From nobody Fri Apr 3 22:33:50 2026 Received: from mail-dy1-f173.google.com (mail-dy1-f173.google.com [74.125.82.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6024628642B for ; Mon, 23 Mar 2026 06:56:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774249005; cv=none; b=nw69RvDmEx+r/wV7eGnTra8NXg6ZMh+G9cGLn0igwSznb0cmRqrwnHnTCx9VDEanZ38PvYQ9OHw7ETqWDivbjFsq+B36aaQBeecuxaZmcx6M5kvMVBdYpJs6z5y2/yRqw8Fzy6LZ4bBfoeJ2lNrEJD/gtMQYFb5oKUGdlegMxZM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774249005; c=relaxed/simple; bh=fRURNjSg7kSudIfEEQ2fuGQjMEkfGYEUn4I/f7BMoKM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=IYpf4PzoTS/BJMmuuVTjTW5zqZvRYjisSrhlzLVrozG2wNGD9X8NL1z4ygt42FsxqcMpskmAuSlW346hfca4TXkAigURD0Lh/8Palh9Q3vLqik7gD8Nfo0IUuavjxDSsbH6k1P4Tt/6AasAzbNVFY1GyYB0PNAq8+hjpB1Edeog= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=sifive.com; spf=pass smtp.mailfrom=sifive.com; dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com header.b=RW2UdEWC; arc=none smtp.client-ip=74.125.82.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sifive.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=sifive.com header.i=@sifive.com header.b="RW2UdEWC" Received: by mail-dy1-f173.google.com with SMTP id 5a478bee46e88-2b6b0500e06so4341788eec.1 for ; Sun, 22 Mar 2026 23:56:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1774249003; x=1774853803; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=FEUgpMoi6RQXdkbzwH6UTh57axD9lljhqGUS+7Ma/Ts=; b=RW2UdEWCRT61fJFeGS4NBOgTAyYwWrgMdIKGPKjEpCIJgppS0a9E+Q3X0Vk1NU+91G opReuI/rCrsXLx/FLomnKtIlGTotSf28FNR2u0JMo4muGRQKSSLf7RkDRqomA/fH4HEI Nlm/Rh0wqknocEJyIIvgnLSQxMZokrYswbW11zPkC1NqHuRMJFmIhmIYjsoIUWLPuhjo z4KxEz+oLXmDtCyW5K/EWLRIFnfrfi08WZnCqUa6zhhx1dzfmpAPdHpjyp02Lr3agwWl 2n9F1ZUqx41zkObdPRjgklj6IQt7qmvsUM+00zb+EHPMmxt6vmxMgHbxNfkWNkKty8dB R5ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774249003; x=1774853803; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FEUgpMoi6RQXdkbzwH6UTh57axD9lljhqGUS+7Ma/Ts=; b=HWpqligNLsPA0EGunCQkZrOWdIHhIj6GccOcQAuoNUO53iMKG+lyJYri/7AB3S+HMB tgX8lVv0TqbCt3bEkt3HLUjRzJ8DelP+0dT2fLny2sdvUAFAebBa20HeNBLLduJ++SW0 zwq61V3OmNdZ8bgJPl93KVDSo/QjHgia7Pg2hcudxHK0yZrKy81pGwxZyo1+JRPuxXx9 7VULigIEgwj6dRFpI9/f1SGo9/9RD9KqCGYN2q/YxIpPQiz4U5lkgHTpw0825SsWiO7A 6pxND5PoDjpz+Ij5faQo3P8usdtAnSTWSvdWVBX8D6ZaLlmaVpquMpjRIhsWVCTNpV5g omxA== X-Forwarded-Encrypted: i=1; AJvYcCXjWte4jmJn9bJ9bQQim2yVhms0GGkMgnJJiAkgnUN3ZjavfBZsrh1YBLPVJyXyiJYI8laeJB14yakjdA8=@vger.kernel.org X-Gm-Message-State: AOJu0Yx9LBZuB95zcc152bL/X0o5wKbEhJWYwNLvG3nco1py67/PHItV epyV263m/NjBi/ekSSFqanz3OOTuQV1vKAkXqyd3cyiOzZ+dGGFITUosDXY2Ot29IeM= X-Gm-Gg: ATEYQzz7Qd0L7F5wrPnR4vviLwWAWmqjAlN9/Qdy25fG0TRiM8r7snDgbvvrFyFJJNu eMvG8at80CH92ipH3URl62N4Elv1nfr6wn6FozdWYa6DglQtqaTyNV7IV8gbY8qRN7yLQITKPne ot3rr71qewHDS67JtsD4E7BzNE0rna/WH25+RMZh6/P6EAe6KjcEEwIrOHsiMa+H6e7gOxXl+yM qDC3lPfDmVNqy6tHfONsVe39KWhAgThcr36ARPZMFRcZO+nKSJ8Ipyle1OY7gy1i5Eyxevf13I5 3AcpLzN+9c/jRLH6Y04krI8+2z/x888dOrU7d91j8weff5oHGEooNoZDqadwygu8Gw6XIGtW8ic OgUgct5iJqc6dPNKrqYmZUFa9JCTgZtxHEq8JcBa0HTwkESkTtpocE+KS/qjM7XANPXXXpeOuOg 5h6KMjc5wE32B7Kqd6rln2lNX83jOzAtHi55B/QbtpvukIWQ== X-Received: by 2002:a05:693c:3104:b0:2c0:c767:b6b with SMTP id 5a478bee46e88-2c10980a596mr4585216eec.32.1774249003306; Sun, 22 Mar 2026 23:56:43 -0700 (PDT) Received: from sw04.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2c10b31ebd5sm11766899eec.27.2026.03.22.23.56.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 Mar 2026 23:56:42 -0700 (PDT) From: Zong Li To: pjw@kernel.org, palmer@dabbelt.com, aou@eecs.berkeley.edu, alex@ghiti.fr, debug@rivosinc.com, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Zong Li Subject: [PATCH v2] riscv: cif: clear CFI lock status in start_thread Date: Sun, 22 Mar 2026 23:56:40 -0700 Message-ID: <20260323065640.4045713-1-zong.li@sifive.com> X-Mailer: git-send-email @GIT_VERSION@ Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When libc locks the CFI status through the following prctl: - PR_LOCK_SHADOW_STACK_STATUS - PR_LOCK_INDIR_BR_LP_STATUS A newly execd address space will inherit the lock status if it does not clear the lock bits. Since the lock bits remain set, libc will later fail to enable the landing pad and shadow stack. Signed-off-by: Zong Li --- Changed in v1: - Refining the commit descriptions as suggested by Deepak arch/riscv/include/asm/usercfi.h | 8 ++++---- arch/riscv/kernel/process.c | 2 ++ arch/riscv/kernel/usercfi.c | 12 ++++++------ 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/user= cfi.h index 7495baae1e3c..f56966edbf5c 100644 --- a/arch/riscv/include/asm/usercfi.h +++ b/arch/riscv/include/asm/usercfi.h @@ -39,7 +39,7 @@ void set_active_shstk(struct task_struct *task, unsigned = long shstk_addr); bool is_shstk_enabled(struct task_struct *task); bool is_shstk_locked(struct task_struct *task); bool is_shstk_allocated(struct task_struct *task); -void set_shstk_lock(struct task_struct *task); +void set_shstk_lock(struct task_struct *task, bool lock); void set_shstk_status(struct task_struct *task, bool enable); unsigned long get_active_shstk(struct task_struct *task); int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr); @@ -47,7 +47,7 @@ int save_user_shstk(struct task_struct *tsk, unsigned lon= g *saved_shstk_ptr); bool is_indir_lp_enabled(struct task_struct *task); bool is_indir_lp_locked(struct task_struct *task); void set_indir_lp_status(struct task_struct *task, bool enable); -void set_indir_lp_lock(struct task_struct *task); +void set_indir_lp_lock(struct task_struct *task, bool lock); =20 #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE) =20 @@ -69,7 +69,7 @@ void set_indir_lp_lock(struct task_struct *task); =20 #define is_shstk_allocated(task) false =20 -#define set_shstk_lock(task) do {} while (0) +#define set_shstk_lock(task, lock) do {} while (0) =20 #define set_shstk_status(task, enable) do {} while (0) =20 @@ -79,7 +79,7 @@ void set_indir_lp_lock(struct task_struct *task); =20 #define set_indir_lp_status(task, enable) do {} while (0) =20 -#define set_indir_lp_lock(task) do {} while (0) +#define set_indir_lp_lock(task, lock) do {} while (0) =20 #define restore_user_shstk(tsk, shstk_ptr) -EINVAL =20 diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index aacb23978f93..596662de82e0 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -163,11 +163,13 @@ void start_thread(struct pt_regs *regs, unsigned long= pc, set_shstk_status(current, false); set_shstk_base(current, 0, 0); set_active_shstk(current, 0); + set_shstk_lock(current, false); /* * disable indirect branch tracking on exec. * libc will enable it later via prctl. */ set_indir_lp_status(current, false); + set_indir_lp_lock(current, false); =20 #ifdef CONFIG_64BIT regs->status &=3D ~SR_UXL; diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c index 1adba746f164..9052171c1a8c 100644 --- a/arch/riscv/kernel/usercfi.c +++ b/arch/riscv/kernel/usercfi.c @@ -74,9 +74,9 @@ void set_shstk_status(struct task_struct *task, bool enab= le) csr_write(CSR_ENVCFG, task->thread.envcfg); } =20 -void set_shstk_lock(struct task_struct *task) +void set_shstk_lock(struct task_struct *task, bool lock) { - task->thread_info.user_cfi_state.ubcfi_locked =3D 1; + task->thread_info.user_cfi_state.ubcfi_locked =3D lock; } =20 bool is_indir_lp_enabled(struct task_struct *task) @@ -104,9 +104,9 @@ void set_indir_lp_status(struct task_struct *task, bool= enable) csr_write(CSR_ENVCFG, task->thread.envcfg); } =20 -void set_indir_lp_lock(struct task_struct *task) +void set_indir_lp_lock(struct task_struct *task, bool lock) { - task->thread_info.user_cfi_state.ufcfi_locked =3D 1; + task->thread_info.user_cfi_state.ufcfi_locked =3D lock; } /* * If size is 0, then to be compatible with regular stack we want it to be= as big as @@ -452,7 +452,7 @@ int arch_lock_shadow_stack_status(struct task_struct *t= ask, !is_shstk_enabled(task) || arg !=3D 0) return -EINVAL; =20 - set_shstk_lock(task); + set_shstk_lock(task, true); =20 return 0; } @@ -502,7 +502,7 @@ int arch_lock_indir_br_lp_status(struct task_struct *ta= sk, !is_indir_lp_enabled(task) || arg !=3D 0) return -EINVAL; =20 - set_indir_lp_lock(task); + set_indir_lp_lock(task, true); =20 return 0; } --=20 2.43.7