From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED18C23FC66 for ; Thu, 24 Jul 2025 23:37:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400229; cv=none; b=c2BQq5AgfMVDL3GGWzS1/wakjdFFc9wAWqjEHk/mZ5LCbgLYJl2QBgIWMYSDeECQjoQjXMeBo7bCU00jfxD3ta2kzKmXj+F3x/ZrPd2LcMGLN2VNk0QSd7rKhFAk5WpbC7eKdja660aLjw0uT70YasMkZt5eFwzKRa0AogDSQNw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400229; c=relaxed/simple; bh=5N5m8xOH14VHtqk63znJyJZdTgix/MtEnLNiozKJxiI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=dV0Lt9dXpxwPS3WcD4IxTwjggZacqL29TQtZ+sYBIvqY9laR12XlviRDFqhcpumCNxvYsmfashNJLCABO7/72Bx3kRL7EZWkH5rnCl2Q9GZrh906gvReVzm2wC3asJTEGsvb6ENoE1umX0+FZSPc1SCDWaGHw1u4bs38Xmzty7k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=Q5LVhvBs; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="Q5LVhvBs" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-23c703c471dso27066565ad.0 for ; Thu, 24 Jul 2025 16:37:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400227; x=1754005027; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=krQk4P3pfTRPUT5p9FwZ7J0ulZx2x20Cletpatu8lvU=; b=Q5LVhvBs+qhnFZIgtPZOEMT9JgA/GdDYxvtnf4K147iIQ/3nXcSWYP0d9gkIvqh5h3 m/sVeDX/t6VY+1eakbS6748ybp3Bg1KBBTEsvc4mb4sUGo6bSJ8syJok2naxmSCiA4MO JEkYyTz2sWibFhlGOEbKRWjJdnSEK/Lo5klHjAVvdq5ZjhXwyv4jQB+/KgtEQAOskM6C kbVJ1PkGRBZxW+eL/8pB91isTQI4FMt+2rKSqfvtCnEefjTurqR6JM/844FP9tz5lH9I VWoUBCJwHH02J1MHh5KYnxK/FSoeK7C2nXEnOxyjx7V7avO74ka84pB+NT7ETylAoMQl b3ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400227; x=1754005027; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=krQk4P3pfTRPUT5p9FwZ7J0ulZx2x20Cletpatu8lvU=; b=V1TR6FX0i0qbjsISMSM9Ut1fxPJQkN9BHUk2jjcwrHzgyo7haA4fcz1NS3hR4pqcYt JCo7ipaFg4LbLbf1dUFjFU8Yj8Fn4yJ/NrG73qpY0E3v/6xx7U0udYdkJVHpPn7X2YNT Bzy8zsdW5KXSGXwFcXRNyXNOwXWBba/9hNy8hMkOSw3k81omqZ2rjrKYr5/Hurua5jH2 o+dWxTRjlxpUl0neG7JgYcCETDLEFEzzBR868YzdQTvFMA1KASOOgMnVw/+vyQpxIgeZ EpR6cP3CO0DYaCbayDcET9TUG7wiOyeKfZrs6lEp3M/2Y4Nmtb8es83SoSv0YHTz/D3q qNIg== X-Forwarded-Encrypted: i=1; AJvYcCXxYXNEbKbIxnCQ13u1HNEYgIYLi8ZQSBa5goxgLuQ0pw3uDn+25G2paw9MTDDsTe2wALDd2sqmt9lkYM0=@vger.kernel.org X-Gm-Message-State: AOJu0YxXG9VC99IkHG6YWpp2KUuNvYQRJfeCSkSMchKtEb5DK9uiS20q vVI9UEPpddr9p+sRbmS/boMIoTpxNxjoS3Q5aEtFiMByExs8ZlQzhRPRPz23cxDFGXg= X-Gm-Gg: ASbGncvCw6W8Ix/9j8ZsXYA6mzny09XFTTFyUGp71RuedYkB++7dvfRSBGy7/Dn1p44 XLpIEBY+U+cuX5z+VwkrZXe0Ej7gYU4AJ5kQ7S/DgfhkXW7hTC818Rl1O5KDx3O1W1mOmYeJCVN J5kfGvYOPvxUJbgQgmRI+CIOm/Tq/P+PH7jPQ+46F0JvvRIMDWBLgA5XETWOfPg6RjNN5fISqVY wcCnvxm6kB4+KwGgdLjgSSgCMPR4MGOweVab34Efkq2YOAn8+yIoOq/n/Mu2/PP4UskfFPnmrBW 0VwNMY0/eU6mlDNfWl+c4vu6Hbhlv4Pn4kQ3SmLxu0B5t2gVT3hwTex87SOPXoJSN9bOoJMudpG JDUcZ+X3J6qDst5zbgjXKPkuMJbOIh7k6 X-Google-Smtp-Source: AGHT+IHqqHjkrV1Y0AgUE/7okEjKgN0Xu4SqOAlTzo93EMsg5xWeC1nRyl3GBDs9U3ql1blBgoSqFg== X-Received: by 2002:a17:902:ebc5:b0:23f:a1b5:e537 with SMTP id d9443c01a7336-23fa5ce4bf8mr55592815ad.3.1753400227208; Thu, 24 Jul 2025 16:37:07 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:06 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:54 -0700 Subject: [PATCH 01/11] riscv: add landing pad for asm routines. Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-1-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 SYM_* macros are used to define assembly routines. In this patch series, re-define those macros in risc-v arch specific include file to include a landing pad instruction at the beginning. This is done only when the compiler flag for landing pad is enabled (i.e. __riscv_zicfilp). TODO: Update `lpad 0` with `lpad %lpad_hash(name)` after toolchain support. Signed-off-by: Deepak Gupta --- arch/riscv/include/asm/linkage.h | 42 ++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 42 insertions(+) diff --git a/arch/riscv/include/asm/linkage.h b/arch/riscv/include/asm/link= age.h index 9e88ba23cd2b..162774b81158 100644 --- a/arch/riscv/include/asm/linkage.h +++ b/arch/riscv/include/asm/linkage.h @@ -6,7 +6,49 @@ #ifndef _ASM_RISCV_LINKAGE_H #define _ASM_RISCV_LINKAGE_H =20 +#ifdef __ASSEMBLY__ +#include +#endif + #define __ALIGN .balign 4 #define __ALIGN_STR ".balign 4" =20 +#ifdef __riscv_zicfilp +/* + * A landing pad instruction is needed at start of asm routines + * re-define macros for asm routines to have a landing pad at + * the beginning of function. Currently use label value of 0x1. + * Eventually, label should be calculated as a hash over function + * signature. + */ +#define SYM_FUNC_START(name) \ + SYM_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) \ + lpad 0; + +#define SYM_FUNC_START_NOALIGN(name) \ + SYM_START(name, SYM_L_GLOBAL, SYM_A_NONE) \ + lpad 0; + +#define SYM_FUNC_START_LOCAL(name) \ + SYM_START(name, SYM_L_LOCAL, SYM_A_ALIGN) \ + lpad 0; + +#define SYM_FUNC_START_LOCAL_NOALIGN(name) \ + SYM_START(name, SYM_L_LOCAL, SYM_A_NONE) \ + lpad 0; + +#define SYM_FUNC_START_WEAK(name) \ + SYM_START(name, SYM_L_WEAK, SYM_A_ALIGN) \ + lpad 0; + +#define SYM_FUNC_START_WEAK_NOALIGN(name) \ + SYM_START(name, SYM_L_WEAK, SYM_A_NONE) \ + lpad 0; + +#define SYM_TYPED_FUNC_START(name) \ + SYM_TYPED_START(name, SYM_L_GLOBAL, SYM_A_ALIGN) \ + lpad 0; + +#endif + #endif /* _ASM_RISCV_LINKAGE_H */ --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 603832441AA for ; Thu, 24 Jul 2025 23:37:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400232; cv=none; b=THKJiZCBM0dgAHCtfjsiyViky+CYq9ovQ26e2++cZsCMnBCvgX6PplChmmtjQK28/olzPB0Nw1NNKHAVwMKp/BGnPi50jlJA3o76nDKkVEeIDgLG4g9ZBqH/fevxjsN3WKe4DdeJZ7ahLVLwUEcpSutmiKGvi+7e+nn9OKFA3lU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400232; c=relaxed/simple; bh=h7Os8p1r034RH4lkAG8aM6UqzQvcIU6v8/5QpRCRTlU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=bE6OLhOMnxLkv/7dVGJHwcwQHqfUZOyZiHOou0NMtCpk/8eS3H3MDPxb0443rk9U/euDJd0E+4DqM52WPB4ezjORbC3No1mZk5LvBmuG49LsRzWVMcQ/bF+k8avFF4kB+sJnJNuuISDC+5EvmlEwgDASugkr/f5js2U/6n76Uck= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=tP36yNMh; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="tP36yNMh" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2353a2bc210so15112515ad.2 for ; Thu, 24 Jul 2025 16:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400230; x=1754005030; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=CG5iG7HEmzaJkQJOJy5GwPyyfPnsO8eGyVBmIiBheIs=; b=tP36yNMhuKZ9NHW/7VHU6Fr9um42pka75oOtwsXVAH3IJFdbQg+ajG3vp5Br2iBABO ckAeG6TIA3A4iCOZdg2LH9wYxm3clrelhvpUyHFV3By7FF9nJxCyVOQouOKsJsvLYWVf Pkl18jg4qiog2x0af1crMtJdVFpSHaI7SetxRNfLunRmcFX2mU4wxmY8R92IT3oLTWSv hrevLBQ+dhxvDEOaqDBYRPhMsTD896NBbxfqsjXQ62/XS+Cyg7HG9xu/rkj/vkHR5wly 5v5C3B0Ekf5WjsiFrhcDg9DelsE+40jr9yhei+oGUDCUns6XS1E/8IeeZRGtUNrRd29B j5dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400230; x=1754005030; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CG5iG7HEmzaJkQJOJy5GwPyyfPnsO8eGyVBmIiBheIs=; b=XjjHAO3y5znZ+5xzb8I+OgCh6hb5m50RT+7p61nwUEiNcCuJCz6DecaAq1sD21CI/s +X7NiBDeGVfm0lqSNIiv8dCc6XAMKRz20/8wFTM4JQWTs8ZSLUpMZj/ONvThHKMBWEu7 /ROqSceazss7Xx4mEux4qRXd/li9qnGzHN0I8nf6sjirhHzDT4eF4TDFEptvOsmI6WRl Ly3Ft0woVIkH1uMbbBVX++2lSdwcvPa9qx9pCmRhJAX+1EL7SUIXIOq1/zZ7Bg887amu S+JENt8sKEFMOHSS18YNeKhjF40v9cOB33u8E6ShijdVRFm9qjlMeBEutqW6pVeLKxLY kPVw== X-Forwarded-Encrypted: i=1; AJvYcCWFx5/xGvlvzvfOKqT5N2lIm5GLKWU3RYiGdQZkjHctUDPpQzc0JrlPkvjXDFT157BK5Va7nia60mI8VOk=@vger.kernel.org X-Gm-Message-State: AOJu0Yw0J9dUIfWASAmd70e6d9qDLwmtVfnZ1hnlf2ZKBjl7fhvnQRXN 4AQxMk2PrHHsroochhH55tQbnRXP9IaTlGjmEJ/TzURwsW78nAcK6RU9KpOvh0q0BKY= X-Gm-Gg: ASbGncvxpDiubgPmnVBRkWPAMmQo1NPgo7l+eJ1umDYSMYFCF+zipVET2+7OI8GChqf /S4QKazKansun4BFi+zcJ4jxP5591oVwPNdp7UK4DH/MeecIykIwDQ5tE78OMrsIGEO6mk2Rhh7 kUgCgGa/KwVPk287YtNiF3C3TAcWv8RTOQUnUjva/ZImeGr436oNiWR6EhbeQi7H9IVQUZPMcQ9 oVOYAcEkC3GbpC94oN3R29vJn8wEXWSBGdQ2Bwpoh/ARrMpmFRBNsU1AxbvXbJqd4ksHOlPPDve +U3G+G77VkUDEMGPULLpwKUdpbu0u3TpdJK7tnzk+sRkSu7SfhsPoEAo3KMJLuNhxM66Unp8y1T Yyh+jMGWkjmTOI/Ff+i6PZwAFM/u2aBdc X-Google-Smtp-Source: AGHT+IFimijtxboQ83ruW5Lf/Edn+u8E7CK8azktAcnwGUUTAe1++zEjf4xwnHFBVkfDbfBbAK27Uw== X-Received: by 2002:a17:903:2a84:b0:238:2990:6382 with SMTP id d9443c01a7336-23f980de085mr106900615ad.0.1753400229626; Thu, 24 Jul 2025 16:37:09 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:09 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:55 -0700 Subject: [PATCH 02/11] riscv: update asm call site in `call_on_irq_stack` to setup correct label Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-2-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Call sites written in asm performing indirect call, they need to setup label register (t2/x7) with correct label. Currently first kernel was compiled with `-save-temps` option and normalized function signature string is captured and then placed at the asm callsite. TODO: to write a macro wrapper with toolchain support. Signed-off-by: Deepak Gupta --- arch/riscv/kernel/entry.S | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index 2660faf52232..598e17e800ae 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -389,6 +389,7 @@ SYM_FUNC_START(call_on_irq_stack) load_per_cpu t0, irq_stack_ptr, t1 li t1, IRQ_STACK_SIZE add sp, t0, t1 + lui t2, %lpad_hash("FvP7pt_regsE") jalr a1 =20 /* Switch back to the thread shadow call stack */ --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD5CB244664 for ; Thu, 24 Jul 2025 23:37:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400234; cv=none; b=qtMGbhVL20vOPgC/IwIovcDGvcgfDfZLh2xB034rSQ1RkfvzPV1Xy54OLzU3Rrw2RVs8uMR7NfDrk9kKJJlTRReC5ImRYlmEB2i+ArCj1GS4D6KWlOG1/gYuqXQQffVq8c7m/cp+M5op2dnaOA+NPzS8Ko4DkF/dkiVplPzhFTI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400234; c=relaxed/simple; bh=TX7QOESfiwCfuH+ZcQKgbvec7xRD+j3+tnkSFJsy5gU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gonGLoycTQBNf7Nd1uMWwsNZue0KAosmKdiAOws51fVV38MHTpkC/v0cnNMZVvCUSycUaxDQbMZ5XR73I1pEhHPX/I7gGGjZ0Zf3NaVCUrtPbBvRVfmTutJDdhHQl8MadvK3xrhhUV6W2EGm5da6SSTSFqXhPpxY6GxVc1LRDCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=V8nwCQMx; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="V8nwCQMx" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2350fc2591dso19146405ad.1 for ; Thu, 24 Jul 2025 16:37:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400232; x=1754005032; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=OvHRga/2x06e/3IXRCXpOvSv81ZyfpTLSHYXhuUCgAU=; b=V8nwCQMxaJRaZSkE8Q9XfpchnwOAf7K/akQyDpW56n89+N2k9ODBSN94MDijgvBOFu Ul8Z8xWijZVSsxSdLy5i6EOBaUgbcZe++36xg+HxnpPeZMWmwHFA/442N0aPD5vcJRvF j5wbSly+rBBlS5RowU7VhxN6PWie+cQGkVkQtqlXjQGiOXU1n7F/KjFARXNCynoLcDLs 1fXz68Cj/Br+ycRQEMy0ca4Vp4RyK9iwg0kyBBfURBdBtyAPyMoGqQoiNEHy2WmOiVry IWfyrtBOiOWgagzJWqyjZ7BMsOmbpjPi2R77TF+PU+UUx+s1YnhA147CfLBxK3oxeE0J LCtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400232; x=1754005032; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OvHRga/2x06e/3IXRCXpOvSv81ZyfpTLSHYXhuUCgAU=; b=MRVni5pWJLaU9NFHtL1JiI9ZMak7+0c2fVL/d6Gr4bXIXfiyBAMQk6MbC6ZPOjkmbr s4NSLaI8/vADRgL6h2KojAnMtTAl+4af63lwiZuxi8gtMe+ronsidFH0/nuDYjfGFyBA 0O2udyVVuEsJnZzHrnJltr7RcJLRjR/UBcAfBrb9sbWQ3fQXZmDuyINhIzVJ+SxXjNFU +gqzvzz+IDE6eRYa1u9Dnwmwf0rhFKNTuTDZiAGRmPBK7Fdi+StrAvpIjPJIr4Fvn73+ MapK3cB1SJR/1gIaqCU0JXixWIauztutxmwjQ+5Zym6fF83yZywO0pQIc5oN+XJNrFmB 9Llg== X-Forwarded-Encrypted: i=1; AJvYcCWcm6qyfa5MEuLUXGpC8KWuH03O9DFQBG9g2rGVbXbYDL3fhiS9eyw0JxvzEl60akgcHMppZheuqPBqZko=@vger.kernel.org X-Gm-Message-State: AOJu0Yyr2kFh2nQW4ov3LghixbKko0MmKln/LCTQTfLWRhJkcaHZhopo 82Ag9Zbwkc5AdEGa/PE2HvMmYn6C8gJg976TdYH3pz+mGYrXonj/IIbBmKOns3U1sas= X-Gm-Gg: ASbGncsRySkanBtkXE/GkIv9cCLm7XDQhORehYvFpkx0dc05y1qlm7p0dpG+4TVZiZZ dH2md8ndSvTFmbx0dokt5nQVo0n+XSWn1W1/u6ucu8Fr+xzlVcc2aPoq5OW7qKLqk/pvbTr5L8x Xyp8NIrz+y83Pm6sFy5FmXOEjuumhPMWQz88JOK18szLkO160Ic7jF0oxWzYrxDv2QGioiRoOYZ QLeILUTfcyBK4wI9ebemRlZcIpoOGPL3zMrvKzpJfZqulhLjqz7KEwOH/5GaQVScX9A4AcaJsac bVE8O30Alfa/OiFu+Eiha6LUfrmWDZeJiXJuCx+rusyvd4Ni+i+P1ggyDO517UpKQCVUYieV6CC qtb2HrMDn2yw4RptCk/xtyX0NPLYejbtF X-Google-Smtp-Source: AGHT+IHlehaeba0g7zvJWooWl20RVESgD35SdGjk7uZPTtlJW4lACDouf6PruSCC8hJSgeGX0h9FOQ== X-Received: by 2002:a17:903:28d:b0:236:15b7:62e3 with SMTP id d9443c01a7336-23fa5d12ce3mr54400555ad.9.1753400231958; Thu, 24 Jul 2025 16:37:11 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:11 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:56 -0700 Subject: [PATCH 03/11] riscv: indirect jmp in asm that's static in nature to use sw guarded jump Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-3-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Handwritten `__memset` asm routine perform static jumps within function and uses `a5` to do that. This would require a landing pad instruction at the target. Since its static jump and no memory load is involved, use `t2` instead which is exempt from requiring a landing pad. Signed-off-by: Deepak Gupta Acked-by: Heinrich Schuchardt --- arch/riscv/lib/memset.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/riscv/lib/memset.S b/arch/riscv/lib/memset.S index da23b8347e2d..c4a318d8eef3 100644 --- a/arch/riscv/lib/memset.S +++ b/arch/riscv/lib/memset.S @@ -56,12 +56,12 @@ SYM_FUNC_START(__memset) =20 /* Jump into loop body */ /* Assumes 32-bit instruction lengths */ - la a5, 3f + la t2, 3f #ifdef CONFIG_64BIT srli a4, a4, 1 #endif - add a5, a5, a4 - jr a5 + add t2, t2, a4 + jr t2 3: REG_S a1, 0(t0) REG_S a1, SZREG(t0) --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F9272451F3 for ; Thu, 24 Jul 2025 23:37:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400236; cv=none; b=foSckNePGdDWVHAHuuwFyiVjMiZHTTuOMX+QqD6keZPDEV+nG7uYFlTl0Bd7djx7vPg6bM431gCfgkScN/QcfMzA4Jy8DOqf63xTFmsnw+4C6yOtN2CrIkumACEDs0+ajFzMk+PgJHDXuE8mUK6344mFyo+MhxHm3sjVATO6zkA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400236; c=relaxed/simple; bh=Znz4HWUKeUDrvSYkQdDugVKK7rHsODYScSSfQiOAlsE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FpXlaKWwEXl5nFrKiY7A1C5mg6ZRbXa7C8wep1qXbduii43mOL/L0vK5QN/2u3ShKPL/nvFo947AMJ8N6MpYShC9x9ZB8K7aF8IYC1upFr9acL3imB+riSI/mLjgGWd/K4V8meUnraRmii2rdkEG827feRAsvdmQhSMmpnk9bG0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=lgsFnP7Z; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="lgsFnP7Z" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-23649faf69fso12757835ad.0 for ; Thu, 24 Jul 2025 16:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400234; x=1754005034; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=YAeHR6jMoeNreT1rLi4tkifNH7GwHO7F0FWeni164mI=; b=lgsFnP7ZIEeysxH1adfOmwPF9uqTzuw/RibcbSZs27i/5zDzhcuHX5w0/alwXJt1Zi oQN0HjQqg4XHIQF+3nQ1j1JVCtEL27hgI+7BmOdAiHfkCWqsldvWA3/48jQE/2xT9GJk 4VW1iYPUaXF41lZMR2ayCWK1qPE70PBWEKN4GmZwBSBjnazn65XLD0pBMyQfCelbn8OG uB+UJN/E9i4sgcuGXiKWtsQHkc0VgEDTIIWskYsNpV+BJDGVBq0lfX4c82g94F+oZjka ulN7RVLZPVxHi7blBgT/DLWSgMSobXWBfZ9HrZIjl4QDEPdeQ9zRD6JOYx4r5KxMfah9 ptLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400234; x=1754005034; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YAeHR6jMoeNreT1rLi4tkifNH7GwHO7F0FWeni164mI=; b=hlIR5tVAS/o7ojQ5EvNLFTlPW76aonT4fPsq+Wmdzoxq4vVPrPAwPAqj7O67peiCw4 cKGeubR7mQ9KR+cmghMkn2Ep6OFTvVJOfgwGjoJaadwIc68ILsrXsNR4tAoKYES83wYc S2o1Ddjb0JHjDrBu+2y4KwWZ4+dTYQH1kbq1E9FnHYnjUdtDHcX+Dbq01RYG+XwQPwx8 9XJEvHupgh3vFf0bK+N63ow7022dZpO2bGwIofvmtLYG+drNkRnAxb0RKBm2gtCOwG1j zxEBheIBiBzPkvLJorNZ5zj86DpFzvJLhSlDJp7TBoSgsAVEWHenLDX9puX7W3OQz+p3 Qy9Q== X-Forwarded-Encrypted: i=1; AJvYcCVtALFtx3YZpDQQ3juInJ/L3lhGgbotjRGeuvzyJZq6bFN1wy8t7GuuKMJL/hA3P/cd2ctcZEiD3naURBg=@vger.kernel.org X-Gm-Message-State: AOJu0YyrVXFM/qiD4A9OqWkxJMSbyRqDKP7yYYPPO8eI7s56suKFVZSB XeewvHAlvwTdyLgQYnpcxynV5R0X6q+F9rl6DS/Di2pkkib6dUVcw4/oQLBONWYOEeA= X-Gm-Gg: ASbGncvWvFT2lN9Nuch1SbMcWIO/EhVdGZ5WGYuil+ruB9MU9xoeNwCkmRthB+kkOaH Me55zXeHA7GmWxCW0g0GcPVa74NUQSZqvJuzdVvN4LWb7R25ieysBTqgaif+rys/eYbqRXuThkQ 2hd0d66l6pqalo5lq5mtrOt0OrpTVmlfXbwJf9gpNj1994CYwA5ajdAO++lEU0Pb2ylxXXQdRjM 1sor1vSv3SZIM287eVLye9bFxTrefa/IykGXU2SdZhQqKQYFtwmdVKvx07yaYGX7Fu3uDX2vw1r IMPaBFfqFQ0JZS4qypHUKQlEqjXgHwMEG2S2CqC7jnwLbpGvK00MtiZkVLu0132mrkTEyqjTz45 PGBEZTVKDymeqO80cA+xXqYpuV9rq6pZ+SexJ0zeGvIA= X-Google-Smtp-Source: AGHT+IEC6umj6Lj/bljHcGk8ktP/FZKxktXm+XIJAAVaqHXn4oZH20sfm15h9uxx49Sr7WC6JzXzDg== X-Received: by 2002:a17:903:3c2b:b0:234:adce:3ece with SMTP id d9443c01a7336-23f9813ab07mr115991405ad.11.1753400234285; Thu, 24 Jul 2025 16:37:14 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:13 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:57 -0700 Subject: [PATCH 04/11] riscv: exception handlers can be software guarded transfers Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-4-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Exception handlers are static and loaded from readonly memory. Control transfers can be software guarded and not requiring lpad on target. Signed-off-by: Deepak Gupta --- arch/riscv/kernel/entry.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index 598e17e800ae..3f0890b9c0b9 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -224,12 +224,12 @@ SYM_CODE_START(handle_exception) add t0, t1, t0 /* Check if exception code lies within bounds */ bgeu t0, t2, 3f - REG_L t1, 0(t0) -2: jalr t1 + REG_L t2, 0(t0) +2: jalr t2 j ret_from_exception 3: =20 - la t1, do_trap_unknown + la t2, do_trap_unknown j 2b SYM_CODE_END(handle_exception) ASM_NOKPROBE(handle_exception) --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 588B6246782 for ; Thu, 24 Jul 2025 23:37:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400238; cv=none; b=E880bPfc1atZXh5N9zNqJUMhUW3YiGYBomRLNSDdQXvJYm3rNknxZ5D68Xqw9VVbcsK3fPxUg0eK8UJoGpRjlrzgDvYrbWfpkoCbChEXujpSKDRtzCZDJK6LUY4VZj56SftJ8PPZ4J9vY6t47oUpNPubQhMEuaJZ4qdu1gAdbsg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400238; c=relaxed/simple; bh=DtTsCEflgrt1r4FC6hlq3qopTxtenPFkOWKMBZTbVcc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=sllCRRg2MdDIBDjVfz1EdCUYl69x/uRU0L7NolW90FF2l1TS4iRlg1pYlUhVsdu7bl0TEAD7zgeCpcCL1r9dRvm0Pp5gxDivjQzqLs/44uEHPeFWk7XwE1Y1lTP7AOcEQfXh+Jxqv9NcJCgzo8bvXXqLkPrNk3HEMKkbwq/u0AA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=LKj36f9m; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="LKj36f9m" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-234fcadde3eso20911565ad.0 for ; Thu, 24 Jul 2025 16:37:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400236; x=1754005036; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Gkm+U+Z8JovOoe8ArAZBSUqCVEx3YFZYKLxHXbXYTzk=; b=LKj36f9mG5x4uG8H7VTSIGn2l5DqYTIyLWTNBgN5K2qZimuUo6yeujUlNneqT3xwED +hcW74ILu6rGOzfT3VYAmG/0oH/CBjGZoeR9Eu5HKo4aJbCtHzI1pGDlD0JVlkE9/uDT TzRdyc+3Wbw62gMeAR4AXRXUrlUPflE4IBlR4WPljxv2PgG8EQ2XKaESLfz9kAroW7Sq IP4g+WANALugGLmCAwouFOZPQPyqmhoC3V4cNmJVzTmyYOKtf/MliWhHWxTeFFS955ZP 74ZEfcGS5rTDssuSw9wjzZOZMWxMetRF98OOxfxEcyIc4cFLrnb25ApW5zflwQyymq3u /9AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400236; x=1754005036; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gkm+U+Z8JovOoe8ArAZBSUqCVEx3YFZYKLxHXbXYTzk=; b=slQpyZgS3V6hJLguyXlkOeGlgByQYLd+Dn+LZo//ZzqmS/dfzUrXjeuh83Ir1JGWNp HazkDsxH8skibx/Bz0CYAQQXtApFEAq+gxlfVnJN6F9SWE21LZEapldYIKcYCny7SmQj unmXj2135vpXhPHFiizMRdJCvh4If4wifxZanB71xDaqk9WGvx3Zl7sBbfSV1D9InVjo PzHNdMv64EftgCN/1tlrQulKXU9iP+BFusGw9Zkg4WLb+Zm7htMRR8cPcYnJy5TDBJwv 0N3XS0OWHjgljSVq+W1dfwmKR7Ef6yr5wGPlY1i+eDQWWPdtkyJa27UguzldV0F/NIuA hBOg== X-Forwarded-Encrypted: i=1; AJvYcCUnp2zhvyTAf6/nLvpGXfyGWChylDqRSQA9VrMdRvsrjwi/Ip3mMGrmtelJJe5RiyM0Y4Ad5eveXZv5K+w=@vger.kernel.org X-Gm-Message-State: AOJu0YwvSZOuk8HrzLA1/1qWs6Kw20JQLgiki2xre9Kr0ggq46xAbbMv 4Sn4ByNc/Abiy+rNY2/MY8PF/xqzrO1/m8i6pCW9iEHkb+NFY+BWQokifw/vrc+OkZA= X-Gm-Gg: ASbGncvlbe8cIzrl4spOFsdQftFEoa9RKzbKGFXGqwi/9yB8+df74BxeRrI+POIq80o fHmfdEwjTAq3W6nIGpx6FlhXyW1rHeoLn9puIDwdkzy7inws3pjTPaLv0dyVvf/sNtyQ4bU65lY MnGkbR+Yxtm6F1dOMzqBwfz+lm0uaBqlpAbiSR4dw0S/v8fNbClJCIzi+qjmgQBdaJk4xRD7jrL fTa36JyXtTaMjSzAi48++wATdZJBHSMRUglQiX7zZwu1gl8tvn+uRr6R7ZFZdBlKSaE7vu41+k5 Jb7QfcKUunhtcrTxzMfjgBb8VOPGqJnNRiA49VHassYfyYvfjYlN+rb41CWEQ9nJwAGN3Ns1/cR 8te83jFnXmloGkxnrasj0S1GKXe4jUXtq X-Google-Smtp-Source: AGHT+IH5SBpkVu16UrwUXGB277v+OXuJbFLj21IH8FU8jVfnMFq+cBM3PPB90wB16oPa9iIZanRWnA== X-Received: by 2002:a17:903:24c:b0:234:9094:3fb1 with SMTP id d9443c01a7336-23f981afcb2mr126281075ad.35.1753400236613; Thu, 24 Jul 2025 16:37:16 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:16 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:58 -0700 Subject: [PATCH 05/11] riscv: enable landing pad enforcement Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-5-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Enables landing pad enforcement by invoking a SBI FWFT call. Signed-off-by: Deepak Gupta --- arch/riscv/kernel/asm-offsets.c | 1 + arch/riscv/kernel/head.S | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offset= s.c index e4d55126dc3e..e6a9fad86fae 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -536,6 +536,7 @@ void asm_offsets(void) DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); + DEFINE(SBI_FWFT_LANDING_PAD, SBI_FWFT_LANDING_PAD); DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); #endif } diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 9c99c5ad6fe8..59af044bf85c 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -185,6 +185,16 @@ secondary_start_sbi: 1: #endif scs_load_current + +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_KERNEL_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_LANDING_PAD + li a1, 1 /* enable landing pad for supervisor */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall /* check for error condition and take appropriate action */ +#endif + call smp_callin #endif /* CONFIG_SMP */ =20 @@ -359,6 +369,15 @@ SYM_CODE_START(_start_kernel) #endif scs_load_current =20 +#if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_KERNEL_CFI) + li a7, SBI_EXT_FWFT + li a6, SBI_EXT_FWFT_SET + li a0, SBI_FWFT_LANDING_PAD + li a1, 1 /* enable landing pad for supervisor */ + li a2, SBI_FWFT_SET_FLAG_LOCK + ecall /* check for error condition and take appropriate action */ +#endif + #ifdef CONFIG_KASAN call kasan_early_init #endif --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91FD2246BC1 for ; Thu, 24 Jul 2025 23:37:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400242; cv=none; b=KSE01iPzTXBWcMP7M5Kid0RxIEyr/QO8JBQBCt0PeF1QWO6qn4RRqOyoxXktCEjDqHERS9cYcJViFsAINTujgjStJrozl5AWpLKon9NusVSldzXrLV5L9JynLNe2HY4dZIzxvUPRzg1/jlQpB3P34p5Vbj6jKeRtcTH/QUGZGKU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400242; c=relaxed/simple; bh=oxNgSu2OIKAiuhRCFS+U6NWNOSDM8tRYi8GHDM6kfVQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=JPMiX4I2PYMJYTc7dNOqpt5GZn8fmN/5kkTYpMeI1Lpx9hjJg8OnSxKE2iWCL4XPfowDt16WkbRCYCZCtFimmMUMWJKKLv+4qO3+QxPFx+kbCy/XgDYJ/fW/WTih2oydKs0sjgiS8qWwONu7R71Tq2sa6JeqSVwy/QyadrV7FOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=B+lAwPkB; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="B+lAwPkB" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-235ea292956so14161065ad.1 for ; Thu, 24 Jul 2025 16:37:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400239; x=1754005039; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=WOl3Nqiah3DIFqJnwAEdiPuuEwqhP+r/KN32JLcNnyU=; b=B+lAwPkBWC1vr4rfEHb+nyWMDXfz6svgh9m23gOWMSCHoa+hbE5+acwl9fuTn7LpE6 CueibIrDdKj13kAWWLIYlFFqisFJnTWZfhZCDrDhKG4P8/kGMbiqR3NnwcYLfrxInRFt UWwej4k+ntBhp+dieO8aFAqWUwXJNkXBHiC+zYg8xDym6LnV9U8JknCm/Tl9gqcbvMsa UYUGRTJk/AIT8YpU5WAwrG/c4tc6z8RMnVyPeLwoIoTiagdgQebvKGOhaeVD0lHchJmt o7bLkaEfWyz6z3YTZ5I7KDVFc9z1BwAkxvQmYcAF24/8ILYSpU/JmP21x/n3KAlfXtzI hqvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400239; x=1754005039; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WOl3Nqiah3DIFqJnwAEdiPuuEwqhP+r/KN32JLcNnyU=; b=FjEdCHTMQSiiclIG5O+d5/3atJTPZ6E1+mPFuiLVWe27RGw8SAV/5k2zNX5hs8ePY9 zcAIiWF6mZJ6KOBdhuNc3plWHktqg5Vt/mn7yHhw5x8IkhyEOUklMNq7iboOzmO9icor cCRq6moaw5XBp8PeKiiRQ7zvT/D6jNEupwY39vqg3quBRlDm3eYOQp4C2sg+FcF/uhfk 1fPbaBo6+w6wGkju17F0pm7bxGKV7oDEGmD18PFhOOHeJ0t8zUxcrUfHO+9ksQXuX670 PFEoiKvhvj1gusIi5UH+YEi/McvXNZgkMd6KMvaAEc/6ek5jJuFUL9bAXOzupEl4cYnU GRlg== X-Forwarded-Encrypted: i=1; AJvYcCVb+EGrkYbReBtNbQ6vo3enGYv8XecvjFbjW5Fp5PZIrq2LaqJRyojNSO90PzxBDpa2UOLB3w/ZtDw5hc0=@vger.kernel.org X-Gm-Message-State: AOJu0YxUZGAuwNAvGhnPubCMGZ+7PUgARiHYaSG0UX4im9k5HpXjcQiX HvTXWI8DL64igKtr5TsZcdFktM6NInl7fOOFbeFzJrG3BksELDlOfYRJGk8cDO87TaY= X-Gm-Gg: ASbGnctiMvdFOjOqVbLwq9QDeSae8b4uLsfkwJlAPs0gttcofyBQ9W7x6YVW4Ix17EB HM6LnQ2crZfDM1v9PBZXcLOEltqgTJiUqZuUJYLDrKqZrCV+qCXiWppCJ5a253CPH5GgxgSe8zI idLwYtiDJrWTxpWEwtYVzGMh4HLaUnjPTFYY8vzznv0Nm4etc+femyT1Dkb5/SJTAUprWRGE96N 8HpFd1HN55FenuNI8wiTkdXArzmXk0CueopxN0FlD0kLmPr9MPakBc4/fqF1feBRpEeoFjF8wE7 zv+AzHYixGRAbXTA352dnpzh2BPaW1AQLqJN5JxiiJinnIQa3shmVYNExY3dwWYDsolfm6WPxAa 5Sd347l3jwau5DCNaCEtO0m4jaS2DH5Zz X-Google-Smtp-Source: AGHT+IGSQSNsbZMV3011ClnOwbU01lkESEFEILFi40CGgrviIgB/I9wMU9rWnehZSismvHPpuGcGoQ== X-Received: by 2002:a17:902:d501:b0:235:e71e:a37b with SMTP id d9443c01a7336-23f981aed8emr123582705ad.34.1753400238919; Thu, 24 Jul 2025 16:37:18 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:18 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:36:59 -0700 Subject: [PATCH 06/11] mm: Introduce ARCH_HAS_KERNEL_SHADOW_STACK Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-6-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 commit bcc9d04e74 ("mm: Introduce ARCH_HAS_USER_SHADOW_STACK") introduced `ARCH_HAS_USER_SHADOW_STACK`. Introducing `ARCH_HAS_KERNEL_SHADOW_STACK` so that arches can enable hardware assistance for kernel shadow stack. If `CONFIG_DYNAMIC_SCS` or `CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK` are selected, skip compiler flag `-fsanitizer=3Dshadow-call-stack`. Signed-off-by: Deepak Gupta --- Makefile | 2 +- mm/Kconfig | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 35e6e5240c61..7e3ecca9353d 100644 --- a/Makefile +++ b/Makefile @@ -987,7 +987,7 @@ LDFLAGS_vmlinux +=3D --gc-sections endif =20 ifdef CONFIG_SHADOW_CALL_STACK -ifndef CONFIG_DYNAMIC_SCS +ifeq ($(or $(CONFIG_DYNAMIC_SCS),$(CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK)),f= alse) CC_FLAGS_SCS :=3D -fsanitize=3Dshadow-call-stack KBUILD_CFLAGS +=3D $(CC_FLAGS_SCS) KBUILD_RUSTFLAGS +=3D -Zsanitizer=3Dshadow-call-stack diff --git a/mm/Kconfig b/mm/Kconfig index 781be3240e21..f295ea611cdb 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1367,6 +1367,12 @@ config ARCH_HAS_USER_SHADOW_STACK The architecture has hardware support for userspace shadow call stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). =20 +config ARCH_HAS_KERNEL_SHADOW_STACK + bool + help + The architecture has hardware support for kernel shadow call + stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). + config ARCH_SUPPORTS_PT_RECLAIM def_bool n =20 --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02873247296 for ; Thu, 24 Jul 2025 23:37:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400243; cv=none; b=hjXX9xSj3z3yhylTATDcVmCWdlr6zF4dhS/GwE4o4y00lwr7nDiYyN47aZG85vlFsAsaL7mXsg8jkgrhsUU3ECQjaiBxXPkSeHLboH3fyF/Kv5pqnkBFim97n+rflpvmkjGVdpRXutVIezqzIaBya9xxAxn1dCDvH0WbR7422ng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400243; c=relaxed/simple; bh=NgW9QCO8Pafn6dRlZF7K76jleyDt5hjCF27uUi1KY9Q=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=TZRQoC+adTboSMbHVqd6cgaRpX/YemU/IN7Z+XLadOvvJCH/1d2iYfEE+oTagxBrCMp9DNmCWt+aYnXxxI73KiNUfPVDfBse1QZsM8wkzTnJQqR3ZNop0Pv7RSZS6QraTGPTfi/7XJEN4A2mDRMGqfv84ZkFr+XM8AvE4ne8vuQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=FnNunbi6; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="FnNunbi6" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-234c5b57557so13632885ad.3 for ; Thu, 24 Jul 2025 16:37:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400241; x=1754005041; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=yl+fpaUgVvAgmSBmN0Uf0wW/gDpMMKoNCvx2z4Q9Om8=; b=FnNunbi61GteEJNcipCLaMfLAkbylfTu4Mwmu2m6HOIMmNv6/qvM28KqM2gPF5GW3u vQ5wPCT9o+ayYHg/OU1JrE3PfgpA4wz/hXi7Rla77zQdTZxcTN/0ga0xPWzT2jC1S/oR Z6iXv3dsPeFXOYqeQeafSeUaAuivNFYve09+oLWem4wcVDNzrNOXFgRIiwNmOMFBXhXX Gle2JynBBETtnP/ybieu2Uzej579EVBTr5mryBiMznWEmK7dxoSBN1TDdXIyfnTwb6G9 q05BA3eXjC2v0k7bMlaO/BtG57zSKXS6AwoCDLTrDu/ADL38Xn/PuzX0m9KVsGYpn+yj 0F/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400241; x=1754005041; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yl+fpaUgVvAgmSBmN0Uf0wW/gDpMMKoNCvx2z4Q9Om8=; b=RTOQQPNFiC004j4Lg3rX1BNcmUmUmtIwwcScBsDUqreflKtKr9HZU6nUyHKNPOTFtR MwMMrZHuOnOa7qrIFj2iycN5ARn5Hjo3vn2UtYfnZhKPwCFY7xNNjPNU4TVQqvoxw8wU BKN7Bv0E3pWGahO8sJYAgcWp+2rwnQcBtxbabYKWu43a/nEv1QrJa58dlX0tK/oqHYlI iMaM+hkwUKPl8htHN5qtNbI1/qo2wOOtyqcXsU9bfLCu7zsGRHVrKoFzbZroXdrznix0 FEQFCjLLIzMzZG3zA7BcFluWKDrCUYHk/CZeuOULCy2YDSTbNwGg/hEFtZe+km1iHqw1 wOEw== X-Forwarded-Encrypted: i=1; AJvYcCXXM4gDJnOz/ukrUK57xZinAxtixrW5uZC8isOKnHvF0Q0nm6HcQ2KCF4eEr5e2P2zFGKL+4BjhxrB1aSM=@vger.kernel.org X-Gm-Message-State: AOJu0YzFMeLUh7Yg5A1tp/KC8vqugNzt0wijLyzar69jGmEgTKca8qtw ZtIeEBvxWnld0q/2sTHRWD6rtv+UwCfGrLT+hIzBoAq6EnHwtV1DxMPA1lEobuSM0tg= X-Gm-Gg: ASbGncv6lOFHLc6FXvNZ06FyvkTVgxFLODzEZQXb1996EiF4zu/6W1aXsaOqUIAiTmr opMMn8ujmjMMn7DXBMrZC5prsxk56CS1slvTDdRCVbrwpf0xeRZp3BAFzNtN71miseMSkFT8bC2 O4ODj5pXdSmMWugolcQsAUgUM+Ix1SucbW5pd6slLbTrPECltQ+7Od57ZLaJxen3nNrvrnVoCoJ OlUy/g2Lh68Kj8peSwYaCUvq2rkvMFboZPpQEKaaw+Vmw3vzM0WefhrrKQFdWg8mFupCtTEHK1r zpxcgcmTBUvM6PCxXRpjg2fHxPCTBih9qiXDp7gEQkphoNpRv8TQOe9NlJ0032vXefMlBQmymWr xJsP++s/RGnhcNycWW1c4itIhN+Q+PhkH X-Google-Smtp-Source: AGHT+IEFvddaBDkybC2q7ob0zwYNRuGaOi2n4X57ciJYKI00Yd6EYfDqXnoJ8jUoGCKUz8NAesStww== X-Received: by 2002:a17:902:fc48:b0:23f:8df8:e7b1 with SMTP id d9443c01a7336-23f9820d012mr133037965ad.32.1753400241217; Thu, 24 Jul 2025 16:37:21 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:20 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:37:00 -0700 Subject: [PATCH 07/11] scs: place init shadow stack in .shadowstack section Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-7-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 If compiled scs and arch kernel shadow stack support, place shadow stack in `.shadowstack` section. Signed-off-by: Deepak Gupta --- include/linux/init_task.h | 5 +++++ init/init_task.c | 12 ++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/include/linux/init_task.h b/include/linux/init_task.h index bccb3f1f6262..a2569cc5a7ff 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -40,4 +40,9 @@ extern struct cred init_cred; /* Attach to the thread_info data structure for proper alignment */ #define __init_thread_info __section(".data..init_thread_info") =20 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK +/* init shadow stack page */ +#define __init_shadow_stack __section(".shadowstack..init") +#endif + #endif diff --git a/init/init_task.c b/init/init_task.c index e557f622bd90..e21af9db5c09 100644 --- a/init/init_task.c +++ b/init/init_task.c @@ -54,10 +54,18 @@ static struct sighand_struct init_sighand =3D { }; =20 #ifdef CONFIG_SHADOW_CALL_STACK -unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] =3D { +unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + /* shadow stack must go in special section */ + __init_shadow_stack =3D { + [0] =3D SCS_END_MAGIC +}; +#else + =3D { [(SCS_SIZE / sizeof(long)) - 1] =3D SCS_END_MAGIC }; -#endif +#endif /* CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK */ +#endif /* CONFIG_SHADOW_CALL_STACK */ =20 /* * Set up the first task table, touch at your own risk!. Base=3D0, --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 349F12475CD for ; Thu, 24 Jul 2025 23:37:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400245; cv=none; b=mhtjKv+ZrotWHDnOUwywbiLl1qsPFn2fgtUm2oNnvkmmTiEB5T73nP3snqvdtaMWy9Hkhn4SYij0nLqxs7m8oxx5Ir6qcsVfU3eE5/uMCvpJvdGiTpToHStLhfVwshcmbiZdcVReXcKOnv5jYOmjyshA7GQzXF+soc/FH0VJkjc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400245; c=relaxed/simple; bh=EW2PkKQb8PALH7VHtcvoMjflrjhMoi4wOo8ufNW8w7o=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=CBJ1LTgA4OsT6nPZ+mxRZ1wuWT8P/CEVXq023zZB397v7LsJvO6gAA+LJjnWUpuYjPiMUgijrrnB8bMliSAO5S5/EiptE3XuwM8uz/6o/O++XIsRTN2eHM1ZWjvJMbWPAj1I+kwW9W3gACN2mP5E3PEhgmI0bZs400UZgcMNML8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=1ESIE0d8; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="1ESIE0d8" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-23c8f179e1bso17967215ad.1 for ; Thu, 24 Jul 2025 16:37:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400243; x=1754005043; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=pn/2JSdO71rXzNO2stWjtKSzEMWnL5mCAakTnDwVXrM=; b=1ESIE0d8zjjkmP0gmA/Sb0x8jTV1sAoTbFKu2nmt+9l+bo158xRmYU3CoxivWZLCHb PgIUsW2Mq0wfNkUDNHN++FVUD70CfjmTniqRPHhMNtxBfZo+W8CGoroMJHLZVkFC76D0 0ODr1M69kerovbB4KaBlmJzYXIuRIYn3AaCyjdWU7JRymcIViesE4aYiwAjJZoMDcEzp JM5DSS0HhniKmUg8JKhr1+M8xwIGFTn3OrU3eP6HGqMNZX900rhLLmA5o9huXB3NRK7c 6WY5bkrfuxYUKmWrRxTMPCs4BSEDqSlBYbKQlC+5P7FYcfIOYbslQaYFvBzuSMQ4mhOC SKnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400243; x=1754005043; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pn/2JSdO71rXzNO2stWjtKSzEMWnL5mCAakTnDwVXrM=; b=disF2FE/vaxZ1yrrTS3UweN89El0jDFS99JpEhuTt/V/xWLPozDw/qeYfHmG2dbO79 rx0+Sa2G8Y/zSuG0d64FSEKyPyedvyGhVwljt8B2y7WfGzWre9hermTye6pPeDlrJqbr 08c4rx/emv8HfT+JNt41PA3hjf3+/2dU/Ccuv3aBA7Nkr6vcbbZl9M6l/ynQJBrc7Qr1 zQhMTWsIeO7pfZu1PeMwYdF7J2ohurnrXHf7j6zUucYzB2cdmGgo4Q3NfxyQTOV9zXi8 x/lSw3VHewidmSz0E7btuzPDHihVJdQNcsJUKAN8UbZei6+yNTJydoSTgYd1GNkS6Pze GOGQ== X-Forwarded-Encrypted: i=1; AJvYcCVKEQ5w+ZrErmkY2H6ILRLSHTg3ASli91LPikHIpqRtScPbejUmEqLPE9snGmofC/DwEinLmcGomRF45Ic=@vger.kernel.org X-Gm-Message-State: AOJu0YwOGZf8qgPWKmENKZUh6feYkpnSRQ5qVMnDRLVIDygvHSZpStRG nMcKXbGMczMR6hC3S1AZ40mhXZygWg0YbA02hFwb5MgTDIqSPcB61o2GkNXQ+OtJEh8= X-Gm-Gg: ASbGncv/oOOcvQpRRp27WyQ/BU1dGvrMGm7FWrndfWqUCU2j/9WnjRbakSwabPZCyz8 pSB6biNC18ZgMKijL4BJ/E7P16jEBkDLhWG2d8GDgsRaGAuRPrFF8UIof4VRxZs75VO0UMx7XhT 33Lcc+ttfQgXsdQq6C6GIFOs9PUEURRoCbVPeu6EcN7d+G5lmD2l5Or7v5iaJ1n2u8ArC0Ls3DN uS467O1QAYbcBCecrDJeZ7R4EAZb3k+5dbLnjHAUFyTE++TdRwgiTbe4/bpMTNh3Lj+PsjFSpZb mTU22Qr0D417zBauxumgK5B3I05LCgzsOPtoZkN5iXyBUl2LFVZZHH+MWi2lSUi5PdLgFP78hqV Rnd+YEjU25OxvRq3YI/BfROaT6W7F2aSX X-Google-Smtp-Source: AGHT+IG/G30hZbdmg+vYLTFJ4nOwJXxTBe4ZWwYMeNmIug6yYy0RZhNu1ZgYT+kQPlkJisfs0XgYFA== X-Received: by 2002:a17:902:e54e:b0:235:ea29:28e9 with SMTP id d9443c01a7336-23f981b0a15mr141134525ad.38.1753400243473; Thu, 24 Jul 2025 16:37:23 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:23 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:37:01 -0700 Subject: [PATCH 08/11] riscv/mm: prepare shadow stack for init task Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-8-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 With CONFIG_SHADOW_CALL_STACK, shadow call stack goes into data section. CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK indicates hardware assisted shadow stack are used. Hardware assisted shadow stack on riscv uses PTE.R=3D0, PTE= .W=3D1 & PTE.X=3D0 encodings. Without CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK, shadow = stack for init is placed in data section and thus regular read/write encodings are applied to it. Although with CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK, they need= to go into different section. This change places it into `.shadowstack` sectio= n. As part of this change early boot code (`setup_vm`), applies appropriate PTE encodings to shadow call stack for init placed in `.shadowstack` section. Signed-off-by: Deepak Gupta --- arch/riscv/include/asm/pgtable.h | 4 ++++ arch/riscv/include/asm/sections.h | 22 ++++++++++++++++++++++ arch/riscv/include/asm/thread_info.h | 10 ++++++++-- arch/riscv/kernel/vmlinux.lds.S | 12 ++++++++++++ arch/riscv/mm/init.c | 29 ++++++++++++++++++++++------- 5 files changed, 68 insertions(+), 9 deletions(-) diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgta= ble.h index f04f3da881c9..bb80667d3c13 100644 --- a/arch/riscv/include/asm/pgtable.h +++ b/arch/riscv/include/asm/pgtable.h @@ -202,6 +202,10 @@ extern struct pt_alloc_ops pt_ops __meminitdata; #define PAGE_KERNEL_READ_EXEC __pgprot((_PAGE_KERNEL & ~_PAGE_WRITE) \ | _PAGE_EXEC) =20 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK +#define PAGE_KERNEL_SHADOWSTACK __pgprot(_PAGE_KERNEL & ~(_PAGE_READ | _PA= GE_EXEC)) +#endif + #define PAGE_TABLE __pgprot(_PAGE_TABLE) =20 #define _PAGE_IOREMAP ((_PAGE_KERNEL & ~_PAGE_MTMASK) | _PAGE_IO) diff --git a/arch/riscv/include/asm/sections.h b/arch/riscv/include/asm/sec= tions.h index a393d5035c54..ae7c6fcbaaeb 100644 --- a/arch/riscv/include/asm/sections.h +++ b/arch/riscv/include/asm/sections.h @@ -14,6 +14,10 @@ extern char __init_data_begin[], __init_data_end[]; extern char __init_text_begin[], __init_text_end[]; extern char __alt_start[], __alt_end[]; extern char __exittext_begin[], __exittext_end[]; +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK +extern char __init_shstk_start[], __init_shstk_end[]; +#endif +extern char __end_srodata[]; =20 static inline bool is_va_kernel_text(uintptr_t va) { @@ -31,4 +35,22 @@ static inline bool is_va_kernel_lm_alias_text(uintptr_t = va) return va >=3D start && va < end; } =20 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK +static inline bool is_va_init_shadow_stack_early(uintptr_t va) +{ + uintptr_t start =3D (uintptr_t)(kernel_mapping_pa_to_va(__init_shstk_star= t)); + uintptr_t end =3D (uintptr_t)(kernel_mapping_pa_to_va(__init_shstk_end)); + + return va >=3D start && va < end; +} + +static inline bool is_va_init_shadow_stack(uintptr_t va) +{ + uintptr_t start =3D (uintptr_t)(__init_shstk_start); + uintptr_t end =3D (uintptr_t)(__init_shstk_end); + + return va >=3D start && va < end; +} +#endif + #endif /* __ASM_SECTIONS_H */ diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/= thread_info.h index e066f41176ca..5bcc62cf5a0a 100644 --- a/arch/riscv/include/asm/thread_info.h +++ b/arch/riscv/include/asm/thread_info.h @@ -79,12 +79,18 @@ struct thread_info { }; =20 #ifdef CONFIG_SHADOW_CALL_STACK +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK #define INIT_SCS \ - .scs_base =3D init_shadow_call_stack, \ + .scs_base =3D init_shadow_call_stack, \ + .scs_sp =3D &init_shadow_call_stack[SCS_SIZE / sizeof(long)], +#else +#define INIT_SCS \ + .scs_base =3D init_shadow_call_stack, \ .scs_sp =3D init_shadow_call_stack, +#endif /* CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK */ #else #define INIT_SCS -#endif +#endif /* CONFIG_SHADOW_CALL_STACK */ =20 /* * macros/functions for gaining access to the thread information structure diff --git a/arch/riscv/kernel/vmlinux.lds.S b/arch/riscv/kernel/vmlinux.ld= s.S index 61bd5ba6680a..e65c0c099ed0 100644 --- a/arch/riscv/kernel/vmlinux.lds.S +++ b/arch/riscv/kernel/vmlinux.lds.S @@ -129,6 +129,18 @@ SECTIONS *(.srodata*) } =20 + . =3D ALIGN(SECTION_ALIGN); + __end_srodata =3D .; + +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + .shadowstack : AT(ADDR(.shadowstack) - LOAD_OFFSET){ + __init_shstk_start =3D .; + KEEP(*(.shadowstack..init)) + . =3D __init_shstk_start + PAGE_SIZE; + __init_shstk_end =3D .; + } +#endif + . =3D ALIGN(SECTION_ALIGN); _data =3D .; =20 diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 1af3c0bc6abe..dba1cf3f8dfc 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -794,14 +794,22 @@ static __meminit pgprot_t pgprot_from_va(uintptr_t va) if (IS_ENABLED(CONFIG_64BIT) && is_va_kernel_lm_alias_text(va)) return PAGE_KERNEL_READ; =20 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + /* If init task's shadow stack va, return write only page protections */ + if (IS_ENABLED(CONFIG_64BIT) && is_va_init_shadow_stack(va)) { + pr_info("Shadow stack protections are being applied to for init\n"); + return PAGE_KERNEL_SHADOWSTACK; + } +#endif + return PAGE_KERNEL; } =20 void mark_rodata_ro(void) { - set_kernel_memory(__start_rodata, _data, set_memory_ro); + set_kernel_memory(__start_rodata, __end_srodata, set_memory_ro); if (IS_ENABLED(CONFIG_64BIT)) - set_kernel_memory(lm_alias(__start_rodata), lm_alias(_data), + set_kernel_memory(lm_alias(__start_rodata), lm_alias(__end_srodata), set_memory_ro); } #else @@ -959,14 +967,21 @@ static void __init create_kernel_page_table(pgd_t *pg= dir, static void __init create_kernel_page_table(pgd_t *pgdir, bool early) { uintptr_t va, end_va; + pgprot_t prot; =20 end_va =3D kernel_map.virt_addr + kernel_map.size; - for (va =3D kernel_map.virt_addr; va < end_va; va +=3D PMD_SIZE) + for (va =3D kernel_map.virt_addr; va < end_va; va +=3D PMD_SIZE) { + prot =3D PAGE_KERNEL_EXEC; +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + if (early && is_va_init_shadow_stack_early(va)) + prot =3D PAGE_KERNEL_SHADOWSTACK; +#endif create_pgd_mapping(pgdir, va, - kernel_map.phys_addr + (va - kernel_map.virt_addr), - PMD_SIZE, - early ? - PAGE_KERNEL_EXEC : pgprot_from_va(va)); + kernel_map.phys_addr + (va - kernel_map.virt_addr), + PMD_SIZE, + early ? + prot : pgprot_from_va(va)); + } } #endif =20 --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C9A6248F7C for ; Thu, 24 Jul 2025 23:37:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400247; cv=none; b=jcGilpQh2W2NzVEf6NCnHA+PrURGIzSdZAwXcU44Kt+ahXcDjs1gMaLs2baHBCB585IdmTF9EZOF1hynYeeddrSL5AK+BhiEYOWYHTlecY7X7QzaebDbNyJmmpf+hVsWxEZN4PLT/oUIv2zii0Y6FtdbXjm67cZS4rwT3xOKEdQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400247; c=relaxed/simple; bh=g8myJdAMdYL2MhaKnL63Vuez4fkKjNIq12NTzG9z8qA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RngKf0ayGOlxCulk9OYDYggU9njk6ePSbBmg+0esO/ieyo+dusoQzdZYbGbJjpvHN+oHeh3IVsOzo3arupUzDluQdMnh6AzMbEIlv/EKOI1hyT1SmQzfvCrVM/Ha9tihc8GOdn14Mu/8zYcoC7245EH21ace9bPI55NDZY/hXg4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=eO/rBZtL; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="eO/rBZtL" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-23649faf69fso12758745ad.0 for ; Thu, 24 Jul 2025 16:37:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400246; x=1754005046; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=cR/QY88sdxyw3B/3rrgSlLa8+7hhea91nQDWrYR/AlU=; b=eO/rBZtLJx0jFIyPeMhldXls+i7NMnkM4iHFtBbY9MdKNEHTCuUNKCZL/H6SxFVx1E HycbVsWfZ0lYGPwbbsU99pTpmA0KNQsLyZ9oc0XLMz+JKCkKjs+q95U9GySOizNGh4A1 VZVCGzM75h9kuNcGHNZclUZe/dsvDp+NhrmuIoEcOWVLZhK+/f9MhujzrajWwUcH1S66 bW70pHU7mlaZ1xlplem6jmG9V5OqWlsRH1dgf657mlvQvMBPYC7mFu2MtVKKsQAqwp5B EmqUsO0/2oEBhobae95VDuy3qkI9XWBdGo8Mpmpb04CUrPxFNc1Aj2Z35XqGscCNmZac s2hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400246; x=1754005046; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cR/QY88sdxyw3B/3rrgSlLa8+7hhea91nQDWrYR/AlU=; b=ufrZWRCv+pIxOTWFDihFV4nGEbYRRKUqDgBkmEsJfIb8pUGBtd+4PuT5cVyJOjFNmC 4Pw/Hon8oL9VYne3hK0sioghWMVHIhn7H4ZTBS50yFP7VYVuAvpoQvEgF2GiE2FFnKVL JAqGMtuzwcughpvcP54DR/3TMbKEWXg++dGdaSgxR/ze69sCFPU7DZUeEnhSZ/LAGHJ9 bOjm6V/IMGGufdiumOQo1k3yj5/lEwpPuaX/P0RvkYWHKGM8foT5Jgi7fb+N7a1Il/j5 wvaBkwBcJCz2cUeOjA461V+Rus8Snoxc57XnSRmUHkjcr0z5N8t4Us9PbwpWfCut/bom Dnag== X-Forwarded-Encrypted: i=1; AJvYcCVG4lJZvMfN0zCm7fO8PPqtPasLi5l6WT0FCVsCEPZyHPghVMeYJ86gjpYu63oPPcRW6+Yvc2Ij3gRksDE=@vger.kernel.org X-Gm-Message-State: AOJu0YywQa1Rh2XItWt/ifx77r+j6VOZjw7Nt7CwzWJCPL941ZGN8bE/ KPCbnkHrWVuKQcNIHbuSvwsGV04X6gabWuA01Wh62zy/xqhZWxuOQCWS4lWoldJJjBg= X-Gm-Gg: ASbGncu3IoSkxxvZ5dGrhQ63XhgCd04dG+CqltOWt4uVVA8/xOQcWduBBkuU8LXBEhD TfRUkZ9u1aTZsvO8VnuicYSdRljcyztewQUud/K4PW0oipGdHqQ2bxvmnAHqRXx4TOYXx9HsXSh rFT5pfvNrhNxc8j9faKHMliR8jcDEvh/imTvZUqcvGBeJDApLPIQ9FpqcZ59AsMMT1JKQX7Tlhs ipj6qU2pZD9VsWyAZoOkKHgzx7B2WHx580PNzpenDxOGExA56kWwKmweHIatIxbH5RGJsiRYW1J M+wH4hUQLXNOg1QIv57ZXAOVQAMNpQMKFtdBZ4L0Yj/FBV58o8a5P712sGXXgm6BH/GugK9lc// kK0Y/kpzXatFY+pdrLr9Z4P7t5K89HZRN X-Google-Smtp-Source: AGHT+IFpPmZfsrgw5MGLmfyvQ9TeyCoMqEZ9ePbdOyQJB+JX01/i58SgR22VLSNFSyWsuZBztHnwLA== X-Received: by 2002:a17:902:ce01:b0:235:1706:2002 with SMTP id d9443c01a7336-23f98083375mr117426355ad.0.1753400245784; Thu, 24 Jul 2025 16:37:25 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:25 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:37:02 -0700 Subject: [PATCH 09/11] riscv: scs: add hardware shadow stack support to scs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-9-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Adding support for hardware support for shadow call stack on riscv. This patch enables scs_* macros to use zicfiss shadow stack pointer (CSR_SSP) instead of relying on `gp`. Since zicfiss based shadow stack needs to have correct encoding set in PTE init shadow stack can't be established too early. It has to be setup after `setup_vm` is called. Thus `scs_load_init_stack` is noped out if CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK is not selected. Adds `arch_scs_store` that can be used in generic scs magic store routine. Signed-off-by: Deepak Gupta --- arch/riscv/include/asm/asm.h | 2 +- arch/riscv/include/asm/scs.h | 48 +++++++++++++++++++++++++++++++++++-----= ---- arch/riscv/kernel/entry.S | 14 ++++++------- arch/riscv/kernel/head.S | 4 ++-- 4 files changed, 49 insertions(+), 19 deletions(-) diff --git a/arch/riscv/include/asm/asm.h b/arch/riscv/include/asm/asm.h index a8a2af6dfe9d..256aff523dd4 100644 --- a/arch/riscv/include/asm/asm.h +++ b/arch/riscv/include/asm/asm.h @@ -110,7 +110,7 @@ REG_L \dst, 0(\dst) .endm =20 -#ifdef CONFIG_SHADOW_CALL_STACK +#if defined(CONFIG_SHADOW_CALL_STACK) && !defined(CONFIG_ARCH_HAS_KERNEL_S= HADOW_STACK) /* gp is used as the shadow call stack pointer instead */ .macro load_global_pointer .endm diff --git a/arch/riscv/include/asm/scs.h b/arch/riscv/include/asm/scs.h index 0e45db78b24b..e70e6ef14bc5 100644 --- a/arch/riscv/include/asm/scs.h +++ b/arch/riscv/include/asm/scs.h @@ -9,46 +9,76 @@ =20 /* Load init_shadow_call_stack to gp. */ .macro scs_load_init_stack +#ifndef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK la gp, init_shadow_call_stack XIP_FIXUP_OFFSET gp +#endif .endm =20 /* Load the per-CPU IRQ shadow call stack to gp. */ -.macro scs_load_irq_stack tmp +.macro scs_load_irq_stack tmp tmp1 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + load_per_cpu \tmp1, irq_shadow_call_stack_ptr, \tmp + li \tmp, 4096 + add \tmp, \tmp, \tmp1 + csrw CSR_SSP, \tmp +#else load_per_cpu gp, irq_shadow_call_stack_ptr, \tmp +#endif .endm =20 /* Load task_scs_sp(current) to gp. */ -.macro scs_load_current +.macro scs_load_current tmp +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + REG_L \tmp, TASK_TI_SCS_SP(tp) + csrw CSR_SSP, \tmp +#else REG_L gp, TASK_TI_SCS_SP(tp) +#endif .endm =20 /* Load task_scs_sp(current) to gp, but only if tp has changed. */ -.macro scs_load_current_if_task_changed prev +.macro scs_load_current_if_task_changed prev tmp beq \prev, tp, _skip_scs - scs_load_current + scs_load_current \tmp _skip_scs: .endm =20 /* Save gp to task_scs_sp(current). */ -.macro scs_save_current +.macro scs_save_current tmp +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + csrr \tmp, CSR_SSP + REG_S \tmp, TASK_TI_SCS_SP(tp) +#else REG_S gp, TASK_TI_SCS_SP(tp) +#endif .endm =20 #else /* CONFIG_SHADOW_CALL_STACK */ =20 .macro scs_load_init_stack .endm -.macro scs_load_irq_stack tmp +.macro scs_load_irq_stack tmp tmp1 .endm -.macro scs_load_current +.macro scs_load_current tmp .endm -.macro scs_load_current_if_task_changed prev +.macro scs_load_current_if_task_changed prev tmp .endm -.macro scs_save_current +.macro scs_save_current tmp .endm =20 #endif /* CONFIG_SHADOW_CALL_STACK */ #endif /* __ASSEMBLY__ */ =20 +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK +#define arch_scs_store(ss_addr, magic_val) do { \ + asm volatile ("ssamoswap.d %0, %2, %1" \ + : "=3Dr" (magic_val), "+A" (*ss_addr) \ + : "r" (magic_val) \ + : "memory"); \ + } while (0) +#else +#define arch_scs_store(ss_addr, magic_val) do {} while (0) +#endif + #endif /* _ASM_SCS_H */ diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S index 3f0890b9c0b9..800a5ab763af 100644 --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@ -199,7 +199,7 @@ SYM_CODE_START(handle_exception) load_global_pointer =20 /* Load the kernel shadow call stack pointer if coming from userspace */ - scs_load_current_if_task_changed s5 + scs_load_current_if_task_changed s5 t0 =20 #ifdef CONFIG_RISCV_ISA_V_PREEMPTIVE move a0, sp @@ -260,7 +260,7 @@ SYM_CODE_START_NOALIGN(ret_from_exception) REG_S s0, TASK_TI_KERNEL_SP(tp) =20 /* Save the kernel shadow call stack pointer */ - scs_save_current + scs_save_current t0 =20 /* * Save TP into the scratch register , so we can find the kernel data @@ -382,8 +382,8 @@ SYM_FUNC_START(call_on_irq_stack) addi s0, sp, STACKFRAME_SIZE_ON_STACK =20 /* Switch to the per-CPU shadow call stack */ - scs_save_current - scs_load_irq_stack t0 + scs_save_current t0 + scs_load_irq_stack t0 t1 =20 /* Switch to the per-CPU IRQ stack and call the handler */ load_per_cpu t0, irq_stack_ptr, t1 @@ -393,7 +393,7 @@ SYM_FUNC_START(call_on_irq_stack) jalr a1 =20 /* Switch back to the thread shadow call stack */ - scs_load_current + scs_load_current t0 =20 /* Switch back to the thread stack and restore ra and s0 */ addi sp, s0, -STACKFRAME_SIZE_ON_STACK @@ -440,7 +440,7 @@ SYM_FUNC_START(__switch_to) REG_S s0, TASK_THREAD_SUM_RA(a3) =20 /* Save the kernel shadow call stack pointer */ - scs_save_current + scs_save_current t0 /* Restore context from next->thread */ REG_L s0, TASK_THREAD_SUM_RA(a4) li s1, SR_SUM @@ -463,7 +463,7 @@ SYM_FUNC_START(__switch_to) /* The offset of thread_info in task_struct is zero. */ move tp, a1 /* Switch to the next shadow call stack */ - scs_load_current + scs_load_current t0 ret SYM_FUNC_END(__switch_to) =20 diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 59af044bf85c..366e15a9280a 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -184,7 +184,7 @@ secondary_start_sbi: REG_S a0, (a1) 1: #endif - scs_load_current + scs_load_current t0 =20 #if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_KERNEL_CFI) li a7, SBI_EXT_FWFT @@ -367,7 +367,7 @@ SYM_CODE_START(_start_kernel) REG_S a0, (a1) 1: #endif - scs_load_current + scs_load_current t0 =20 #if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_KERNEL_CFI) li a7, SBI_EXT_FWFT --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8DD924BBF0 for ; Thu, 24 Jul 2025 23:37:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400250; cv=none; b=ZFcNV/mvW9kTLSx+6CNJSpEfnkRZT8H0BuYPF/pcaI5pihDpR/8Jrk+9q9VawRdjXeDLfOJQkAGVLOlj+O9tA9Qb6pK+VzTuUosF0vcRVnZ1iPszb5wp23W8c19mSf4zmyMPTIUdyh1PMExsjFZ/T0w172Dck8SOt/n+wSqFQJo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400250; c=relaxed/simple; bh=r7Hy9gi7nORQZAig+hEOF4zSbnrKY8DTDlN8xa1//dY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hf0dOWxTcfSBe2xoGx7WFwC+sSbHaPXzggbkVY5N71GA18os/mjSsIbnQRV1DRcxec2XsMcJBmHcxgp/JNtdC1U9v30p0mx4/JR3wk3FDdHRjzhJ2m+L2GjdqbaFHcdhPEhaP+bMmh13t9OdYcCnYOUX+ff/HdJeb6UxIR+LRvE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=GslRK5w3; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="GslRK5w3" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-23f8d27eeeaso14503555ad.2 for ; Thu, 24 Jul 2025 16:37:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400248; x=1754005048; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jnGfibRKNEJZsKsgrkgY/LkGeimQVZTGPU49pFGQkew=; b=GslRK5w3A5VPITfKTcs1Y0VMhzzTotPcnnaZNc+hTl/KSJeRVW51yuIh9/kVMZL7sA svc/LWdXagnMmbPTDkN97UvPntZI7r+EmlnE9jAfhpheGotpTqmzKuOc8Ieu24DayM0o 2ELSjMs0b0wBmEuMgBjzNiGzkzrJdJ7PyyU/mVQKBLEzJzmsJkkK9+ATEX+Ez9tt32C+ IQD+GFpFnmWRru8C60q7TjwPxlZpfiXUx2VjvHKtaxoJTroF2q3JNoH6Jk4vX8vv+3kr micXTQ42DI15nDxZFfF/2/11MsKTP3qnl0wqClnx+TjNoiX+qwkd1gc/vhBAjJfEbhdF 9tTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400248; x=1754005048; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jnGfibRKNEJZsKsgrkgY/LkGeimQVZTGPU49pFGQkew=; b=UdAOSglT66LTAI60sglBHwDN35wTKXSvFlXiiNdL+U2gA9PBFSVRCCDexfyBTBTkI+ dY+vACZ+iGrEfMvsNDF/UQVFVySHl6ktYorkKKbsveNYxgJdu49Clt0Gf/OaLCmKArYA devpe9U30RqzGlo/gNKbd4hqkEVngRKNePsC6HgLVEjER3HI1AGwCorWyrS18UCAtzVi wVX34g5JaZzI5xlI5Z+vAOifSpOgAVamdWWJUndxADfYIzUUdeDL/joo9rutOLeaVn19 HRvJQTUf51Hc3Xu1VGfoDZasv+mjxciTrGWjCBlsOn+J6SC/w2eVjDUNuCNNLakKx89X 7G2g== X-Forwarded-Encrypted: i=1; AJvYcCUD50NHi29f2M57tlYgGgWHPuNCd9IOkV1c4wPUWmSl4EqGp4oLOsD4mU/qy6tfwwNx/PTiUwBliiMFz8o=@vger.kernel.org X-Gm-Message-State: AOJu0YysD0xumKw42zd1HZmYm54Zv6o1VdyAvSrFpQ2qTIPb6X1RDvY/ ctNa+mKYnYrVaKO6MsQh+qcNfweikO2jTxrPQcNuan9+14OvFU5aikx6lbgeCbHtuek= X-Gm-Gg: ASbGncu+6yKGkVVcEyMkCkr+YleuqeCQA9GPp+SpzzKHk+tsOhgSSnNDEneSQw8MbX5 fQacJjf5EOkkedPfCxKVoNHRGKLSx9EG4j2MJ/b0KrZvYKzVSlZwYJXS/tgOjQegTb7Eyr7ulgD z9xHPXZuZBr0BhxlM3of2DvzC08Ki3+sL+fvRE9xKa7eh33TCvb1z3queu6qihSBJsD9BbQTi8v SYmCa9lv0cSI2gGYO+B0Bu5JOOs5seLdUXC621G3r19CtyXNmPg05VftlSLEXi/qM5Z+oA8zDMt EPow9Yth47t/eVUy/QMGZfewB2nyDAXDQUaYIFp4kfTtqplUwA1R85Fz+ea2trUmFwvHbSL/biq OAUlSZjMOfr0HpAWqGUtn1GFwlnQa9JhR X-Google-Smtp-Source: AGHT+IGkF9wRjCt3t8wgcEzoS0u0I/CZsVHEJO+NVtX/XmjUgLckj9jfIg2rldjVpQc+NplTKJU2kw== X-Received: by 2002:a17:902:f707:b0:235:c781:c305 with SMTP id d9443c01a7336-23f981932f0mr136844375ad.24.1753400248250; Thu, 24 Jul 2025 16:37:28 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:27 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:37:03 -0700 Subject: [PATCH 10/11] scs: generic scs code updated to leverage hw assisted shadow stack Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-10-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 If shadow stack have memory protections from underlying cpu, use those protections. arches can define PAGE_KERNEL_SHADOWSTACK to vmalloc such shad= ow stack pages. Hw assisted shadow stack pages grow downwards like regular stack. Clang based software shadow call stack grows low to high address. Thus this patch addresses some of those needs due to opposite direction of shadow stack. Furthermore, hw shadow stack can't be memset because memset uses normal stores. Lastly to store magic word at base of shadow stack, arch specific shadow stack store has to be performed. Signed-off-by: Deepak Gupta --- include/linux/scs.h | 26 +++++++++++++++++++++++++- kernel/scs.c | 38 +++++++++++++++++++++++++++++++++++--- 2 files changed, 60 insertions(+), 4 deletions(-) diff --git a/include/linux/scs.h b/include/linux/scs.h index 4ab5bdc898cf..6ceee07c2d1a 100644 --- a/include/linux/scs.h +++ b/include/linux/scs.h @@ -12,6 +12,7 @@ #include #include #include +#include =20 #ifdef CONFIG_SHADOW_CALL_STACK =20 @@ -37,22 +38,45 @@ static inline void scs_task_reset(struct task_struct *t= sk) * Reset the shadow stack to the base address in case the task * is reused. */ +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + task_scs_sp(tsk) =3D task_scs(tsk) + SCS_SIZE; +#else task_scs_sp(tsk) =3D task_scs(tsk); +#endif } =20 static inline unsigned long *__scs_magic(void *s) { +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + return (unsigned long *)(s); +#else return (unsigned long *)(s + SCS_SIZE) - 1; +#endif } =20 static inline bool task_scs_end_corrupted(struct task_struct *tsk) { unsigned long *magic =3D __scs_magic(task_scs(tsk)); - unsigned long sz =3D task_scs_sp(tsk) - task_scs(tsk); + unsigned long sz; + +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + sz =3D (task_scs(tsk) + SCS_SIZE) - task_scs_sp(tsk); +#else + sz =3D task_scs_sp(tsk) - task_scs(tsk); +#endif =20 return sz >=3D SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) !=3D SCS_END_MAG= IC; } =20 +static inline void __scs_store_magic(unsigned long *s, unsigned long magic= _val) +{ +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + arch_scs_store(s, magic_val); +#else + *__scs_magic(s) =3D magic_val; +#endif +} + DECLARE_STATIC_KEY_FALSE(dynamic_scs_enabled); =20 static inline bool scs_is_dynamic(void) diff --git a/kernel/scs.c b/kernel/scs.c index d7809affe740..5910c0a8eabd 100644 --- a/kernel/scs.c +++ b/kernel/scs.c @@ -11,6 +11,7 @@ #include #include #include +#include =20 #ifdef CONFIG_DYNAMIC_SCS DEFINE_STATIC_KEY_FALSE(dynamic_scs_enabled); @@ -32,19 +33,31 @@ static void *__scs_alloc(int node) { int i; void *s; + pgprot_t prot =3D PAGE_KERNEL; + +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + prot =3D PAGE_KERNEL_SHADOWSTACK; +#endif =20 for (i =3D 0; i < NR_CACHED_SCS; i++) { s =3D this_cpu_xchg(scs_cache[i], NULL); if (s) { s =3D kasan_unpoison_vmalloc(s, SCS_SIZE, KASAN_VMALLOC_PROT_NORMAL); +/* + * If software shadow stack, its safe to memset. Else memset is not + * possible on hw protected shadow stack. memset constitutes stores and + * stores to shadow stack memory are disallowed and will fault. + */ +#ifndef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK memset(s, 0, SCS_SIZE); +#endif goto out; } } =20 s =3D __vmalloc_node_range(SCS_SIZE, 1, VMALLOC_START, VMALLOC_END, - GFP_SCS, PAGE_KERNEL, 0, node, + GFP_SCS, prot, 0, node, __builtin_return_address(0)); =20 out: @@ -59,7 +72,7 @@ void *scs_alloc(int node) if (!s) return NULL; =20 - *__scs_magic(s) =3D SCS_END_MAGIC; + __scs_store_magic(__scs_magic(s), SCS_END_MAGIC); =20 /* * Poison the allocation to catch unintentional accesses to @@ -87,6 +100,16 @@ void scs_free(void *s) return; =20 kasan_unpoison_vmalloc(s, SCS_SIZE, KASAN_VMALLOC_PROT_NORMAL); + /* + * Hardware protected shadow stack is not writeable by regular stores + * Thus adding this back to free list will raise faults by vmalloc + * It needs to be writeable again. It's good sanity as well because + * then it can't be inadvertently accesses and if done, it will fault. + */ +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + set_memory_rw((unsigned long)s, (SCS_SIZE/PAGE_SIZE)); +#endif + vfree_atomic(s); } =20 @@ -96,6 +119,9 @@ static int scs_cleanup(unsigned int cpu) void **cache =3D per_cpu_ptr(scs_cache, cpu); =20 for (i =3D 0; i < NR_CACHED_SCS; i++) { +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + set_memory_rw((unsigned long)cache[i], (SCS_SIZE/PAGE_SIZE)); +#endif vfree(cache[i]); cache[i] =3D NULL; } @@ -122,7 +148,13 @@ int scs_prepare(struct task_struct *tsk, int node) if (!s) return -ENOMEM; =20 - task_scs(tsk) =3D task_scs_sp(tsk) =3D s; + task_scs(tsk) =3D s; +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK + task_scs_sp(tsk) =3D s + SCS_SIZE; +#else + task_scs_sp(tsk) =3D s; +#endif + return 0; } =20 --=20 2.43.0 From nobody Mon Oct 6 04:56:04 2025 Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C29024DCF0 for ; Thu, 24 Jul 2025 23:37:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400254; cv=none; b=pKPgMLpjpgch37QfPzbaMUdCTsQKouc22rUfy0MPmWNCNwsWZg4iuqwQcgZGbbFdZpVZCy8IdjGYJEee5R+Hz+Z3owQ8n9TyDpF8r9b2Ed6/nUpajadJns36JIbyZHFND+C7R+fyNaXtB//0jk/9/freFhSqHcqVT0Lek4NZt2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1753400254; c=relaxed/simple; bh=vupMCP2fr0Cb/pZmxuFw4zZQjJXpTFO3J1Grnpowo0c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FFHf7dKHYsIGo6wxDNzuI/Clh9SYQgFb3bYRDQSQKUvIYfVIT+n6royPJMAZB/vc4lzsGIDsX+TZb88Byok/uVt8ItOK0I0xZPTBwnFGKRh5RDfReCMKcYhV228bapyCsQfFIAb8lxFI61V5C7xboLDMJ+aWOBB66XUEeozLlnY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=SWvXhcnw; arc=none smtp.client-ip=209.85.215.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="SWvXhcnw" Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-b31d489a76dso1696476a12.1 for ; Thu, 24 Jul 2025 16:37:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1753400251; x=1754005051; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=peHOF2kFTCg4ZjEHfH+NsYT+T4LY9ghqoCHBPY5quO0=; b=SWvXhcnwCObvj3bc0Yo7h+Q1IIpa0m/JSjtcUspgIn4m2FBu96Lry1w4SUMU41z6iY SyaT2d7rOgv3uMWJvxTyqGUxSHcS0xF1GQGNRMagJ3Bn26QRImKFia6uS/5Qin1bXrd6 8YQNl4vLIqAV0rOERoBdLlTA17AaTzziWNido/VWMGe1gTdkFOeYqRFQovZDwiX3OsSi pDPwHTGrGqpGCX806rSV0thZAEeCDljQR12pRL8NEO3PSw1hjmnp0z2ZKCzEWbJOe0WS fLrcsLt73nHeVr1HzMlDFWm4/P/jPYJFLTE5xRMfitr42ef9PdUSKp5H3zB3kCigZ1eg Br+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753400251; x=1754005051; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=peHOF2kFTCg4ZjEHfH+NsYT+T4LY9ghqoCHBPY5quO0=; b=ufKs7E1ELuv3ZiaE9QUBObFGNZ5G/GIUwTCfyfS8CybBMmwXV7VkOkrUGRb+k7SuZr zhbsS+Qen/G+Au7Ts4sR5ddMJrQCKFY0faK+X/Y6MHqwrm8+kv6Fdeq4Huor/0zS8riR koBdzTfUU1Fgr1xUjsFOM6Mcis/ZE4frsCE8aZv+voN1UMP2hwKFhTdxonhMXdS3HaeH ahTVDleH7j0aMumY1Yq8IXyGHuKg0sECcy7+k7iuzKQKpQ62zAMwHXIEC2QsnqE34Faa ZCf+u9gZgmEqc1W5gpLLJZtc2/niDw72U3SmDb7Blr3luoEOGGytfIcQGfYKw9NBtvDj IH5g== X-Forwarded-Encrypted: i=1; AJvYcCU65u68vKAZKxQ0GoqRjXkwT6WAke7IKQjUzFJRyXob4dXqfIRcV841AYCXAascXN2DjLqqJZ5U88HNQWQ=@vger.kernel.org X-Gm-Message-State: AOJu0YwbZfV9lsZUnKUAL+Ju7DGzUOSZIblrIqJ66XEJwqI7lTh/quhc LBznnugBrja1ix0GKKu0sg5H0/YOap5F7kxGtQhXGz0auYHmEFo16ifvghA4/xg2orw= X-Gm-Gg: ASbGnct14fvSNfBoiskYm6KWShYHnFQbIwyzRyyKuQo+jb27XdiqrXSC2ftP/S/cZ/k 3xMQPdSDQIZGkPGbTHHP99rU/+m2NsJyVC4PZB2ndWPmKBVnEKWgD2CJOfLIWW1UApKqw6Bqwo+ Z2XqOrKO7v6eWGRfaMOn+LqU0aMvlpS+PAs1YVCocSaXRUhr6gOugiy3nswAnUEU//kPkJ4kx12 KBjjKYIcJYUhwbaJn9uisi4AHmP2HPPs+kwgSaFuqmy+hrKIticQpJ+P7mrgopSgo6KusWzSvMk aA4hIHGRp4iiX83yQnO9WUHg3AS1ohfheWAlYPYwB3bjxU97eHyrxUUdy1tW4wSUcIsWqJKsrd0 QV2pzm+tHwlSBha7A+U3c2u5btfgSt0tihRsWsshCnIc= X-Google-Smtp-Source: AGHT+IHWiexaVwmMrfCesAYQvzzDEjUSkMZA8bOmNgM6tMD5UpaI8v8Bzd/POThkVi6Pt2HxfwQt4Q== X-Received: by 2002:a17:902:cece:b0:234:d431:ec6e with SMTP id d9443c01a7336-23f9813a90emr143907835ad.3.1753400250715; Thu, 24 Jul 2025 16:37:30 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23fa48bc706sm23598685ad.106.2025.07.24.16.37.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jul 2025 16:37:30 -0700 (PDT) From: Deepak Gupta Date: Thu, 24 Jul 2025 16:37:04 -0700 Subject: [PATCH 11/11] riscv: Kconfig & Makefile for riscv kernel control flow integrity Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250724-riscv_kcfi-v1-11-04b8fa44c98c@rivosinc.com> References: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> In-Reply-To: <20250724-riscv_kcfi-v1-0-04b8fa44c98c@rivosinc.com> To: Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexandre Ghiti , Masahiro Yamada , Nathan Chancellor , Nicolas Schier , Andrew Morton , David Hildenbrand , Lorenzo Stoakes , "Liam R. Howlett" , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Nick Desaulniers , Bill Wendling , Monk Chiang , Kito Cheng , Justin Stitt Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev, rick.p.edgecombe@intel.com, broonie@kernel.org, cleger@rivosinc.com, samitolvanen@google.com, apatel@ventanamicro.com, ajones@ventanamicro.com, conor.dooley@microchip.com, charlie@rivosinc.com, samuel.holland@sifive.com, bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com, heinrich.schuchardt@canonical.com, andrew@sifive.com, ved@rivosinc.com, Deepak Gupta X-Mailer: b4 0.13.0 Defines `CONFIG_RISCV_KERNEL_CFI` and selects SHADOW_CALL_STACK and ARCH_HAS_KERNEL_SHADOW_STACK both so that zicfiss can be wired up. Makefile checks if CONFIG_RISCV_KERNEL_CFI is enabled, then light up zicfiss and zicfilp compiler flags. CONFIG_RISCV_KERNEL_CFI is dependent on CONFIG_RISCV_USER_CFI. There is no reason for user to not select support for user cfi while enabling for kernel. compat vdso don't need fcf-protection (toolchain lacks support). Signed-off-by: Deepak Gupta --- arch/riscv/Kconfig | 37 ++++++++++++++++++++++++++++++= +++- arch/riscv/Makefile | 8 ++++++++ arch/riscv/kernel/compat_vdso/Makefile | 2 +- arch/riscv/kernel/vdso/Makefile | 2 +- 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 385c3d93e378..305ba5787f74 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -245,7 +245,7 @@ config GCC_SUPPORTS_DYNAMIC_FTRACE depends on CC_HAS_MIN_FUNCTION_ALIGNMENT || !RISCV_ISA_C =20 config HAVE_SHADOW_CALL_STACK - def_bool $(cc-option,-fsanitize=3Dshadow-call-stack) + def_bool $(cc-option,-fsanitize=3Dshadow-call-stack) || $(cc-option,-mabi= =3Dlp64 -march=3Drv64ima_zicfilp_zicfiss) # https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6e= eb51f0cb7b8819e50da6d2444d769 depends on $(ld-option,--no-relax-gp) =20 @@ -864,6 +864,16 @@ config RISCV_ISA_ZICBOP =20 If you don't know what to do here, say Y. =20 +config TOOLCHAIN_HAS_ZICFILP + bool + default y + depends on 64BIT && $(cc-option,-mabi=3Dlp64 -march=3Drv64ima_zicfilp) + +config TOOLCHAIN_HAS_ZICFISS + bool + default y + depends on 64BIT && $(cc-option,-mabi=3Dlp64 -march=3Drv64ima_zicfiss) + config TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI def_bool y # https://sourceware.org/git/?p=3Dbinutils-gdb.git;a=3Dcommit;h=3Daed4428= 6efa8ae8717a77d94b51ac3614e2ca6dc @@ -1182,6 +1192,31 @@ config RISCV_USER_CFI space does not get protection "for free". default n. =20 +config RISCV_KERNEL_CFI + def_bool n + bool "hw assisted riscv kernel control flow integrity (kcfi)" + depends on 64BIT && $(cc-option,-mabi=3Dlp64 -march=3Drv64ima_zicfilp_zic= fiss) + depends on RISCV_USER_CFI + select ARCH_SUPPORTS_SHADOW_CALL_STACK + select SHADOW_CALL_STACK + select ARCH_HAS_KERNEL_SHADOW_STACK + help + Provides CPU assisted control flow integrity to for riscv kernel. + Control flow integrity is provided by implementing shadow stack for + backward edge and indirect branch tracking for forward edge. Shadow + stack protection is a hardware feature that detects function return + address corruption. This helps mitigate ROP attacks. RISCV_KERNEL_CFI + selects CONFIG_SHADOW_CALL_STACK which uses software based shadow + stack but is unprotected against stray writes. Selecting RISCV_KERNEL_C= FI + will select CONFIG_DYNAMIC_SCS and will enable hardware assisted shadow + stack protection against stray writes. + Indirect branch tracking enforces that all indirect branches must land + on a landing pad instruction else CPU will fault. This enables forward + control flow (call/jmp) protection in kernel and restricts all indirect + call or jump in kernel to a landing pad instruction which mostly likely + will be start of the function. + default n + endmenu # "Kernel features" =20 menu "Boot options" diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index 7128df832b28..6ef30a3d2bc4 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -61,8 +61,10 @@ else ifeq ($(CONFIG_LTO_CLANG),y) endif =20 ifeq ($(CONFIG_SHADOW_CALL_STACK),y) +ifndef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK KBUILD_LDFLAGS +=3D --no-relax-gp endif +endif =20 # ISA string setting riscv-march-$(CONFIG_ARCH_RV32I) :=3D rv32ima @@ -91,6 +93,12 @@ riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZABHA) :=3D $(riscv-m= arch-y)_zabha KBUILD_BASE_ISA =3D -march=3D$(shell echo $(riscv-march-y) | sed -E 's/(rv= 32ima|rv64ima)fd([^v_]*)v?/\1\2/') export KBUILD_BASE_ISA =20 +ifeq ($(CONFIG_RISCV_KERNEL_CFI),y) +riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZICFILP) :=3D $(riscv-march-y)_zicfilp +riscv-march-$(CONFIG_TOOLCHAIN_HAS_ZICFISS) :=3D $(riscv-march-y)_zicfiss +KBUILD_CFLAGS +=3D -fcf-protection=3Dfull +KBUILD_AFLAGS +=3D -fcf-protection=3Dfull +endif # Remove F,D,V from isa string for all. Keep extensions between "fd" and "= v" by # matching non-v and non-multi-letter extensions out with the filter ([^v_= ]*) KBUILD_CFLAGS +=3D $(KBUILD_BASE_ISA) diff --git a/arch/riscv/kernel/compat_vdso/Makefile b/arch/riscv/kernel/com= pat_vdso/Makefile index 24e37d1ef7ec..552131bc34d7 100644 --- a/arch/riscv/kernel/compat_vdso/Makefile +++ b/arch/riscv/kernel/compat_vdso/Makefile @@ -69,4 +69,4 @@ quiet_cmd_compat_vdsold =3D VDSOLD $@ =20 # actual build commands quiet_cmd_compat_vdsoas =3D VDSOAS $@ - cmd_compat_vdsoas =3D $(COMPAT_CC) $(a_flags) $(COMPAT_CC_FLAGS) -c = -o $@ $< + cmd_compat_vdsoas =3D $(COMPAT_CC) $(filter-out -fcf-protection=3Dfu= ll, $(a_flags)) $(COMPAT_CC_FLAGS) -c -o $@ $< diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makef= ile index 2b528d82fa7d..7b1446b63ebc 100644 --- a/arch/riscv/kernel/vdso/Makefile +++ b/arch/riscv/kernel/vdso/Makefile @@ -17,7 +17,7 @@ ifdef CONFIG_VDSO_GETRANDOM vdso-syms +=3D getrandom endif =20 -ifdef CONFIG_RISCV_USER_CFI +ifneq ($(CONFIG_RISCV_USER_CFI), $(CONFIG_RISCV_KERNEL_CFI)) CFI_MARCH =3D _zicfilp_zicfiss CFI_FULL =3D -fcf-protection=3Dfull endif --=20 2.43.0