRKzC Ep8UAp99t8RJhZ6yWVUWSSuf5aiqFUq7i4LKJsWaRlgZPznWSKwWmU+ZUsGn5KT+3zpC YCSawiXVUJLchQ/K7CLrqjxm5ajXlyGUqYtpxuuZBD5nQgKce4m89rjMeJ3fThN0qMB7 w8Oc2p56Yy+63yo0sWhkotVZDBkfQz0vSw0WvG/WqamtM9CL2B+T0roAl4C58d+fWIy4 vniA== X-Gm-Message-State: ABy/qLY+wKh/KWc3erh2sy5lI5yU9KdEoRbmQSO99HdAMLJYLzrtdRyW QliiNCHxzA5Jgobf6bm0YCSqBu+AY3VcaLQYToY= X-Google-Smtp-Source: APBJJlFQIZF+igmluOU2bMS5mr8gBJbp/xeb3V0KPaxzgO0oO8YmIRMtUSVCKW3jEDd2PO1KFSRPD2K5B4tN3umd5nw= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a5b:54b:0:b0:c4e:27df:1a0f with SMTP id r11-20020a5b054b000000b00c4e27df1a0fmr99818ybp.13.1689014155420; Mon, 10 Jul 2023 11:35:55 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:49 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=9602; i=samitolvanen@google.com; h=from:subject; bh=IA2WgXxwoWMBmayegrcrafXII/0/7DYZosX7v/GLBck=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+AzDEYUQi8BUsweEAdZIzultO1gPrFhWnsI jtkRlq4AveJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgAAKCRBMtfaEi7xW 7ta1C/9wVoJcIYEMVHSgyqgnPHp4livqoTH2BLIv0xCc+oPtCaZ0eaH7XVR4T6q3lQycYnczBk4 1mR2GTxEkGzihjmY9K2GmbjFNVcg7LOfnEnxsmijLPOvDqY0gszNdNjdmhi8WxHWUwJFM9haa8l Yi1XnlYhUxJv3gfg4FxvLzxcg79nus3gQFVJ+IUm4elFPQi6fcoESs67OuWdDxfeQaQ1+x1ayz6 4HH80CFSL07N5Ey9CbNAqHpXEOOfIhZjRpe0J3rRRmJfKysc8TPeP7Dea5/7dlxcw6Wi7vXrAHb AURq+fs9/5rZ7vdTBg8ZEnI+gaoQoBp9jiCSN32evpWtkzj0bySSVSiREaDLYbTIVhDBTEsn/F4 AFyJRq1R0M+IGVwmydqsXPbL3KEyy+31A1uqXk+l2rWNVdEYCzH3/7gDzHVteYnzu8p3/JJPHVG xUPUsbc8EqzDDllkEN4v42pH4ZCayK8K2GXX/Qc8JCSPI7VitZX0JC9akH9JxgGau1lws= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-12-samitolvanen@google.com> Subject: [PATCH v2 4/6] riscv: Add CFI error handling From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble .word function: ... ; indirect call check lw t1, -4(a0) lui t2, addiw t2, t2, beq t1, t2, .Ltmp0 ebreak .Ltmp0: jarl a0 Implement error handling code for the ebreak traps emitted for the checks. This produces the following oops on a CFI failure (generated using lkdtm): [ 21.177245] CFI failure at lkdtm_indirect_call+0x22/0x32 [lkdtm] (target: lkdtm_increment_int+0x0/0x18 [lkdtm]; expected type: 0x3ad55aca) [ 21.178483] Kernel BUG [#1] [ 21.178671] Modules linked in: lkdtm [ 21.179037] CPU: 1 PID: 104 Comm: sh Not tainted 6.3.0-rc6-00037-g37d5ec6297ab #1 [ 21.179511] Hardware name: riscv-virtio,qemu (DT) [ 21.179818] epc : lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.180106] ra : lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdtm] [ 21.180426] epc : ffffffff01387092 ra : ffffffff01386f14 sp : ff20000000= 453cf0 [ 21.180792] gp : ffffffff81308c38 tp : ff6000000243f080 t0 : ff20000000= 453b78 [ 21.181157] t1 : 000000003ad55aca t2 : 000000007e0c52a5 s0 : ff20000000= 453d00 [ 21.181506] s1 : 0000000000000001 a0 : ffffffff0138d170 a1 : ffffffff01= 3870bc [ 21.181819] a2 : b5fea48dd89aa700 a3 : 0000000000000001 a4 : 0000000000= 000fff [ 21.182169] a5 : 0000000000000004 a6 : 00000000000000b7 a7 : 0000000000= 000000 [ 21.182591] s2 : ff20000000453e78 s3 : ffffffffffffffea s4 : 0000000000= 000012 [ 21.183001] s5 : ff600000023c7000 s6 : 0000000000000006 s7 : ffffffff01= 3882a0 [ 21.183653] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff01= 38d878 [ 21.184245] s11: ffffffff0138d878 t3 : 0000000000000003 t4 : 0000000000= 000000 [ 21.184591] t5 : ffffffff8133df08 t6 : ffffffff8133df07 [ 21.184858] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 21.185415] [] lkdtm_indirect_call+0x22/0x32 [lkdtm] [ 21.185772] [] lkdtm_CFI_FORWARD_PROTO+0x48/0x7c [lkdt= m] [ 21.186093] [] lkdtm_do_action+0x22/0x34 [lkdtm] [ 21.186445] [] direct_entry+0x128/0x13a [lkdtm] [ 21.186817] [] full_proxy_write+0x58/0xb2 [ 21.187352] [] vfs_write+0x14c/0x33a [ 21.187644] [] ksys_write+0x64/0xd4 [ 21.187832] [] sys_write+0xe/0x1a [ 21.188171] [] ret_from_syscall+0x0/0x2 [ 21.188595] Code: 0513 0f65 a303 ffc5 53b7 7e0c 839b 2a53 0363 0073 (900= 2) 9582 [ 21.189178] ---[ end trace 0000000000000000 ]--- [ 21.189590] Kernel panic - not syncing: Fatal exception Reviewed-by: Kees Cook Reviewed-by: Conor Dooley # ISA bits Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/cfi.h | 22 ++++++++++ arch/riscv/include/asm/insn.h | 10 +++++ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cfi.c | 77 +++++++++++++++++++++++++++++++++++ arch/riscv/kernel/traps.c | 4 +- 6 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 arch/riscv/include/asm/cfi.h create mode 100644 arch/riscv/kernel/cfi.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a475ef1a0c1c..29fdba9d8514 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -49,6 +49,7 @@ config RISCV select ARCH_SUPPORTS_PER_VMA_LOCK if MMU select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS + select ARCH_USES_CFI_TRAPS if CFI_CLANG select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU select ARCH_WANT_FRAME_POINTERS select ARCH_WANT_GENERAL_HUGETLB if !RISCV_ISA_SVNAPOT diff --git a/arch/riscv/include/asm/cfi.h b/arch/riscv/include/asm/cfi.h new file mode 100644 index 000000000000..56bf9d69d5e3 --- /dev/null +++ b/arch/riscv/include/asm/cfi.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_RISCV_CFI_H +#define _ASM_RISCV_CFI_H + +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ + +#include + +#ifdef CONFIG_CFI_CLANG +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs); +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + +#endif /* _ASM_RISCV_CFI_H */ diff --git a/arch/riscv/include/asm/insn.h b/arch/riscv/include/asm/insn.h index 4e1505cef8aa..9c23f598434c 100644 --- a/arch/riscv/include/asm/insn.h +++ b/arch/riscv/include/asm/insn.h @@ -63,6 +63,7 @@ #define RVG_RS1_OPOFF 15 #define RVG_RS2_OPOFF 20 #define RVG_RD_OPOFF 7 +#define RVG_RS1_MASK GENMASK(4, 0) #define RVG_RD_MASK GENMASK(4, 0) =20 /* The bit field of immediate value in RVC J instruction */ @@ -129,6 +130,7 @@ #define RVC_C2_RS1_OPOFF 7 #define RVC_C2_RS2_OPOFF 2 #define RVC_C2_RD_OPOFF 7 +#define RVC_C2_RS1_MASK GENMASK(4, 0) =20 /* parts of opcode for RVG*/ #define RVG_OPCODE_FENCE 0x0f @@ -278,6 +280,10 @@ static __always_inline bool riscv_insn_is_branch(u32 c= ode) #define RV_X(X, s, mask) (((X) >> (s)) & (mask)) #define RVC_X(X, s, mask) RV_X(X, s, mask) =20 +#define RV_EXTRACT_RS1_REG(x) \ + ({typeof(x) x_ =3D (x); \ + (RV_X(x_, RVG_RS1_OPOFF, RVG_RS1_MASK)); }) + #define RV_EXTRACT_RD_REG(x) \ ({typeof(x) x_ =3D (x); \ (RV_X(x_, RVG_RD_OPOFF, RVG_RD_MASK)); }) @@ -305,6 +311,10 @@ static __always_inline bool riscv_insn_is_branch(u32 c= ode) (RV_X(x_, RV_B_IMM_11_OPOFF, RV_B_IMM_11_MASK) << RV_B_IMM_11_OFF) | \ (RV_IMM_SIGN(x_) << RV_B_IMM_SIGN_OFF); }) =20 +#define RVC_EXTRACT_C2_RS1_REG(x) \ + ({typeof(x) x_ =3D (x); \ + (RV_X(x_, RVC_C2_RS1_OPOFF, RVC_C2_RS1_MASK)); }) + #define RVC_EXTRACT_JTYPE_IMM(x) \ ({typeof(x) x_ =3D (x); \ (RVC_X(x_, RVC_J_IMM_3_1_OPOFF, RVC_J_IMM_3_1_MASK) << RVC_J_IMM_3_1_OFF)= | \ diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 506cc4a9a45a..6ac56af42f4a 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -91,6 +91,8 @@ obj-$(CONFIG_CRASH_CORE) +=3D crash_core.o =20 obj-$(CONFIG_JUMP_LABEL) +=3D jump_label.o =20 +obj-$(CONFIG_CFI_CLANG) +=3D cfi.o + obj-$(CONFIG_EFI) +=3D efi.o obj-$(CONFIG_COMPAT) +=3D compat_syscall_table.o obj-$(CONFIG_COMPAT) +=3D compat_signal.o diff --git a/arch/riscv/kernel/cfi.c b/arch/riscv/kernel/cfi.c new file mode 100644 index 000000000000..820158d7a291 --- /dev/null +++ b/arch/riscv/kernel/cfi.c @@ -0,0 +1,77 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Clang Control Flow Integrity (CFI) support. + * + * Copyright (C) 2023 Google LLC + */ +#include +#include + +/* + * Returns the target address and the expected type when regs->epc points + * to a compiler-generated CFI trap. + */ +static bool decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + u32 *type) +{ + unsigned long *regs_ptr =3D (unsigned long *)regs; + int rs1_num; + u32 insn; + + *target =3D *type =3D 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + * =C2=A0 lw t1, -4() + * lui t2, + * addiw t2, t2, + * beq t1, t2, .Ltmp1 + * ebreak ; <- regs->epc + * .Ltmp1: + * jalr + * + * We can read the expected type and the target address from the + * registers passed to the beq/jalr instructions. + */ + if (get_kernel_nofault(insn, (void *)regs->epc - 4)) + return false; + if (!riscv_insn_is_beq(insn)) + return false; + + *type =3D (u32)regs_ptr[RV_EXTRACT_RS1_REG(insn)]; + + if (get_kernel_nofault(insn, (void *)regs->epc) || + get_kernel_nofault(insn, (void *)regs->epc + GET_INSN_LENGTH(insn))) + return false; + + if (riscv_insn_is_jalr(insn)) + rs1_num =3D RV_EXTRACT_RS1_REG(insn); + else if (riscv_insn_is_c_jalr(insn)) + rs1_num =3D RVC_EXTRACT_C2_RS1_REG(insn); + else + return false; + + *target =3D regs_ptr[rs1_num]; + + return true; +} + +/* + * Checks if the ebreak trap is because of a CFI failure, and handles the = trap + * if needed. Returns a bug_trap_type value similarly to report_bug. + */ +enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + unsigned long target; + u32 type; + + if (!is_cfi_trap(regs->epc)) + return BUG_TRAP_TYPE_NONE; + + if (!decode_cfi_insn(regs, &target, &type)) + return report_cfi_failure_noaddr(regs, regs->epc); + + return report_cfi_failure(regs, regs->epc, &target, type); +} diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index f910dfccbf5d..212dc20631fb 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -21,6 +21,7 @@ =20 #include #include +#include #include #include #include @@ -271,7 +272,8 @@ void handle_break(struct pt_regs *regs) =3D=3D NOTIFY_STOP) return; #endif - else if (report_bug(regs->epc, regs) =3D=3D BUG_TRAP_TYPE_WARN) + else if (report_bug(regs->epc, regs) =3D=3D BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) =3D=3D BUG_TRAP_TYPE_WARN) regs->epc +=3D get_break_insn_length(regs->epc); else die(regs, "Kernel BUG"); --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91FDAEB64D9 for ; Mon, 10 Jul 2023 18:36:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232348AbjGJSgR (ORCPT ); Mon, 10 Jul 2023 14:36:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233265AbjGJSgC (ORCPT ); Mon, 10 Jul 2023 14:36:02 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 623201AA for ; Mon, 10 Jul 2023 11:35:58 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-56942667393so59167137b3.2 for ; Mon, 10 Jul 2023 11:35:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014157; x=1691606157; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=aa5lQRof/F8cmDC3HRDbQ84WnKxCQ1duxxw+zC9cpn4=; b=23a/BYJOg6q/fOh8fzxml3B4m2aOP1zFQvS2kQGJ08o95ldNeS0IPbiHDbR9gH9Fp6 kR6Sl8+BgYjzrFsG6yb+Rkk6MNGZW8hEsapNMPKNtCJKuk6nYjCRdQQ+uQb3B9UfB++f utBahDQJYg1o4JuRkSh968uQqvT98b9OmdJjbsrIk3o42Fk2d/ok29nfEUL7UUhqzHJv prPYLaV/c2enA8e2PLnR/POxy31CGGLrstg7H7frJDcw+SCozmYUGTbmwg1dBvxg2NPq 3w+buPLo/MfK/E/uNGpXJFH28p0Ada1smGQG/jSaDr/sxTRRhtnyAA/kKPGymQX7nGfJ 8FSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014157; x=1691606157; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aa5lQRof/F8cmDC3HRDbQ84WnKxCQ1duxxw+zC9cpn4=; b=Um+XivWGUvCkIlS2e+sMFe/KLvl/SEE2Df1oDUSEqpZr7z0bDqCTl/PGsLXfQtm7FJ y1fCOIPzU2L6ZwUdmntficWywIfkft36mp3RCvyf1swmMgY15PuFml5OGnIA2SokCfCC GGK6KJnyWcmwnDYEXz+2dtil2gu2kO6Mo6CF9ibI0UaIrSG1+hd1QLZNTbcwimwjV550 niC1bqNiBO8AMRPXVj2oRBzVZLgFWfOV872qqr7mtqgC2IKRlip64RE+jf86HYWwjugq qhSrq31ZU/ISBE5uzTwDLij45GDnfHLkGyk4qrMFXuOSeOuYFcNUrNt5QmYiO7R0VWIp F5kw== X-Gm-Message-State: ABy/qLaVVlZhPEfkKcJRmuddTil/wHmm4/INPKHJPjUrVwUlOke8iCsa ynLGsAyoI2K8qxFQGkyZzrrWhXKD/hnLPQs1uLY= X-Google-Smtp-Source: APBJJlF1HS/nqxQGVVm7Sw+Lyqck7QIthyrJFOTZrHwkstg/4ASzhXm/9W1XHOsTeD182p89+d7OuhX8FazlF9+8Pwg= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a81:b3c3:0:b0:569:e04a:239d with SMTP id r186-20020a81b3c3000000b00569e04a239dmr97416ywh.0.1689014157245; Mon, 10 Jul 2023 11:35:57 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:50 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=820; i=samitolvanen@google.com; h=from:subject; bh=kymeq10zoWFqiY+GAwwmAwqNZBv1fmNg5qliMfkaSfY=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+BqQqqxzq7jHsOZNuj+FFSkh4kaftmf8PyY jDkFEmsHKSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgQAKCRBMtfaEi7xW 7hR1DACL7wNpbhOW9RbbJ6wgRvYcoTTSZDHUgsClXupLaaeipyUO9QC9zsPf4Q1iemCy/NFGNyC JF7AS7FxhKhD5Cc5XVhwyColrHi1xcvd6H9jUoiE6UhKSdLbDa11uc/dH6nMQk1B7K8bUV8dq7y BTGqNZBzFvNBEXKspIzcxH+1qhZUKR5L+PcoVhaM1MPO22DQXRL7bBhknQ68Q4DNRNN/fEhIFd/ x1VO+WAhzdrmbt0UsBsYs8Iins8w4y3rr5takR5uFJjejP9YWDAusk8aDsuvoWfbYgMEh5xbCxa 1Fj/kfCx+v2CLL5VbmgP5kseMz5eTtbE1oxt4oMWlYHEMHcUwrS7+8W2qXt0k99dOtQnHVRZRuP 8luFpa8IutHZkKTVnPrLhUyCkK1TJjo4EjU8L589pXW39fW/up+mozwX985Km0FeB3Z220FUTGL zfFr01PoMwotR0AcrDE2aotdqMYL1mWrkB1IF3Umg3PtPxFoKaU+zURdOn13bxn/CxtbI= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-13-samitolvanen@google.com> Subject: [PATCH v2 5/6] riscv/purgatory: Disable CFI From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Filter out CC_FLAGS_CFI when CONFIG_CFI_CLANG. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/purgatory/Makefile b/arch/riscv/purgatory/Makefile index dc20e166983e..9e6476719abb 100644 --- a/arch/riscv/purgatory/Makefile +++ b/arch/riscv/purgatory/Makefile @@ -77,6 +77,10 @@ ifdef CONFIG_STACKPROTECTOR_STRONG PURGATORY_CFLAGS_REMOVE +=3D -fstack-protector-strong endif =20 +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE +=3D $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o +=3D $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o +=3D $(PURGATORY_CFLAGS) =20 --=20 2.41.0.255.g8b1d071c50-goog From nobody Sat Feb 7 21:15:32 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51801EB64D9 for ; Mon, 10 Jul 2023 18:36:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233007AbjGJSgV (ORCPT ); Mon, 10 Jul 2023 14:36:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48350 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232894AbjGJSgN (ORCPT ); Mon, 10 Jul 2023 14:36:13 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8A931A8 for ; Mon, 10 Jul 2023 11:35:59 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-c6ab0d1b1dcso5068258276.0 for ; Mon, 10 Jul 2023 11:35:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689014159; x=1691606159; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=U5TIV77Gf9BVe9e6kCB4/ILVtLRCWpn2g7fhFOBoE3s=; b=qwyEfW3Cmou0wgR8ApNwjEhaMEQudKFycuSBNRASsvYbO6BVLK0h2HB5eRL+9FdoMU cHkqVYioIwvINUHdXDqouKSsUkMhNEt3vlZ5EhDdG/GJ7aS6sxT9BTuMO57QznLtk4Do UOyDz2FVIrzepF2aCMOr8gdFR+IFDr8Yizd130zu+X1a5ZNeGj0E1pS9r4u2rgJl03cn LvhEifvwZc9TS+BeKevDHotAcWKC0F37ns1qqWpTSOjO5WQ638Ecmx2sZTcvgnkz4ikm f0djXHkpR6yjiOb0JfKYanYVo4ymoKD9Tm6gnQSjri0cs478Yrmox99UBLIWxPCVcuw2 insg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689014159; x=1691606159; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=U5TIV77Gf9BVe9e6kCB4/ILVtLRCWpn2g7fhFOBoE3s=; b=KKQMEqIPryJrRIaitM2633jDYaDlW5LEjkNXf6zNtYCyn78qQ5ul60Kb4sQvWHvm8g ccgMJEo9qBoMJRENevDxXShHT2qczAoJTb1CL1G2iOgb8Cj2SQ0FIlVQOeVN8wVDNYwQ UoxFqEPbQc+mspRcUZiRCc9smMgL79wb2EF+w91MlfG+RNTaB4TLYizMVEn19EnErph1 QHYkBvLbOIXbuXmAUHnClKrNaZLvXPo+9JwLslMXsDO0+nyN9vyjF+s/7rWhZNoys8Ft Og+Ndnon61jPUrajv4HOd3t8D0yXQFSa1LxsW47oY1gqRqQDG2OLowqJeR9nuEnfaqAf kZpw== X-Gm-Message-State: ABy/qLaKfieLtgROwh2+5QM82KUYGC98fBcUl4yu9WBJGfseENjxI6hR HXVjVaAbNX0/AunqNVtZYyu1V1dtyAWegF28FRo= X-Google-Smtp-Source: APBJJlHCBpDFRan8lF/OCBAcQRzjHMIn7AKZyi8KrXyHj/pOEPwKO6DHb0dieV8Bld6b3gSNsuAgryF6lwn80bKvU1E= X-Received: from samitolvanen.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92]) (user=samitolvanen job=sendgmr) by 2002:a5b:90e:0:b0:bc0:bfa7:7647 with SMTP id a14-20020a5b090e000000b00bc0bfa77647mr78507ybq.0.1689014159077; Mon, 10 Jul 2023 11:35:59 -0700 (PDT) Date: Mon, 10 Jul 2023 18:35:51 +0000 In-Reply-To: <20230710183544.999540-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20230710183544.999540-8-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=786; i=samitolvanen@google.com; h=from:subject; bh=Kirtl/2CH574RlVli6RH7Tr3lxFM3RdB5GGPayWpFT0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBkrE+BGANkjs7x+hs99YYaMrhZLk9av9PmK51ek dJTYVpr+pWJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZKxPgQAKCRBMtfaEi7xW 7nVMC/0YbuLZxw85M9u6LDaUUwcWbWuX73K0i6Ow+fZlwze0XWWIw6HwbB4a4LtG5NRd9Tb+RYJ j6jVsSUO6MPXn4uUYYiSa9lKiKsUoXUkG02C9xDkX6cCn9Zd507LQGKmZW/mzDns+m5H6sdb4O+ 9tuXpgxHMtOmmnM9pQseqzSsfOHRdBqZat4JjmG7GjuAU4mco3J7hCmubi/E4RyACCVYpYkk+wb gKCmfg89QQ/bzonXsdRv8Wj2wGDw0IOP+vQvx+19bw1u/LnPEx3L4TuXxYIXoVxS/vpYmdH56dc MNLQWYITWJbBzw5z9es2HByxf1uOi1N7FAVFxi9/wKQruIfPbzdUCWTSfhXRFBJ9bfh5ByFoLAx mOa+Dld6KrZPLvF+QuOnUt5fiMN8Fk77zFkUYLruYGIDyhJci/wxjNRwjHzVLnN4VwJPWlqZnUZ xd4WtDmOT5gKbgSr/iqHLa2YfhwhUraInyaAMD6csG1kxRAfyFOeiEWRFpP63KzG8Oz78= X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog Message-ID: <20230710183544.999540-14-samitolvanen@google.com> Subject: [PATCH v2 6/6] riscv: Allow CONFIG_CFI_CLANG to be selected From: Sami Tolvanen To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Conor Dooley , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Select ARCH_SUPPORTS_CFI_CLANG to allow CFI_CLANG to be selected on riscv. Reviewed-by: Kees Cook Tested-by: Nathan Chancellor Signed-off-by: Sami Tolvanen --- arch/riscv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 29fdba9d8514..68c790b181c3 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -43,6 +43,7 @@ config RISCV select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT select ARCH_STACKWALK select ARCH_SUPPORTS_ATOMIC_RMW + select ARCH_SUPPORTS_CFI_CLANG select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU select ARCH_SUPPORTS_HUGETLBFS if MMU select ARCH_SUPPORTS_PAGE_TABLE_CHECK if MMU --=20 2.41.0.255.g8b1d071c50-goog