From patchwork Thu Sep 12 23:16:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13802823 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE131EEE270 for ; Thu, 12 Sep 2024 23:17:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 440046B0082; Thu, 12 Sep 2024 19:17:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 416F96B0083; Thu, 12 Sep 2024 19:17:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 290C56B0089; Thu, 12 Sep 2024 19:17:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 0A3A26B0082 for ; Thu, 12 Sep 2024 19:17:10 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 65A14803A2 for ; Thu, 12 Sep 2024 23:17:09 +0000 (UTC) X-FDA: 82557648978.22.575A7C6 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by imf09.hostedemail.com (Postfix) with ESMTP id 7957514000E for ; Thu, 12 Sep 2024 23:17:07 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=ONimZ0aQ; spf=pass (imf09.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.41 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726182923; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=riewyPvOkd6+yywyzaWDXE1UC6COJKG1le8303PRl2M=; b=qdG+lQn36lkN1h5tmarg0gB56vqbsCY/C9teaUSDnxlNgxErBPwGeEPCe3SWD4OuWKgDgg qa21TqG14o7LjaKH2OKnFEvJ7r+DDxe0GSQnzitn41d1oH5M8KE83HTwYg8Ni1Y2+sC4/U Gia5ckZaleaQXdUIJMNt6UqEN0fA+WQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726182923; a=rsa-sha256; cv=none; b=H1BmCuWDNeqeolwbi5PAdV380hc7xnyLFv5gMO/e/MdBmW1jHmuNslDAEzSg3z+d2tE+Yh nnFh8lGIpJfdeUqlL9NZpEKXGojmLMqTYcPdWHEX+xOZPQIw/+QyGfyxyzNKONpYsWujFZ 0MpCpggEFpMF6Tj9ZwOmbz54lo3Cl6c= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=ONimZ0aQ; spf=pass (imf09.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.41 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-2d87a0bfaa7so313368a91.2 for ; Thu, 12 Sep 2024 16:17:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1726183026; x=1726787826; darn=kvack.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=riewyPvOkd6+yywyzaWDXE1UC6COJKG1le8303PRl2M=; b=ONimZ0aQ0b4gDm2zoNw8pg/EhVNC1feKgzydS/1pJxYJaJBxhD9UFYoaJITozHc9kI oxSxsmmeWbHsq3egP9Rgu0oUPZ4rNQ59XCHDcUo82pDgcmcMA2Sev3p2S1oY3aws5TaB TrQwONlvIJtpO7nZHA5NFKbM2DsqazfF0oQhFKJl53NmcVVDdJJuOrwhTtC7vJ01wQk/ ZFjRoqG265khvSfBQoRD0uY5gH6n7s+smqWiE/Un8pkO1JyB6qjgdk8x3M1DKLxpR4EW STsVowE5q6+z0fYnfG3Lia46A1JNssh4OBJn97AXjLaDk0L0Fvq93dCTIwsR8mFDDfq8 cIqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726183026; x=1726787826; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=riewyPvOkd6+yywyzaWDXE1UC6COJKG1le8303PRl2M=; b=Hio3XF2wVQt7wMz2ad0tB+gyOvhhN3j3kHQ7eX3ETm1NEaE2TfnM4gVssioWZqHeUP 1Hk/fbBhg3HLh34a5oB9t90Zip/QS/nyKifvD+9joR9m0i4w9Spy1m816OTjsb/9z7AJ titAJpHnHcAo6tVXrwXe+FAabx0d7QF2EdDq4WkhpSoYVthMRnjGQ/9dPKE9I1N95Zeq 2ruoGClUyH/P2unRuFCqefcuBhIn58SkTqeii7RhSJKJ5dulIgovWycmyw/nkICZU3zW 1E8tOqV66nnKRdeYiAYNw0ecrIaM1gBE8infvD3CE0FKooNs8YB1cNFYCvY6qELQ77G/ mJMg== X-Forwarded-Encrypted: i=1; AJvYcCVo8Y7mXYeKr1z3eIVgELWR8b92H/5D+sfEiYM+WVzhe3nWpdCGJ0Ii7Ea28R8fAo2kIwS6S4eDHQ==@kvack.org X-Gm-Message-State: AOJu0YwyKGM32DD/UvICJWEWFQGBtBZCvkPwf7nbZTgik6zF8wSlbMAr Kq16HrAa0I65mGGzTUcgrWXTYKFn1/rk3dhBQBpdyyLA5FSmx6pfPg1l4BMFkeA= X-Google-Smtp-Source: AGHT+IG3UlKSJNA+0+xwU2A+yWN3j878ej9hqq8AW6JPwgouwb7JofjBAbMeGmJ3FwYyI2jaMifNow== X-Received: by 2002:a17:90b:4f91:b0:2d3:cd27:c480 with SMTP id 98e67ed59e1d1-2dbb9f7d558mr1060297a91.33.1726183025514; Thu, 12 Sep 2024 16:17:05 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2db6c1ac69asm3157591a91.0.2024.09.12.16.17.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Sep 2024 16:17:05 -0700 (PDT) From: Deepak Gupta To: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org, linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: corbet@lwn.net, palmer@dabbelt.com, aou@eecs.berkeley.edu, robh@kernel.org, krzk+dt@kernel.org, oleg@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, akpm@linux-foundation.org, arnd@arndb.de, ebiederm@xmission.com, kees@kernel.org, Liam.Howlett@oracle.com, vbabka@suse.cz, lorenzo.stoakes@oracle.com, shuah@kernel.org, brauner@kernel.org, samuel.holland@sifive.com, debug@rivosinc.com, andy.chiu@sifive.com, jerry.shih@sifive.com, greentime.hu@sifive.com, charlie@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, xiao.w.wang@intel.com, ajones@ventanamicro.com, anup@brainfault.org, mchitale@ventanamicro.com, atishp@rivosinc.com, sameo@rivosinc.com, bjorn@rivosinc.com, alexghiti@rivosinc.com, david@redhat.com, libang.li@antgroup.com, jszhang@kernel.org, leobras@redhat.com, guoren@kernel.org, samitolvanen@google.com, songshuaishuai@tinylab.org, costa.shul@redhat.com, bhe@redhat.com, zong.li@sifive.com, puranjay@kernel.org, namcaov@gmail.com, antonb@tenstorrent.com, sorear@fastmail.com, quic_bjorande@quicinc.com, ancientmodern4@gmail.com, ben.dooks@codethink.co.uk, quic_zhonhan@quicinc.com, cuiyunhui@bytedance.com, yang.lee@linux.alibaba.com, ke.zhao@shingroup.cn, sunilvl@ventanamicro.com, tanzhasanwork@gmail.com, schwab@suse.de, dawei.li@shingroup.cn, rppt@kernel.org, willy@infradead.org, usama.anjum@collabora.com, osalvador@suse.de, ryan.roberts@arm.com, andrii@kernel.org, alx@kernel.org, catalin.marinas@arm.com, broonie@kernel.org, revest@chromium.org, bgray@linux.ibm.com, deller@gmx.de, zev@bewilderbeest.net Subject: [PATCH v4 00/30] riscv control-flow integrity for usermode Date: Thu, 12 Sep 2024 16:16:19 -0700 Message-ID: <20240912231650.3740732-1-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 MIME-Version: 1.0 X-Rspamd-Queue-Id: 7957514000E X-Stat-Signature: j3ii1moaz1hxj7zowgctsmero4anjkkh X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1726183027-95028 X-HE-Meta: U2FsdGVkX1983x+s5uxxdkjzZ7HlmfYVCZP1Gnqr025kp4aGm+mq9ZknOZoxAZ69Ftxo80R7l/8+7FkqkPkBisSqO3msE/s5VQqPllclQRQxPQuDVod6JxTl3BZ4B+61buv08bfnUhNRqdd9vHQa4Pfu03cfIhri4XlK5KtWUSMOdjL+3SJgf4V0vsUFVescc6J+nl2LIks6luR2p/naNPIFZC78OCBv+94RR4RlfRm4EcheUv2HzbP3XmdRD0uch/uBhUjRlwVIn+tiYGg4qKXiILCQEYWOEVCFEYa0UCurNshVSOa10ggphMkTSPEJU5zyqHWxVOqvgaKO4q9w3HkmI2uaFipbw6ruBFLe4drF8cJwPbjd71J9SDf28Qt1bkzq6WaHUKcxal6PVL98yCEImPEKQhayN++28Rfj7/dXlz/yVyySdgHqEMnmkOnWcMLCuP3+nDVLJvot2sSG5xfIy1pN1tx3EZl6DctkiwE7HM1CgSZou7OiAJrNVdUwoyRrql9A/+x8MKfyvYiZ8A6HR5GTUINWJXfu/Tfm/ScVrhBcECetzMD2XkH43/JV9ijgkwwvTEB/kv569kNL/pj84EHpYGmXt72AWZ/EgbsOMg6JNuc82obpFg2FyI/YeU/e5UzsQ9fx/lEVEgte9pjWow3dRdTOtdvSUF3FZj45liH64hfK2WtlzDL98w9KEkwQMdsnWJtBnWiRUJJSqcf0RbeB3dGTsalYjzS7jkCrNPrh+bPKmP+yBLzIbEurAzfwUYHnC3eB/vkOe7+5JYFyT8m/PoxBLWIoNgQEzhdYO6ZOV1vItmTHPdqbjJ4j3d/Wk9JxFF31HsMEgNGgH7RRAwe1e39zJCApeakJaD14r1H3x1ioV0GZpX/0kfyKrX4lAT/HQgz314x1jKtFW2v+pheDh9HInE0VY832hgLB6q8hoCPIwNlSuAW5/AI1X40dYkkynd05w+qm1mz AtwVB6oO /bsNMxWnIrN6Yn6OFizq5BEOwPirzgMyli8eKSC/P9Ni+kY1xifULoFN9RAP1vTre2II3F1ob7wNZE+YjwjMkmoOXBQJCZDpxtKZmIY0xHjxGiJUYCITsrcpgu79RMf8ZG/qoCalWOzj6hNT8vfHkaAzpzkUcLJxuq0K0edhyDjQ2fBx3u9PMSr3N1VwUsxPQ89tx1fEMzKNBUUZGKDmw27jR4qOaDdsQ7t7HLxb7csnDPqTG2XY+zndAL27NoL9NqMg3hgF1duURdZhBZKbC2mEbFNSz+0asT/5jYL0SdkvEJqImi9yh4A1qQ4muO4nlbgfK8D+gY+vaSlvXWgFEfxPGh4nBSGI6gBXyRHG0dYfxLrDKH5pqhIH/kuGFV3Ki4FjTwgkF2ApXFGx3I7KcGSIlfF5hHknZZGZtyTSK75lsOFMQOCrA0A62TxkwaL6gQkrFMoG/BQOybUgxK1QAKBZr1thHdnzvib7/wvEpcDjwlwUwII4w/JIBJg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: v4 for cpu assisted riscv user mode control flow integrity. zicfiss and zicfilp [1] are ratified riscv CPU extensions. v3 [2] was sent in April this year for riscv usermode control flow integrity enabling. To get more information on zicfilp and zicfiss riscv CPU extensions, patch series adds documentation for `zicfilp` and `zicfiss` Documentation/arch/riscv/zicfiss.rst Documentation/arch/riscv/zicfilp.rst Additionally, spec can be obtained from [1]. How to test this series ======================= Toolchain --------- $ git clone git@github.com:sifive/riscv-gnu-toolchain.git -b cfi-dev $ riscv-gnu-toolchain/configure --prefix= --with-arch=rv64gc_zicfilp_zicfiss --enable-linux --disable-gdb --with-extra-multilib-test="rv64gc_zicfilp_zicfiss-lp64d:-static" $ make -j$(nproc) Qemu ---- $ git clone git@github.com:deepak0414/qemu.git -b zicfilp_zicfiss_ratified_master_july11 $ cd qemu $ mkdir build $ cd build $ ../configure --target-list=riscv64-softmmu $ make -j$(nproc) Opensbi ------- $ git clone git@github.com:deepak0414/opensbi.git -b cfi_spec_split_opensbi $ make CROSS_COMPILE= -j$(nproc) PLATFORM=generic Linux ----- Running defconfig is fine. CFI is enabled by default if the toolchain supports it. $ make ARCH=riscv CROSS_COMPILE=/build/bin/riscv64-unknown-linux-gnu- -j$(nproc) defconfig $ make ARCH=riscv CROSS_COMPILE=/build/bin/riscv64-unknown-linux-gnu- -j$(nproc) Running ------- Modify your qemu command to have: -bios /build/platform/generic/firmware/fw_dynamic.bin -cpu rv64,zicfilp=true,zicfiss=true,zimop=true,zcmop=true vDSO related Opens (in the flux) ================================= I am listing these opens for laying out plan and what to expect in future patch sets. And of course for the sake of discussion. Shadow stack and landing pad enabling in vDSO ---------------------------------------------- vDSO must have shadow stack and landing pad support compiled in for task to have shadow stack and landing pad support. This patch series doesn't enable that (yet). Enabling shadow stack support in vDSO should be straight forward (intend to do that in next versions of patch set). Enabling landing pad support in vDSO requires some collaboration with toolchain folks to follow a single label scheme for all object binaries. This is necessary to ensure that all indirect call-sites are setting correct label and target landing pads are decorated with same label scheme. How many vDSOs --------------- Shadow stack instructions are carved out of zimop (may be operations) and if CPU doesn't implement zimop, they're illegal instructions. Kernel could be running on a CPU which may or may not implement zimop. And thus kernel will have to carry 2 different vDSOs and expose the appropriate one depending on whether CPU implements zimop or not. [1] - https://github.com/riscv/riscv-cfi [2] - https://lore.kernel.org/lkml/20240403234054.2020347-1-debug@rivosinc.com/ --- changelog --------- v4 -- - rebased on 6.11-rc6 - envcfg: Converged with Samuel Holland's patches for envcfg management on per- thread basis. - vma_is_shadow_stack is renamed to is_vma_shadow_stack - picked up Mark Brown's `ARCH_HAS_USER_SHADOW_STACK` patch - signal context: using extended context management to maintain compatibility. - fixed `-Wmissing-prototypes` compiler warnings for prctl functions - Documentation fixes and amending typos. v3 -- envcfg: logic to pick up base envcfg had a bug where `ENVCFG_CBZE` could have been picked on per task basis, even though CPU didn't implement it. Fixed in this series. dt-bindings: As suggested, split into separate commit. fixed the messaging that spec is in public review arch_is_shadow_stack change: arch_is_shadow_stack changed to vma_is_shadow_stack hwprobe: zicfiss / zicfilp if present will get enumerated in hwprobe selftests: As suggested, added object and binary filenames to .gitignore Selftest binary anyways need to be compiled with cfi enabled compiler which will make sure that landing pad and shadow stack are enabled. Thus removed separate enable/disable tests. Cleaned up tests a bit. v2 -- - Using config `CONFIG_RISCV_USER_CFI`, kernel support for riscv control flow integrity for user mode programs can be compiled in the kernel. - Enabling of control flow integrity for user programs is left to user runtime - This patch series introduces arch agnostic `prctls` to enable shadow stack and indirect branch tracking. And implements them on riscv. Deepak Gupta (25): mm: helper `is_shadow_stack_vma` to check shadow stack vma riscv/Kconfig: enable HAVE_EXIT_THREAD for riscv riscv: zicfilp / zicfiss in dt-bindings (extensions.yaml) riscv: zicfiss / zicfilp enumeration riscv: zicfiss / zicfilp extension csr and bit definitions riscv: usercfi state for task and save/restore of CSR_SSP on trap entry/exit riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE riscv mm: manufacture shadow stack pte riscv mmu: teach pte_mkwrite to manufacture shadow stack PTEs riscv mmu: write protect and shadow stack riscv/mm: Implement map_shadow_stack() syscall riscv/shstk: If needed allocate a new shadow stack on clone prctl: arch-agnostic prctl for indirect branch tracking riscv: Implements arch agnostic shadow stack prctls riscv: Implements arch agnostic indirect branch tracking prctls riscv/traps: Introduce software check exception riscv sigcontext: cfi state struct definition for sigcontext riscv signal: save and restore of shadow stack for signal riscv/kernel: update __show_regs to print shadow stack register riscv/ptrace: riscv cfi status and state via ptrace and in core files riscv/hwprobe: zicfilp / zicfiss enumeration in hwprobe riscv: create a config for shadow stack and landing pad instr support riscv: Documentation for landing pad / indirect branch tracking riscv: Documentation for shadow stack on riscv kselftest/riscv: kselftest for user mode cfi Mark Brown (2): mm: Introduce ARCH_HAS_USER_SHADOW_STACK prctl: arch-agnostic prctl for shadow stack Samuel Holland (3): riscv: Enable cbo.zero only when all harts support Zicboz riscv: Add support for per-thread envcfg CSR values riscv: Call riscv_user_isa_enable() only on the boot hart Documentation/arch/riscv/zicfilp.rst | 104 ++++ Documentation/arch/riscv/zicfiss.rst | 169 ++++++ .../devicetree/bindings/riscv/extensions.yaml | 12 + arch/riscv/Kconfig | 20 + arch/riscv/include/asm/asm-prototypes.h | 1 + arch/riscv/include/asm/cpufeature.h | 15 +- arch/riscv/include/asm/csr.h | 16 + arch/riscv/include/asm/entry-common.h | 2 + arch/riscv/include/asm/hwcap.h | 2 + arch/riscv/include/asm/mman.h | 24 + arch/riscv/include/asm/pgtable.h | 30 +- arch/riscv/include/asm/processor.h | 2 + arch/riscv/include/asm/switch_to.h | 8 + arch/riscv/include/asm/thread_info.h | 4 + arch/riscv/include/asm/usercfi.h | 142 +++++ arch/riscv/include/uapi/asm/hwprobe.h | 2 + arch/riscv/include/uapi/asm/ptrace.h | 18 + arch/riscv/include/uapi/asm/sigcontext.h | 3 + arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/asm-offsets.c | 4 + arch/riscv/kernel/cpufeature.c | 13 +- arch/riscv/kernel/entry.S | 29 + arch/riscv/kernel/process.c | 32 +- arch/riscv/kernel/ptrace.c | 83 +++ arch/riscv/kernel/signal.c | 62 ++- arch/riscv/kernel/smpboot.c | 2 - arch/riscv/kernel/suspend.c | 4 +- arch/riscv/kernel/sys_hwprobe.c | 2 + arch/riscv/kernel/sys_riscv.c | 10 + arch/riscv/kernel/traps.c | 38 ++ arch/riscv/kernel/usercfi.c | 506 ++++++++++++++++++ arch/riscv/mm/init.c | 2 +- arch/riscv/mm/pgtable.c | 17 + arch/x86/Kconfig | 1 + fs/proc/task_mmu.c | 2 +- include/linux/cpu.h | 4 + include/linux/mm.h | 12 +- include/uapi/asm-generic/mman.h | 1 + include/uapi/linux/elf.h | 1 + include/uapi/linux/prctl.h | 48 ++ kernel/sys.c | 60 +++ mm/Kconfig | 6 + mm/gup.c | 2 +- mm/internal.h | 2 +- mm/mmap.c | 1 + tools/testing/selftests/riscv/Makefile | 2 +- tools/testing/selftests/riscv/cfi/.gitignore | 3 + tools/testing/selftests/riscv/cfi/Makefile | 10 + .../testing/selftests/riscv/cfi/cfi_rv_test.h | 83 +++ .../selftests/riscv/cfi/riscv_cfi_test.c | 82 +++ .../testing/selftests/riscv/cfi/shadowstack.c | 362 +++++++++++++ .../testing/selftests/riscv/cfi/shadowstack.h | 37 ++ 52 files changed, 2079 insertions(+), 20 deletions(-) create mode 100644 Documentation/arch/riscv/zicfilp.rst create mode 100644 Documentation/arch/riscv/zicfiss.rst create mode 100644 arch/riscv/include/asm/mman.h create mode 100644 arch/riscv/include/asm/usercfi.h create mode 100644 arch/riscv/kernel/usercfi.c create mode 100644 tools/testing/selftests/riscv/cfi/.gitignore create mode 100644 tools/testing/selftests/riscv/cfi/Makefile create mode 100644 tools/testing/selftests/riscv/cfi/cfi_rv_test.h create mode 100644 tools/testing/selftests/riscv/cfi/riscv_cfi_test.c create mode 100644 tools/testing/selftests/riscv/cfi/shadowstack.c create mode 100644 tools/testing/selftests/riscv/cfi/shadowstack.h