From nobody Thu Apr  9 17:59:27 2026
Received: from mail-dy1-f178.google.com (mail-dy1-f178.google.com
 [74.125.82.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3766432FA18
	for <linux-kernel@vger.kernel.org>; Fri,  6 Mar 2026 08:06:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=74.125.82.178
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772784388; cv=none;
 b=AFkh7c2j0IiH2WOx8dpIggUQjqjb/UJoSiqOx8r/WVdkZr1myqiVQAz8eFzIiRH3jqjyIxQ+f9NtKdn3GDXYZ07bHYj8iumqoNJICAaxBblEDJJO9kDdEUdyk8tbaTmdNbpXQOPVr6Qk8lIdsIj40WUX95sAk91UbMRFSfAhh4E=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772784388; c=relaxed/simple;
	bh=s1c6UzXC4AMKUQqd6KKzvFTBf4L8eUegbgnjrP5YOAE=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=BJtLiA1LAnvIOjpWtR5d8zrSl1PTnacG35DGTtGmP0gNxCuHt43uJR0ubxcxzi9C4v7hBN9NWpMLp1pusVTc477UQvwgAQL7klnZ3bM6VF5xfKRT9AVbwpgp69Y79pvtPWxqSpzS8HGV0TApGoFVBuhSKje2ZfR+xTcjIdCmy5I=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=sifive.com;
 spf=pass smtp.mailfrom=sifive.com;
 dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com
 header.b=YAu0CUUI; arc=none smtp.client-ip=74.125.82.178
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=sifive.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=sifive.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com
 header.b="YAu0CUUI"
Received: by mail-dy1-f178.google.com with SMTP id
 5a478bee46e88-2ba9c484e5eso8337969eec.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 06 Mar 2026 00:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sifive.com; s=google; t=1772784386; x=1773389186;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=BwtPYkqes3sOFpm7m8BwfEN8L84UwN7cM3hNgMhWaAs=;
        b=YAu0CUUI1MOfeCq97befS1wIPDU33MrIVsF3K7L4kdpDmheFsM34ilfO3TH9ft7UxZ
         3FpjEg2FNNSZzq6rbAcqJwzA5GoGlIIS2XLSECJD1Bcd7HDnniTqTxpr+d2OqJishIPE
         lumkuw9t1Ryrut22oKm2mRd5HGHkERn3PpJEO2GT+k8uD5yKVPiLhJ31pDkz26s1UJzZ
         HV6bvVEhX872FGXvI/pwaKY5KZtqqB9E8ljQhx/CqqaLTay4d17rujcGbL1JmVjh6jKZ
         H8JReFtmlQA7/9rOv1ClgIeridAbtqlzkeN0yRRDLXHKdBj0mklV1mHs3i1+7ICuJgE5
         VCBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772784386; x=1773389186;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=BwtPYkqes3sOFpm7m8BwfEN8L84UwN7cM3hNgMhWaAs=;
        b=GCKbm/nxlrv4831Jf4O2uKa8pmqCRZpYOXgg24ak3A/lKpKa625QdWdusfzOozlJID
         YA7YFZwHijk3gIpm7c2N/6qmCQ3fzR3cYkDFQGkTgcpDV6N6Udt0EAdGX6BIzFBAdoUL
         R5CaRzBQelG0Ncoz1J58iGtB5uvIGNyoRhhGj9zm5bjZzC1qezlM+fwX3GaMeoGXBIXK
         N8HfszubMZxLj2A4Dww+1eLkwChAwXZAnuERrUL+Pa3rEz4v/0V3ct9WGgY6FQeNOCFe
         8VTvD9enR1wMqoGMQXjWtBTOrNQ0ecpBBGS0CNbKvxB/Tss08VORBIIns2TUPLfueYtn
         bm4A==
X-Forwarded-Encrypted: i=1;
 AJvYcCUv9PBo0XLn29CnoSjz3ii96BhcHA50MscySWopjYhqnseMFHG76qPUKVnk0A6BDsYy1T4s1IVXCqp3A5c=@vger.kernel.org
X-Gm-Message-State: AOJu0YwpYabdNl8YIcRAJjZN3iv0GP/TpWi6jDS0U0MbIDyQqZioHcSW
	3rMTTVonECRbCQ7O1kzRgvzLi9cna1leBO7YORdmKDO/9EaQMFfxa1cxpO4xd1gH4hk=
X-Gm-Gg: ATEYQzxlIqZxyRyiI8e3xrVoyIMdvlBwTk7GNgTn3jZHuYUlcKxYkfylhR8o3BccLD5
	uRRgACvTNA6t3zluG4z6cvVqq+L3E0KYmWR9RT8osTH4XZKr3dpsYwWoH8vg8odQaEE3F6f4brP
	wqIBaom9f/qotRLJRb+Mwafit5Msd/doHnbL++4Cgn4qxPeMM/yHXbfC6ATYx5z060EowubNSMZ
	MPorkRsRos5/mpsrthiqAu2MpQkLISW2F0dNtG0bo0YdNijEM+1yr995JdXKZkrnvV6w5jK6+Sd
	2dxVQKa5L6B6ze1ySRwB8Z2bHBXG7K62vhrRzOPrzcN9Dgu8xw+FkfxXLNInqH6p/IahAvag59k
	i34EX8pXoMTgbsjETpJt17lTds7mEWj8ga3XmC+QGNCyFeojfjPti6ibYkXe+N1jT4RIQd1O9te
	QdF2eAQGpfIW0PI64/oZ0MR06q0eidbn79lHs=
X-Received: by 2002:a05:7300:fd18:b0:2bd:afdb:72d7 with SMTP id
 5a478bee46e88-2be4dfd0250mr411636eec.3.1772784386170;
        Fri, 06 Mar 2026 00:06:26 -0800 (PST)
Received: from sw04.internal.sifive.com ([4.53.31.132])
        by smtp.gmail.com with ESMTPSA id
 5a478bee46e88-2be4f82316bsm696067eec.7.2026.03.06.00.06.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 06 Mar 2026 00:06:25 -0800 (PST)
From: Zong Li <zong.li@sifive.com>
To: pjw@kernel.org,
	palmer@dabbelt.com,
	aou@eecs.berkeley.edu,
	alex@ghiti.fr,
	debug@rivosinc.com,
	linux-riscv@lists.infradead.org,
	linux-kernel@vger.kernel.org
Cc: Zong Li <zong.li@sifive.com>
Subject: [PATCH] riscv: cif: clear CFI lock status in start_thread
Date: Fri,  6 Mar 2026 00:06:22 -0800
Message-ID: <20260306080622.3864367-1-zong.li@sifive.com>
X-Mailer: git-send-email @GIT_VERSION@
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When libc locks the CFI status through the following prctl:
 - PR_LOCK_SHADOW_STACK_STATUS
 - PR_LOCK_INDIR_BR_LP_STATUS

A newly forked process will inherit the lock status if it
does not clear the lock bits. Since the lock bits remain
set, libc will later fail to enable the landing pad and
shadow stack.

Signed-off-by: Zong Li <zong.li@sifive.com>
---
 arch/riscv/include/asm/usercfi.h |  8 ++++----
 arch/riscv/kernel/process.c      |  2 ++
 arch/riscv/kernel/usercfi.c      | 12 ++++++------
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/user=
cfi.h
index f7fa9d602aae..c4ab11378308 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -39,7 +39,7 @@ void set_active_shstk(struct task_struct *task, unsigned =
long shstk_addr);
 bool is_shstk_enabled(struct task_struct *task);
 bool is_shstk_locked(struct task_struct *task);
 bool is_shstk_allocated(struct task_struct *task);
-void set_shstk_lock(struct task_struct *task);
+void set_shstk_lock(struct task_struct *task, bool lock);
 void set_shstk_status(struct task_struct *task, bool enable);
 unsigned long get_active_shstk(struct task_struct *task);
 int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr);
@@ -47,7 +47,7 @@ int save_user_shstk(struct task_struct *tsk, unsigned lon=
g *saved_shstk_ptr);
 bool is_indir_lp_enabled(struct task_struct *task);
 bool is_indir_lp_locked(struct task_struct *task);
 void set_indir_lp_status(struct task_struct *task, bool enable);
-void set_indir_lp_lock(struct task_struct *task);
+void set_indir_lp_lock(struct task_struct *task, bool lock);
=20
 #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
=20
@@ -69,7 +69,7 @@ void set_indir_lp_lock(struct task_struct *task);
=20
 #define is_shstk_allocated(task) false
=20
-#define set_shstk_lock(task) do {} while (0)
+#define set_shstk_lock(task, lock) do {} while (0)
=20
 #define set_shstk_status(task, enable) do {} while (0)
=20
@@ -79,7 +79,7 @@ void set_indir_lp_lock(struct task_struct *task);
=20
 #define set_indir_lp_status(task, enable) do {} while (0)
=20
-#define set_indir_lp_lock(task) do {} while (0)
+#define set_indir_lp_lock(task, lock) do {} while (0)
=20
 #define restore_user_shstk(tsk, shstk_ptr) -EINVAL
=20
diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c
index 6b3648256a0f..36bac478f1e1 100644
--- a/arch/riscv/kernel/process.c
+++ b/arch/riscv/kernel/process.c
@@ -164,11 +164,13 @@ void start_thread(struct pt_regs *regs, unsigned long=
 pc,
 	set_shstk_status(current, false);
 	set_shstk_base(current, 0, 0);
 	set_active_shstk(current, 0);
+	set_shstk_lock(current, false);
 	/*
 	 * disable indirect branch tracking on exec.
 	 * libc will enable it later via prctl.
 	 */
 	set_indir_lp_status(current, false);
+	set_indir_lp_lock(current, false);
=20
 #ifdef CONFIG_64BIT
 	regs->status &=3D ~SR_UXL;
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index a8530e6afb1e..a101e317fe5e 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -74,9 +74,9 @@ void set_shstk_status(struct task_struct *task, bool enab=
le)
 	csr_write(CSR_ENVCFG, task->thread.envcfg);
 }
=20
-void set_shstk_lock(struct task_struct *task)
+void set_shstk_lock(struct task_struct *task, bool lock)
 {
-	task->thread_info.user_cfi_state.ubcfi_locked =3D 1;
+	task->thread_info.user_cfi_state.ubcfi_locked =3D lock;
 }
=20
 bool is_indir_lp_enabled(struct task_struct *task)
@@ -104,9 +104,9 @@ void set_indir_lp_status(struct task_struct *task, bool=
 enable)
 	csr_write(CSR_ENVCFG, task->thread.envcfg);
 }
=20
-void set_indir_lp_lock(struct task_struct *task)
+void set_indir_lp_lock(struct task_struct *task, bool lock)
 {
-	task->thread_info.user_cfi_state.ufcfi_locked =3D 1;
+	task->thread_info.user_cfi_state.ufcfi_locked =3D lock;
 }
 /*
  * If size is 0, then to be compatible with regular stack we want it to be=
 as big as
@@ -452,7 +452,7 @@ int arch_lock_shadow_stack_status(struct task_struct *t=
ask,
 	    !is_shstk_enabled(task) || arg !=3D 0)
 		return -EINVAL;
=20
-	set_shstk_lock(task);
+	set_shstk_lock(task, true);
=20
 	return 0;
 }
@@ -502,7 +502,7 @@ int arch_lock_indir_br_lp_status(struct task_struct *ta=
sk,
 	    !is_indir_lp_enabled(task) || arg !=3D 0)
 		return -EINVAL;
=20
-	set_indir_lp_lock(task);
+	set_indir_lp_lock(task, true);
=20
 	return 0;
 }
--=20
2.43.7