From nobody Fri Dec 19 19:04:47 2025 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CEE3310631 for ; Mon, 13 Oct 2025 21:56:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760392616; cv=none; b=Jk6qAmdfYx2cgJqNIehS0DBQ7BTCdi5hORns4WjREsSMV4nCy/CVaergCg22h0oyaDnQ2goecjsz/gsq9T4Y4FZo3P8GZ0CCNdAQ3ieTJML7rRTBkW3Apt68Ed8+yEQ1lM1MO0U5yo1BoBkfHI/VhhLNFZnA7ZTuGcS5uUF0X5Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760392616; c=relaxed/simple; bh=B7xwchK4FG8sCqHbEssEw61tgz1Flj7T/4mrz7q8RQY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=WxPWgNISvDySntVFVwFHy7zQkpOg3MJtNPqGZfBkBwOmbvVquFA7dh0TvzDPUn07X671xf182V+8fDjcgdD6dT6cKVpq29PfGZbZGiqbRt/LsgFYzn5r3K4MHojPBiDOUs5Ds6/vV9zdcKcvUBv6ItFL3rZN7NV/xA+s1uuHd08= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b=d2d0Yage; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b="d2d0Yage" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-339e71ccf48so6605189a91.3 for ; Mon, 13 Oct 2025 14:56:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1760392612; x=1760997412; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=6Aut4LXJuVcEsRFytitP3cDaWMqSMXRf04hYtEkTfh4=; b=d2d0Yage0YGd/ceG4MzAxrz0A/HqEAOhu53ZVLsSsqCzBuofOh4ERLTF9rmTA1ylKt 1U8NihR6Y4N/bcoqT/hMjUJVt0Reds6VYU0nE0JPjcGd0aZdRkm4FXB72tsrerCs5nS9 nq/JK/xcYo8GA64qMjmdeopMxLekbqWJTNKtqcZsYCCZxulavnQLnh0pU6c0m1JdORb/ jZykhUkh8VoPNA4ZCzMqkPpyKuR77VvN/ewyWk2rDN+HhtJqwjveCo1WsKPSTvB2Ao8E RDz2bxVCkjhcicX+w/C/HCZNrKo/MaQD1TCEX1MgzcWsowq6MnL0HoPnzP1oymJrwzzg oGWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760392612; x=1760997412; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6Aut4LXJuVcEsRFytitP3cDaWMqSMXRf04hYtEkTfh4=; b=P8sEBkeNhu1C3y6T1AJoi0ux01muM6J+wLtIJH6mN0ybvPQKx8L8yizDniEY/uo1ua Jdm2JZvRiGs7z3H5rLjoZNfepo30nT3FHHUGwrymWNi/ewXIhdz45fXXO7HwEXEwjdtd yE1xbPfYH1nd9kZy4hihLjzuVGRrK1rYqWBSQ7nJ/bs5YN7Uda4RLayUDvN7PXdXvHb2 5c0dIcpTu6Mze74VBuTJPPyQDT0TcflSmrn0MnhDXufSq48JqdpjNhzBaLBH4CiJC2At btmDITDYSdbhd3eHAREm+awBQ9Rx4rgOQVU7IqMt0ihfvo5PrMN5gvJHUk3qBvSRGpSq mIEA== X-Gm-Message-State: AOJu0YzaaF+LAjJ0ZXmb0iKlEFk9Fybovm3IN/1GJEl15WCVwMWSvTHW EfTtFxM6V3go+W7C0YWtDq0KZoRKm6Fvn7cw1wXtNiK+HRRD84x6yQbY9bGnpUhr/nc= X-Gm-Gg: ASbGnctY2c8qepaaTOF+RZX5SUDanGIu31WX1XfLg9++6yRqq5YQsOFRHtmaQ9/j1T3 gdSt3KxnFTQvueS6+CpP8aI1nBwinbadQPP38RkSY2pBHOxLJASWJFOZ5OFmpts/4s7dyy3XnCh XjTDmhYgss1ijLfnYOzo3wva8s0jBvI2AuMP5ntDZDk5NoGVtQm8iGgvLvUNSg925HEVD08DQsD tGoV3gsek/Sa59ofP33FzytFDZxvBKJDqwbz3lBnTEJb/WohxPqvJu+k7DUIVqfVhHvZlFCSW6h Cj54U44Q7If2Cenb0FQo009v1coPuIcp+VVIYhMWqjam3A58UlF+ArKSQBQ2H94j2qBle3yGN9u 88lq8E6EcdwU4zU+TeOGvD0LepJDJZ8EzOvsds7xrXARTBZbInQU= X-Google-Smtp-Source: AGHT+IHuzccMMrC6EVu8/EqtQdWnK8i4SqsIw+5vY+GOmDfbFPMT1SxK/JFxXk2QbL9stmzl/iLm6A== X-Received: by 2002:a17:90b:3889:b0:32e:d600:4fe9 with SMTP id 98e67ed59e1d1-33b510f8ef4mr31439570a91.4.1760392612262; Mon, 13 Oct 2025 14:56:52 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33b626bb49esm13143212a91.12.2025.10.13.14.56.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Oct 2025 14:56:51 -0700 (PDT) From: Deepak Gupta Date: Mon, 13 Oct 2025 14:56:16 -0700 Subject: [PATCH v20 24/28] arch/riscv: dual vdso creation logic and select vdso based on hw Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251013-v5_user_cfi_series-v20-24-b9de4be9912e@rivosinc.com> References: <20251013-v5_user_cfi_series-v20-0-b9de4be9912e@rivosinc.com> In-Reply-To: <20251013-v5_user_cfi_series-v20-0-b9de4be9912e@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Benno Lossin Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Deepak Gupta X-Mailer: b4 0.13.0 Shadow stack instructions are taken from zimop (mandated on RVA23). Any hardware prior to RVA23 profile will fault on shado stack instruction. Any userspace with shadow stack instruction in it will fault on such hardware. Thus such userspace can't be brought onto such a hardware. It's not known how userspace will respond to such binary fragmentation. However in order to keep kernel portable across such different hardware, `arch/riscv/kernel/vdso_cfi` is created which has logic (Makefile) to compile `arch/riscv/kernel/vdso` sources with cfi flags and then changes in `arch/riscv/kernel/vdso.c` for selecting appropriate vdso depending on whether underlying hardware(cpu) implements zimop extension. Offset of vdso symbols will change due to having two different vdso binaries, there is added logic to include new generated vdso offset header and dynamically select offset (like for rt_sigreturn). Signed-off-by: Deepak Gupta Acked-by: Charles Mirabile --- arch/riscv/Makefile | 3 +++ arch/riscv/include/asm/vdso.h | 7 ++++++- arch/riscv/kernel/Makefile | 1 + arch/riscv/kernel/vdso.c | 7 +++++++ arch/riscv/kernel/vdso/Makefile | 29 ++++++++++++++++++++------= --- arch/riscv/kernel/vdso/gen_vdso_offsets.sh | 4 +++- arch/riscv/kernel/vdso_cfi/Makefile | 25 +++++++++++++++++++++++++ arch/riscv/kernel/vdso_cfi/vdso-cfi.S | 11 +++++++++++ 8 files changed, 76 insertions(+), 11 deletions(-) diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index f60c2de0ca08..b74b63da16a7 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -176,6 +176,8 @@ ifeq ($(CONFIG_MMU),y) prepare: vdso_prepare vdso_prepare: prepare0 $(Q)$(MAKE) $(build)=3Darch/riscv/kernel/vdso include/generated/vdso-offs= ets.h + $(if $(CONFIG_RISCV_USER_CFI),$(Q)$(MAKE) \ + $(build)=3Darch/riscv/kernel/vdso_cfi include/generated/vdso-cfi-offsets= .h) $(if $(CONFIG_COMPAT),$(Q)$(MAKE) \ $(build)=3Darch/riscv/kernel/compat_vdso include/generated/compat_vdso-o= ffsets.h) =20 @@ -183,6 +185,7 @@ endif endif =20 vdso-install-y +=3D arch/riscv/kernel/vdso/vdso.so.dbg +vdso-install-$(CONFIG_RISCV_USER_CFI) +=3D arch/riscv/kernel/vdso_cfi/vdso= -cfi.so.dbg vdso-install-$(CONFIG_COMPAT) +=3D arch/riscv/kernel/compat_vdso/compat_vd= so.so.dbg =20 BOOT_TARGETS :=3D Image Image.gz Image.bz2 Image.lz4 Image.lzma Image.lzo = Image.zst Image.xz loader loader.bin xipImage vmlinuz.efi diff --git a/arch/riscv/include/asm/vdso.h b/arch/riscv/include/asm/vdso.h index f80357fe24d1..3fc8f72b8bfb 100644 --- a/arch/riscv/include/asm/vdso.h +++ b/arch/riscv/include/asm/vdso.h @@ -18,9 +18,13 @@ =20 #ifndef __ASSEMBLER__ #include +#include =20 #define VDSO_SYMBOL(base, name) \ - (void __user *)((unsigned long)(base) + __vdso_##name##_offset) + ((IS_ENABLED(CONFIG_RISCV_USER_CFI) && \ + riscv_has_extension_unlikely(RISCV_ISA_EXT_ZIMOP)) ? \ + (void __user *)((unsigned long)(base) + __vdso_##name##_cfi_offset) : \ + (void __user *)((unsigned long)(base) + __vdso_##name##_offset)) =20 #ifdef CONFIG_COMPAT #include @@ -33,6 +37,7 @@ extern char compat_vdso_start[], compat_vdso_end[]; #endif /* CONFIG_COMPAT */ =20 extern char vdso_start[], vdso_end[]; +extern char vdso_cfi_start[], vdso_cfi_end[]; =20 #endif /* !__ASSEMBLER__ */ =20 diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 2d0e0dcedbd3..9026400cba10 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -72,6 +72,7 @@ obj-y +=3D vendor_extensions/ obj-y +=3D probes/ obj-y +=3D tests/ obj-$(CONFIG_MMU) +=3D vdso.o vdso/ +obj-$(CONFIG_RISCV_USER_CFI) +=3D vdso_cfi/ =20 obj-$(CONFIG_RISCV_MISALIGNED) +=3D traps_misaligned.o obj-$(CONFIG_RISCV_MISALIGNED) +=3D unaligned_access_speed.o diff --git a/arch/riscv/kernel/vdso.c b/arch/riscv/kernel/vdso.c index 3a8e038b10a2..bf080e519101 100644 --- a/arch/riscv/kernel/vdso.c +++ b/arch/riscv/kernel/vdso.c @@ -98,6 +98,13 @@ static struct __vdso_info compat_vdso_info __ro_after_in= it =3D { =20 static int __init vdso_init(void) { + /* Hart implements zimop, expose cfi compiled vdso */ + if (IS_ENABLED(CONFIG_RISCV_USER_CFI) && + riscv_has_extension_unlikely(RISCV_ISA_EXT_ZIMOP)) { + vdso_info.vdso_code_start =3D vdso_cfi_start; + vdso_info.vdso_code_end =3D vdso_cfi_end; + } + __vdso_init(&vdso_info); #ifdef CONFIG_COMPAT __vdso_init(&compat_vdso_info); diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makef= ile index 272f1d837a80..a842dc034571 100644 --- a/arch/riscv/kernel/vdso/Makefile +++ b/arch/riscv/kernel/vdso/Makefile @@ -20,6 +20,10 @@ endif ifdef VDSO_CFI_BUILD CFI_MARCH =3D _zicfilp_zicfiss CFI_FULL =3D -fcf-protection=3Dfull +CFI_SUFFIX =3D -cfi +OFFSET_SUFFIX =3D _cfi +ccflags-y +=3D -DVDSO_CFI=3D1 +asflags-y +=3D -DVDSO_CFI=3D1 endif =20 # Files to link into the vdso @@ -48,13 +52,20 @@ endif CFLAGS_hwprobe.o +=3D -fPIC =20 # Build rules -targets :=3D $(obj-vdso) vdso.so vdso.so.dbg vdso.lds +vdso_offsets :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),)-offsets.h +vdso_o :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).o +vdso_so :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).so +vdso_so_dbg :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).so.dbg +vdso_lds :=3D vdso.lds + +targets :=3D $(obj-vdso) $(vdso_so) $(vdso_so_dbg) $(vdso_lds) + obj-vdso :=3D $(addprefix $(obj)/, $(obj-vdso)) =20 -obj-y +=3D vdso.o -CPPFLAGS_vdso.lds +=3D -P -C -U$(ARCH) +obj-y +=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).o +CPPFLAGS_$(vdso_lds) +=3D -P -C -U$(ARCH) ifneq ($(filter vgettimeofday, $(vdso-syms)),) -CPPFLAGS_vdso.lds +=3D -DHAS_VGETTIMEOFDAY +CPPFLAGS_$(vdso_lds) +=3D -DHAS_VGETTIMEOFDAY endif =20 # Disable -pg to prevent insert call site @@ -63,12 +74,12 @@ CFLAGS_REMOVE_getrandom.o =3D $(CC_FLAGS_FTRACE) $(CC_F= LAGS_SCS) CFLAGS_REMOVE_hwprobe.o =3D $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) =20 # Force dependency -$(obj)/vdso.o: $(obj)/vdso.so +$(obj)/$(vdso_o): $(obj)/$(vdso_so) =20 # link rule for the .so file, .lds has to be first -$(obj)/vdso.so.dbg: $(obj)/vdso.lds $(obj-vdso) FORCE +$(obj)/$(vdso_so_dbg): $(obj)/$(vdso_lds) $(obj-vdso) FORCE $(call if_changed,vdsold_and_check) -LDFLAGS_vdso.so.dbg =3D -shared -soname=3Dlinux-vdso.so.1 \ +LDFLAGS_$(vdso_so_dbg) =3D -shared -soname=3Dlinux-vdso.so.1 \ --build-id=3Dsha1 --eh-frame-hdr =20 # strip rule for the .so file @@ -79,9 +90,9 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE # Generate VDSO offsets using helper script gen-vdsosym :=3D $(src)/gen_vdso_offsets.sh quiet_cmd_vdsosym =3D VDSOSYM $@ - cmd_vdsosym =3D $(NM) $< | $(gen-vdsosym) | LC_ALL=3DC sort > $@ + cmd_vdsosym =3D $(NM) $< | $(gen-vdsosym) $(OFFSET_SUFFIX) | LC_ALL=3DC s= ort > $@ =20 -include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE +include/generated/$(vdso_offsets): $(obj)/$(vdso_so_dbg) FORCE $(call if_changed,vdsosym) =20 # actual build commands diff --git a/arch/riscv/kernel/vdso/gen_vdso_offsets.sh b/arch/riscv/kernel= /vdso/gen_vdso_offsets.sh index c2e5613f3495..bd5d5afaaa14 100755 --- a/arch/riscv/kernel/vdso/gen_vdso_offsets.sh +++ b/arch/riscv/kernel/vdso/gen_vdso_offsets.sh @@ -2,4 +2,6 @@ # SPDX-License-Identifier: GPL-2.0 =20 LC_ALL=3DC -sed -n -e 's/^[0]\+\(0[0-9a-fA-F]*\) . \(__vdso_[a-zA-Z0-9_]*\)$/\#define = \2_offset\t0x\1/p' +SUFFIX=3D${1:-""} +sed -n -e \ +'s/^[0]\+\(0[0-9a-fA-F]*\) . \(__vdso_[a-zA-Z0-9_]*\)$/\#define \2'$SUFFIX= '_offset\t0x\1/p' diff --git a/arch/riscv/kernel/vdso_cfi/Makefile b/arch/riscv/kernel/vdso_c= fi/Makefile new file mode 100644 index 000000000000..8ebd190782b0 --- /dev/null +++ b/arch/riscv/kernel/vdso_cfi/Makefile @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: GPL-2.0-only +# RISC-V VDSO CFI Makefile +# This Makefile builds the VDSO with CFI support when CONFIG_RISCV_USER_CF= I is enabled + +# setting VDSO_CFI_BUILD triggers build for vdso differently +VDSO_CFI_BUILD :=3D 1 + +# Set the source directory to the main vdso directory +src :=3D $(srctree)/arch/riscv/kernel/vdso + +# Copy all .S and .c files from vdso directory to vdso_cfi object build di= rectory +vdso_c_sources :=3D $(wildcard $(src)/*.c) +vdso_S_sources :=3D $(wildcard $(src)/*.S) +vdso_c_objects :=3D $(addprefix $(obj)/, $(notdir $(vdso_c_sources))) +vdso_S_objects :=3D $(addprefix $(obj)/, $(notdir $(vdso_S_sources))) + +$(vdso_S_objects): $(obj)/%.S: $(src)/%.S + $(Q)cp $< $@ + +$(vdso_c_objects): $(obj)/%.c: $(src)/%.c + $(Q)cp $< $@ + +# Include the main VDSO Makefile which contains all the build rules and so= urces +# The VDSO_CFI_BUILD variable will be passed to it to enable CFI compilati= on +include $(src)/Makefile diff --git a/arch/riscv/kernel/vdso_cfi/vdso-cfi.S b/arch/riscv/kernel/vdso= _cfi/vdso-cfi.S new file mode 100644 index 000000000000..d426f6accb35 --- /dev/null +++ b/arch/riscv/kernel/vdso_cfi/vdso-cfi.S @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright 2025 Rivos, Inc + */ + +#define vdso_start vdso_cfi_start +#define vdso_end vdso_cfi_end + +#define __VDSO_PATH "arch/riscv/kernel/vdso_cfi/vdso-cfi.so" + +#include "../vdso/vdso.S" --=20 2.43.0