From patchwork Tue Oct  1 16:06:33 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Deepak Gupta <debug@rivosinc.com>
X-Patchwork-Id: 13818431
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0A66ACEACE4
	for <linux-mm@archiver.kernel.org>; Tue,  1 Oct 2024 16:08:25 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B21282800B7; Tue,  1 Oct 2024 12:08:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AD038280068; Tue,  1 Oct 2024 12:08:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 925C42800B7; Tue,  1 Oct 2024 12:08:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com
 [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 3E266280068
	for <linux-mm@kvack.org>; Tue,  1 Oct 2024 12:08:18 -0400 (EDT)
Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id F0529816C3
	for <linux-mm@kvack.org>; Tue,  1 Oct 2024 16:08:17 +0000 (UTC)
X-FDA: 82625515434.07.0014209
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com
 [209.85.214.171])
	by imf20.hostedemail.com (Postfix) with ESMTP id E8BBE1C0008
	for <linux-mm@kvack.org>; Tue,  1 Oct 2024 16:08:15 +0000 (UTC)
Authentication-Results: imf20.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
 header.b="MZupT/Yy";
	dmarc=none;
	spf=pass (imf20.hostedemail.com: domain of debug@rivosinc.com designates
 209.85.214.171 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727798856; a=rsa-sha256;
	cv=none;
	b=5eh4x+U4jvyCZBB3JhKK5n/jRf2t8yENzgLwkCuD6tczvGcVeRcgXllcQJ7p5u16adhbC+
	i/zewAYrRnzOt81mYFBMWXYekkfEtTKQePzhLqTzoN05Tkm33wboEFeO0Auc5Ze0veYZcA
	uFR3JIyes++fLol0VkBeCQSCwS5pMpM=
ARC-Authentication-Results: i=1;
	imf20.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
 header.b="MZupT/Yy";
	dmarc=none;
	spf=pass (imf20.hostedemail.com: domain of debug@rivosinc.com designates
 209.85.214.171 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1727798856;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
	b=HD1FbDHWAqSqVIQ+9JPUcYJTnrLIjT6ysx2Kvl13m5gwv79giaQGr9cw7whuvlkAo06QtZ
	NDleyzLUses/M+KN3vsoK7/AJGVQ2wFiNfm793FNoR5v2zwI8JbVo6dGuUMiLKsPbfV6dp
	WLWVMSbzlzgZwtc+DsDiox61UFNeLCM=
Received: by mail-pl1-f171.google.com with SMTP id
 d9443c01a7336-20b7eb9e81eso26990615ad.2
        for <linux-mm@kvack.org>; Tue, 01 Oct 2024 09:08:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1727798895;
 x=1728403695; darn=kvack.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
        b=MZupT/YyYOpmbk6crtIW9lFEkU+kGx9+ZufpWbAoJZShg/8iBRGFjIfjX3SAjn9yyA
         zsaVWWmTQx1zopf6GuYNvdhPGcIqVXoyvxQpfQWcosEBOuZvvrfnSZibQIGRr0HTay+F
         4ZhBt+sWYPhRy/MkPEiGIU/dJOv2xgd83tYTIu8xmnKRyyrQn2Trztrae/OZW9oWxwqg
         kvWXyvd0Dg89G+Bwq8BX9QCWXvlHbiBa+tgHWIPLDCWmOsi5yqp2ROEGXX98bKFwc8ln
         VDTqmexFsF1JTZLQn5unnDXNOhDNSW5tnlF2e23u0D3Ey88z4KHFcKy7rdLv/UGtQcY7
         UQMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1727798895; x=1728403695;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
        b=cmxMeBcUifzshM6+Av1wyvwxQlUGVnGMXlDdFd9sEYh1E1zs/zcQQda+0ErgJsRppB
         pvXp0gmIf4B2TIbVBt7wR3b6MmenrydjNSCVmKxXgc9wXqbHxL5hAJXsQwapY/NYhR3P
         lf+UU3qMKqsyjV1VdoBlc8y26AqcDaXe8RXbNCYchB8AVNRlbM7GcH1qmn+oKHD+EDD2
         yhsWAiG8EItW4tTnBEp0kzElMVcqHW04W5Tuvx5lJoVQBLlembSf3WMY+REtUlG6JkBr
         K2dwRyhnwUKgjRKQ7/rs/XPPR4JuXxFKP4HRQPVPzxqnETNUivNu2bJjuZo6020OVinX
         aIoQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCUoWEIqyqS6aeGHIFcoEFv5I8W9QxQQ15/GpkqGA1TRam52H1Nx/3EYnAaKvqScuSdMzMT4F9l+mQ==@kvack.org
X-Gm-Message-State: AOJu0YxbMOMiH8ZKL0QS/OVBs6AI84yidHMr6yDbWUBiKpjVcy4VKvRl
	uHIy2IJTlVZ5wh8Bzpg8i9+cSkmSI79Kdq3oLeas0Mz/xpK6uVYNodmm/Ermm5w=
X-Google-Smtp-Source: 
 AGHT+IHJ9Lg6QUp5AJMvLZl2TSQwbNKVqaUFdkYSpxGCN34z5YgLawRUhWByN+Lq6nFf2iRfOgfH3g==
X-Received: by 2002:a17:90b:2250:b0:2d8:7561:db71 with SMTP id
 98e67ed59e1d1-2e1848f66edmr219547a91.25.1727798894659;
        Tue, 01 Oct 2024 09:08:14 -0700 (PDT)
Received: from debug.ba.rivosinc.com ([64.71.180.162])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-2e06e1d7d47sm13843973a91.28.2024.10.01.09.08.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 01 Oct 2024 09:08:14 -0700 (PDT)
From: Deepak Gupta <debug@rivosinc.com>
Date: Tue, 01 Oct 2024 09:06:33 -0700
Subject: [PATCH 28/33] riscv: enable kernel access to shadow stack memory
 via FWFT sbi call
MIME-Version: 1.0
Message-Id: <20241001-v5_user_cfi_series-v1-28-3ba65b6e550f@rivosinc.com>
References: <20241001-v5_user_cfi_series-v1-0-3ba65b6e550f@rivosinc.com>
In-Reply-To: <20241001-v5_user_cfi_series-v1-0-3ba65b6e550f@rivosinc.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>,
 x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 "Liam R. Howlett" <Liam.Howlett@oracle.com>,
 Vlastimil Babka <vbabka@suse.cz>,
 Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
 Paul Walmsley <paul.walmsley@sifive.com>,
 Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
 Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
 Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
 Christian Brauner <brauner@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
 Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
 linux-mm@kvack.org, linux-riscv@lists.infradead.org,
 devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
 linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
 alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com,
 andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com,
 atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com,
 alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org,
 rick.p.edgecombe@intel.com, Deepak Gupta <debug@rivosinc.com>
X-Mailer: b4 0.14.0
X-Rspam-User: 
X-Rspamd-Queue-Id: E8BBE1C0008
X-Rspamd-Server: rspam01
X-Stat-Signature: mkaeb9us7z3phtq8y5w1eswngwoqsk3x
X-HE-Tag: 1727798895-489263
X-HE-Meta: 
 U2FsdGVkX19sdxuTYasmI3h3/1TeaWG1ZJmczJf43bVT2ClH3PFdoGC1YiKFPPo6tIl1qXSdLS4O5ChWOIdd4yFWPxcc4j9teZtvGjhooOpqpUA6zcnDSszzosfC1ypcuKkDtG9cj8WruPAl4UXBIkdBjPJhuf9FFYi2SEucBOnKETSNvoikoPl2M0F+4f1mhCPpbZnOdybLdzp1+7OpEsCWo7LNOVy8hYuYLf2D3hEpNhLI+9cK/+D83VdYGMi498TIq8twAqPfemU8O7/eCoJmz2A/GP4QEIxVd64sllg9g9QTZPeHr+CrkEDUshciiNVyz97Qn/SCBks1duB4OfYQiGThQ+IH8VLonvMLCaJ1wNiy+s3ONts881GAZitcDvFX8T5IwbxI2FmFzFMmdOjVZTQolWOdZVL7lPBd4BwqumJfMyIU+h59KKQvdrkBZ1D+9wqhS6hlj2PWGLi1W9B6xVY+THxrxS7BBbtA3RhXDWSIub/tlqckZLusjXpTab4AkUGj+k7iaPbwUqP35vrf0gMd71PjSDnk4VyntzseTYBxGiiQcc80kmQrvjeBC8HbKCYnDuW3bb49wX1+LgC4+g/1FFUnQC/UBg2JWTv8x8U0cGECkkyZjLs3trxZnrYTh7eYKDxsyfzupAVHDYuGxmQgvFzr8/UgPRqMZVc7z3QEh5MwhQcBse7ilPxXy4H/Xxw7hGEYmdX5gRFRmAYVhTQzbdiiBeLbGqCVzgrLH2NvbZcZ/y3BDoHPivZPIpCPHu8f+yyGiKG+Af0bGfLUaF2E65hmUQ1ykF579NAgxzX8B5JjwG51+DdvNDyi7CDWOVmXsljLXm4NQN6oOr3SXm4imTQxyCixeWIE03/um1IP8EUxlMTXCIoqOJNu6Gogz6o/JjSG6DGPuz8VNg/xzAb+KaZDqvaBMaYYFOV82Ols8OIZGsrPz1wqi8wvIqDv/Qiie+nOA87gHA3
 UDLOpBaY
 6M6fU9qVErj0FBtuAXP0xcZvm4/0PmMJVAVjwXGAP7v532WeZ8XOitFuVTl1FewiYOV/t5aTN8lSTltryL2NlaGOFci6ufi+FadhBqqBcLUP6TQB4jyhW2SWItupHMqkbuOdpmp++K6DFJhmAbsHfnLaDusE2N11fysvs8f7NWEgtxI/lhc87WwLAoIUd544PlqOXGm3+cQdB6+Mw7qA3AIQQgv97zb+qZFVZ5E8RHqMGkhECGReseJARURQQnZoTwHdzMKa36HOnAvSsyBAb561ojsn8DMcFiFXz3IGoKN68nkkm+kR9pWxX1iJNAx6rNDeqI1icOBOAt1ZogvqiRKiK1ohOBYRXjskrfAEw1J6f+5tLZoDLWkMXmYXlzcvXVOxBchR3wF2agD1X2/pJB6ejk1DtKCI3ug28UVDnPs/EHV4L9QgI9Xb5pLlN6zET43mqWsiPSgrl6E0=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Kernel will have to perform shadow stack operations on user shadow stack.
Like during signal delivery and sigreturn, shadow stack token must be
created and validated respectively. Thus shadow stack access for kernel
must be enabled.

In future when kernel shadow stacks are enabled for linux kernel, it must
be enabled as early as possible for better coverage and prevent imbalance
between regular stack and shadow stack. After `relocate_enable_mmu` has
been done, this is as early as possible it can enabled.

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
 arch/riscv/kernel/asm-offsets.c |  4 ++++
 arch/riscv/kernel/head.S        | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
index 766bd33f10cb..a22ab8a41672 100644
--- a/arch/riscv/kernel/asm-offsets.c
+++ b/arch/riscv/kernel/asm-offsets.c
@@ -517,4 +517,8 @@ void asm_offsets(void)
 	DEFINE(FREGS_A6,	    offsetof(struct ftrace_regs, a6));
 	DEFINE(FREGS_A7,	    offsetof(struct ftrace_regs, a7));
 #endif
+	DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);
+	DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);
+	DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);
+	DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);
 }
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index 356d5397b2a2..6244408ca917 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -164,6 +164,12 @@ secondary_start_sbi:
 	call relocate_enable_mmu
 #endif
 	call .Lsetup_trap_vector
+	li a7, SBI_EXT_FWFT
+	li a6, SBI_EXT_FWFT_SET
+	li a0, SBI_FWFT_SHADOW_STACK
+	li a1, 1 /* enable supervisor to access shadow stack access */
+	li a2, SBI_FWFT_SET_FLAG_LOCK
+	ecall
 	scs_load_current
 	call smp_callin
 #endif /* CONFIG_SMP */
@@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel)
 	la tp, init_task
 	la sp, init_thread_union + THREAD_SIZE
 	addi sp, sp, -PT_SIZE_ON_STACK
+	li a7, SBI_EXT_FWFT
+	li a6, SBI_EXT_FWFT_SET
+	li a0, SBI_FWFT_SHADOW_STACK
+	li a1, 1 /* enable supervisor to access shadow stack access */
+	li a2, SBI_FWFT_SET_FLAG_LOCK
+	ecall
 	scs_load_current
 
 #ifdef CONFIG_KASAN