From nobody Tue Dec 16 13:33:15 2025 Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42061354AEF for ; Fri, 5 Dec 2025 18:37:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764959872; cv=none; b=onvw4RygZ0p40rGnwAH2JTJw6Xux6ZKM/5dDqXxujpbtCVZ7BKqELazAMKcd6keiAKu8xhMOnCVFxAApn8S7tJOL3F1z5RuWOCvctfqmAPyLcX0ySWjBj2j4ryezdvsggxFNZFDQHLBexcOrBGTf3zFkCiEvwpfWkyTCmTNujAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764959872; c=relaxed/simple; bh=x3JVG0Npt7Vp6FJ7VZ184tzfxWj7zfRDDLEdRgBiASw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ULRKrxEOAcXNlzGB65efVMWOZS0UC/8o7pqmf+7gO1Who7/YNdLMrC9dAY1UH2sZijR4YXfLcmQT0toY4321h9p3aptbMEvLIafmDKkB1XRwrxSkkJemdgGfsvFd22gKa2xc0lkiN0rBQyGVl7+vKmxvVnUvUp3aayjGWH5cswE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b=Mg+yxr41; arc=none smtp.client-ip=209.85.215.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b="Mg+yxr41" Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-bc8198fbaf8so2122311a12.1 for ; Fri, 05 Dec 2025 10:37:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1764959856; x=1765564656; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=FbIk5cCPbojOJ9uTDKoU4N3fqpVL6wCeA1bHhTiYoys=; b=Mg+yxr41RPX/gVcEeBtVQPQT5ZrkY5Xpv6MKzEMu49TtzoM88386LAgXZfcQCnA/71 mPtCv1YQtVJCc0fiJePeUUAC23Uv8cMZW6UhxsjHbq+K4sye28yeOvSBtNlhHPhj0UWn GL9j23kqY1qJkT1NX4TPvQf+l5ecKxvq8pKrB5f5cCiTEXcYr4ZKOplP1nML40n+snvv KgD0A00nA7QIJcEEuioNUc1y8XdzSw5W9tIefDUD8t+HMRIEpir97ezSq2gbJy1B9nJ+ 9czfG5a9fuTEADfrFSzodKLicl7ObWaFgtSZ4VqWASBdKyFjwhHa87BihbI8ewbPZae2 Qn5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764959856; x=1765564656; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FbIk5cCPbojOJ9uTDKoU4N3fqpVL6wCeA1bHhTiYoys=; b=PVXuZy7b5gyuvWjKAyPdCbOSlYDGLBMiO4Wj0/woH036V3donQQTwpErYD4aG1Pao/ fVTBClxWdYJqzKCpQrXH258FRQaRexaUsyXV7jd9R2KeCguwQqil+46inUyN6qaViOyu 4E9g0omC5HFfTxYHia88Xa2ydd4q6LdEz0ZOUpB6akUdvLfGjv90ncz95aA3RM8S+/CF bU06h9mrWUH5ndaJ4+ULbnZUTGpWvwRfp04Ov4BG4T/OoSdZSvfhLyqTTLbmcT75zkpf 2eoOq91dNXdKQEGF8ZydXm/StqstcvGXw3UieHnFaQdrIpzjzZViC03z6ulteI4ac5Ry h1Bg== X-Gm-Message-State: AOJu0Ywr614NDE7pvRLn3rHfU6X8pV6vz4JfxSdQelwFfGufH25HCRB6 aIVQxLfBVBF5l9/InwxdzEnmWI7jq3Zio8NY56RJiP0PV0uCYu1GJ8fwP6MBsSQy1FM= X-Gm-Gg: ASbGnctEH/Fj5PfTHv4vL09VqCcdkN/NLJF8XjbnW9AEMsuCFH53TNU2rYqK9rFnZhr Z5eTeBlh1ldOYYtoKA0xKW2ivnDbe5Xujke+W7BDDg0f0wak9V3BDtLLiIwon+MmTBroVOSglcz L9dWJ6fJxB0n2wwGYdxNKmx12jRU4drw9mwExkxgUDqCT6Jl7CX3FDwmCzRGBbsCFRuyE+jL4qx eiQwwQKGd2sSi1gl5pIgJdkDhyRHV33aUC/zVhxWJc+Qi/hca/qrVV1qfpDWc3VqnObFBj+E9JA N/TnDgIRynlv5rkfLkh0rVJRcEEfz5KCDMIY/tSI6/s0OwQWXnWuxX2nkPNcbULb5A5i3OmrZ2G sUbJDzW62ZPSlpvQG2kk4x8WtQq4ayu17Ikk6Vq/Uf5n1OJWxFHXguoZips98crfMQd4m+Iq3kD UkKXFGOdf307Rd6fw5EwrG X-Google-Smtp-Source: AGHT+IHkjjsKzqNtkRXJFYg+Yls4ZdsONc5juLvXKNvtnLO3/ZLQmkbs2RVd7+58iM/Zo5/Mwe0wYQ== X-Received: by 2002:a05:7300:f40c:b0:2a4:432c:1e63 with SMTP id 5a478bee46e88-2abc712a348mr94020eec.5.1764959856105; Fri, 05 Dec 2025 10:37:36 -0800 (PST) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2aba8395d99sm23933342eec.1.2025.12.05.10.37.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Dec 2025 10:37:35 -0800 (PST) From: Deepak Gupta Date: Fri, 05 Dec 2025 10:37:10 -0800 Subject: [PATCH v25 24/28] arch/riscv: dual vdso creation logic and select vdso based on hw Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20251205-v5_user_cfi_series-v25-24-8a3570c3e145@rivosinc.com> References: <20251205-v5_user_cfi_series-v25-0-8a3570c3e145@rivosinc.com> In-Reply-To: <20251205-v5_user_cfi_series-v25-0-8a3570c3e145@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Andreas Hindborg , Alice Ryhl , Trevor Gross , Benno Lossin Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Charles Mirabile , Andreas Korb , Valentin Haudiquet , Deepak Gupta X-Mailer: b4 0.13.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1764959808; l=9634; i=debug@rivosinc.com; s=20251023; h=from:subject:message-id; bh=x3JVG0Npt7Vp6FJ7VZ184tzfxWj7zfRDDLEdRgBiASw=; b=DP0jaDo8GMIVR5mv16tqNdKkiXt+tqgS8UirLPKq+8lp6UPqdjFktNR5NSTnwQRkwH0UgQ58P gpSrWB1JqGOBa+zu4fC/nK7ifQXFg/wW4GVPQ/FV3XBbm/HuPXFvCVB X-Developer-Key: i=debug@rivosinc.com; a=ed25519; pk=O37GQv1thBhZToXyQKdecPDhtWVbEDRQ0RIndijvpjk= Shadow stack instructions are taken from zimop (mandated on RVA23). Any hardware prior to RVA23 profile will fault on shadow stack instruction. Any userspace with shadow stack instruction in it will fault on such hardware. Thus such userspace can't be brought onto such a hardware. It's not known how userspace will respond to such binary fragmentation. However in order to keep kernel portable across such different hardware, `arch/riscv/kernel/vdso_cfi` is created which has logic (Makefile) to compile `arch/riscv/kernel/vdso` sources with cfi flags and then changes in `arch/riscv/kernel/vdso.c` for selecting appropriate vdso depending on whether underlying hardware(cpu) implements zimop extension. Offset of vdso symbols will change due to having two different vdso binaries, there is added logic to include new generated vdso offset header and dynamically select offset (like for rt_sigreturn). Acked-by: Charles Mirabile Tested-by: Andreas Korb Tested-by: Valentin Haudiquet Signed-off-by: Deepak Gupta --- arch/riscv/Makefile | 3 +++ arch/riscv/include/asm/vdso.h | 13 ++++++++++++- arch/riscv/kernel/Makefile | 1 + arch/riscv/kernel/vdso.c | 7 +++++++ arch/riscv/kernel/vdso/Makefile | 29 ++++++++++++++++++++------= --- arch/riscv/kernel/vdso/gen_vdso_offsets.sh | 4 +++- arch/riscv/kernel/vdso_cfi/Makefile | 25 +++++++++++++++++++++++++ arch/riscv/kernel/vdso_cfi/vdso-cfi.S | 11 +++++++++++ 8 files changed, 82 insertions(+), 11 deletions(-) diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index f60c2de0ca08..b74b63da16a7 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -176,6 +176,8 @@ ifeq ($(CONFIG_MMU),y) prepare: vdso_prepare vdso_prepare: prepare0 $(Q)$(MAKE) $(build)=3Darch/riscv/kernel/vdso include/generated/vdso-offs= ets.h + $(if $(CONFIG_RISCV_USER_CFI),$(Q)$(MAKE) \ + $(build)=3Darch/riscv/kernel/vdso_cfi include/generated/vdso-cfi-offsets= .h) $(if $(CONFIG_COMPAT),$(Q)$(MAKE) \ $(build)=3Darch/riscv/kernel/compat_vdso include/generated/compat_vdso-o= ffsets.h) =20 @@ -183,6 +185,7 @@ endif endif =20 vdso-install-y +=3D arch/riscv/kernel/vdso/vdso.so.dbg +vdso-install-$(CONFIG_RISCV_USER_CFI) +=3D arch/riscv/kernel/vdso_cfi/vdso= -cfi.so.dbg vdso-install-$(CONFIG_COMPAT) +=3D arch/riscv/kernel/compat_vdso/compat_vd= so.so.dbg =20 BOOT_TARGETS :=3D Image Image.gz Image.bz2 Image.lz4 Image.lzma Image.lzo = Image.zst Image.xz loader loader.bin xipImage vmlinuz.efi diff --git a/arch/riscv/include/asm/vdso.h b/arch/riscv/include/asm/vdso.h index f80357fe24d1..35bf830a5576 100644 --- a/arch/riscv/include/asm/vdso.h +++ b/arch/riscv/include/asm/vdso.h @@ -18,9 +18,19 @@ =20 #ifndef __ASSEMBLER__ #include +#ifdef CONFIG_RISCV_USER_CFI +#include +#endif =20 +#ifdef CONFIG_RISCV_USER_CFI #define VDSO_SYMBOL(base, name) \ - (void __user *)((unsigned long)(base) + __vdso_##name##_offset) + (riscv_has_extension_unlikely(RISCV_ISA_EXT_ZIMOP) ? \ + (void __user *)((unsigned long)(base) + __vdso_##name##_cfi_offset) : \ + (void __user *)((unsigned long)(base) + __vdso_##name##_offset)) +#else +#define VDSO_SYMBOL(base, name) \ + ((void __user *)((unsigned long)(base) + __vdso_##name##_offset)) +#endif =20 #ifdef CONFIG_COMPAT #include @@ -33,6 +43,7 @@ extern char compat_vdso_start[], compat_vdso_end[]; #endif /* CONFIG_COMPAT */ =20 extern char vdso_start[], vdso_end[]; +extern char vdso_cfi_start[], vdso_cfi_end[]; =20 #endif /* !__ASSEMBLER__ */ =20 diff --git a/arch/riscv/kernel/Makefile b/arch/riscv/kernel/Makefile index 2d0e0dcedbd3..9026400cba10 100644 --- a/arch/riscv/kernel/Makefile +++ b/arch/riscv/kernel/Makefile @@ -72,6 +72,7 @@ obj-y +=3D vendor_extensions/ obj-y +=3D probes/ obj-y +=3D tests/ obj-$(CONFIG_MMU) +=3D vdso.o vdso/ +obj-$(CONFIG_RISCV_USER_CFI) +=3D vdso_cfi/ =20 obj-$(CONFIG_RISCV_MISALIGNED) +=3D traps_misaligned.o obj-$(CONFIG_RISCV_MISALIGNED) +=3D unaligned_access_speed.o diff --git a/arch/riscv/kernel/vdso.c b/arch/riscv/kernel/vdso.c index 3a8e038b10a2..43f70198ac3c 100644 --- a/arch/riscv/kernel/vdso.c +++ b/arch/riscv/kernel/vdso.c @@ -98,6 +98,13 @@ static struct __vdso_info compat_vdso_info __ro_after_in= it =3D { =20 static int __init vdso_init(void) { + /* Hart implements zimop, expose cfi compiled vdso */ + if (IS_ENABLED(CONFIG_RISCV_USER_CFI) && + riscv_has_extension_unlikely(RISCV_ISA_EXT_ZIMOP)) { + vdso_info.vdso_code_start =3D vdso_cfi_start; + vdso_info.vdso_code_end =3D vdso_cfi_end; + } + __vdso_init(&vdso_info); #ifdef CONFIG_COMPAT __vdso_init(&compat_vdso_info); diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makef= ile index 272f1d837a80..a842dc034571 100644 --- a/arch/riscv/kernel/vdso/Makefile +++ b/arch/riscv/kernel/vdso/Makefile @@ -20,6 +20,10 @@ endif ifdef VDSO_CFI_BUILD CFI_MARCH =3D _zicfilp_zicfiss CFI_FULL =3D -fcf-protection=3Dfull +CFI_SUFFIX =3D -cfi +OFFSET_SUFFIX =3D _cfi +ccflags-y +=3D -DVDSO_CFI=3D1 +asflags-y +=3D -DVDSO_CFI=3D1 endif =20 # Files to link into the vdso @@ -48,13 +52,20 @@ endif CFLAGS_hwprobe.o +=3D -fPIC =20 # Build rules -targets :=3D $(obj-vdso) vdso.so vdso.so.dbg vdso.lds +vdso_offsets :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),)-offsets.h +vdso_o :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).o +vdso_so :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).so +vdso_so_dbg :=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).so.dbg +vdso_lds :=3D vdso.lds + +targets :=3D $(obj-vdso) $(vdso_so) $(vdso_so_dbg) $(vdso_lds) + obj-vdso :=3D $(addprefix $(obj)/, $(obj-vdso)) =20 -obj-y +=3D vdso.o -CPPFLAGS_vdso.lds +=3D -P -C -U$(ARCH) +obj-y +=3D vdso$(if $(VDSO_CFI_BUILD),$(CFI_SUFFIX),).o +CPPFLAGS_$(vdso_lds) +=3D -P -C -U$(ARCH) ifneq ($(filter vgettimeofday, $(vdso-syms)),) -CPPFLAGS_vdso.lds +=3D -DHAS_VGETTIMEOFDAY +CPPFLAGS_$(vdso_lds) +=3D -DHAS_VGETTIMEOFDAY endif =20 # Disable -pg to prevent insert call site @@ -63,12 +74,12 @@ CFLAGS_REMOVE_getrandom.o =3D $(CC_FLAGS_FTRACE) $(CC_F= LAGS_SCS) CFLAGS_REMOVE_hwprobe.o =3D $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) =20 # Force dependency -$(obj)/vdso.o: $(obj)/vdso.so +$(obj)/$(vdso_o): $(obj)/$(vdso_so) =20 # link rule for the .so file, .lds has to be first -$(obj)/vdso.so.dbg: $(obj)/vdso.lds $(obj-vdso) FORCE +$(obj)/$(vdso_so_dbg): $(obj)/$(vdso_lds) $(obj-vdso) FORCE $(call if_changed,vdsold_and_check) -LDFLAGS_vdso.so.dbg =3D -shared -soname=3Dlinux-vdso.so.1 \ +LDFLAGS_$(vdso_so_dbg) =3D -shared -soname=3Dlinux-vdso.so.1 \ --build-id=3Dsha1 --eh-frame-hdr =20 # strip rule for the .so file @@ -79,9 +90,9 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE # Generate VDSO offsets using helper script gen-vdsosym :=3D $(src)/gen_vdso_offsets.sh quiet_cmd_vdsosym =3D VDSOSYM $@ - cmd_vdsosym =3D $(NM) $< | $(gen-vdsosym) | LC_ALL=3DC sort > $@ + cmd_vdsosym =3D $(NM) $< | $(gen-vdsosym) $(OFFSET_SUFFIX) | LC_ALL=3DC s= ort > $@ =20 -include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE +include/generated/$(vdso_offsets): $(obj)/$(vdso_so_dbg) FORCE $(call if_changed,vdsosym) =20 # actual build commands diff --git a/arch/riscv/kernel/vdso/gen_vdso_offsets.sh b/arch/riscv/kernel= /vdso/gen_vdso_offsets.sh index c2e5613f3495..bd5d5afaaa14 100755 --- a/arch/riscv/kernel/vdso/gen_vdso_offsets.sh +++ b/arch/riscv/kernel/vdso/gen_vdso_offsets.sh @@ -2,4 +2,6 @@ # SPDX-License-Identifier: GPL-2.0 =20 LC_ALL=3DC -sed -n -e 's/^[0]\+\(0[0-9a-fA-F]*\) . \(__vdso_[a-zA-Z0-9_]*\)$/\#define = \2_offset\t0x\1/p' +SUFFIX=3D${1:-""} +sed -n -e \ +'s/^[0]\+\(0[0-9a-fA-F]*\) . \(__vdso_[a-zA-Z0-9_]*\)$/\#define \2'$SUFFIX= '_offset\t0x\1/p' diff --git a/arch/riscv/kernel/vdso_cfi/Makefile b/arch/riscv/kernel/vdso_c= fi/Makefile new file mode 100644 index 000000000000..8ebd190782b0 --- /dev/null +++ b/arch/riscv/kernel/vdso_cfi/Makefile @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: GPL-2.0-only +# RISC-V VDSO CFI Makefile +# This Makefile builds the VDSO with CFI support when CONFIG_RISCV_USER_CF= I is enabled + +# setting VDSO_CFI_BUILD triggers build for vdso differently +VDSO_CFI_BUILD :=3D 1 + +# Set the source directory to the main vdso directory +src :=3D $(srctree)/arch/riscv/kernel/vdso + +# Copy all .S and .c files from vdso directory to vdso_cfi object build di= rectory +vdso_c_sources :=3D $(wildcard $(src)/*.c) +vdso_S_sources :=3D $(wildcard $(src)/*.S) +vdso_c_objects :=3D $(addprefix $(obj)/, $(notdir $(vdso_c_sources))) +vdso_S_objects :=3D $(addprefix $(obj)/, $(notdir $(vdso_S_sources))) + +$(vdso_S_objects): $(obj)/%.S: $(src)/%.S + $(Q)cp $< $@ + +$(vdso_c_objects): $(obj)/%.c: $(src)/%.c + $(Q)cp $< $@ + +# Include the main VDSO Makefile which contains all the build rules and so= urces +# The VDSO_CFI_BUILD variable will be passed to it to enable CFI compilati= on +include $(src)/Makefile diff --git a/arch/riscv/kernel/vdso_cfi/vdso-cfi.S b/arch/riscv/kernel/vdso= _cfi/vdso-cfi.S new file mode 100644 index 000000000000..d426f6accb35 --- /dev/null +++ b/arch/riscv/kernel/vdso_cfi/vdso-cfi.S @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright 2025 Rivos, Inc + */ + +#define vdso_start vdso_cfi_start +#define vdso_end vdso_cfi_end + +#define __VDSO_PATH "arch/riscv/kernel/vdso_cfi/vdso-cfi.so" + +#include "../vdso/vdso.S" --=20 2.45.0