From patchwork Tue Oct  8 22:37:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Deepak Gupta <debug@rivosinc.com>
X-Patchwork-Id: 13827111
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DB6C2CF042A
	for <linux-mm@archiver.kernel.org>; Tue,  8 Oct 2024 22:39:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9B6406B00C6; Tue,  8 Oct 2024 18:39:09 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 963326B00C8; Tue,  8 Oct 2024 18:39:09 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 78ED46B00C7; Tue,  8 Oct 2024 18:39:09 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com
 [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 590B86B00C5
	for <linux-mm@kvack.org>; Tue,  8 Oct 2024 18:39:09 -0400 (EDT)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 46AD5C0ACB
	for <linux-mm@kvack.org>; Tue,  8 Oct 2024 22:39:07 +0000 (UTC)
X-FDA: 82651902018.04.E96D832
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
	by imf26.hostedemail.com (Postfix) with ESMTP id 298D2140011
	for <linux-mm@kvack.org>; Tue,  8 Oct 2024 22:39:06 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
 header.b=xY+2Rjbh;
	spf=pass (imf26.hostedemail.com: domain of debug@rivosinc.com designates
 209.85.210.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1728427103;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
	b=pCjvMBb1PFqYIycB4lTMM+R+qlsroeQQc33vp6xzTOTvegeuF1IZSUYG9aqSM057OkMdAM
	65XWOLmBbGlOMLckjuYkWWDj2PEkYv2ne84ESMTpWT8fmiaXF+aKA1NTEVxJ8cYLqZVjK1
	QlA4iW5RdeGdMu/RZM82x1XxYHDKhGo=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
 header.b=xY+2Rjbh;
	spf=pass (imf26.hostedemail.com: domain of debug@rivosinc.com designates
 209.85.210.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728427103; a=rsa-sha256;
	cv=none;
	b=U+maj5xKcRMS8/sASN+KWtv681r5yAOQhdqPEyXuxd+3jvwph9+tXapweEor6h6IOoUkJn
	v9QcgkJ+8nSuBBnkVigJ8oofYBCrjtvN+Q443aoFDrE/vQUFvKXG9f+ceXhQUqDtUuLuLr
	GXct0rPAgCKn1/0BwprWMsYpoaumt2k=
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-71de9e1f374so3229910b3a.1
        for <linux-mm@kvack.org>; Tue, 08 Oct 2024 15:39:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1728427146;
 x=1729031946; darn=kvack.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
        b=xY+2Rjbh5ExBS37jyFdvVoTaKOIjnq4WXDuMjN5HZFOfAuFiD9aR79RDAaqfO/D5YQ
         K0cevCiX+ubRhgTpji2BP37KgNyvOd2h4LebkBXdOUYAjGzmVAFux7zd8YQ1dPFOv4bk
         lWlfD/04GCrZrlCRycl7EYOVoV/WsMq296p5vejp3Fo0BjaBMLA2945dQvDUPQ+BVlQD
         PJU+gK3HkjUMBYgTVJ10ZmFAKa93P3VfIwS5nnDzo91eGFhLk49jnvamfEX67oa7LtI2
         7wYcRYEX8a4jDN98u27dTVdY2CXiLgOMoDlyc22Ld//t5SKC+j97h+YouIf+Aftxz3kx
         0g6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728427146; x=1729031946;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=COCNpmNzP6WC0TkslCp4YYWczFrCYYnCulBqOF+s4dc=;
        b=BpFjso8HSgTrmvZT8Dnk15H4JVuTJVf3Uj2pJKHjuPuhjMaoa6h2Szk1WPMNX/bXIW
         xanJJRYklrSY5wUaAwvh+iSsYPVdVBrnwNRUrRYEh2/KxvUIpVKYhLAFNUH7UnjYfQKl
         Tz44cuxmiPWkbq5WGQVXFoQTtBwPRkfz0N7N3cnbuSq+/CTZJj5K3w+kGDKGDBUvod65
         gaugQNr0ZDDnVVmKTjAsINm7cQg9MBgDwZ1OtjK4gkQM7ULaOQb9L9FQocgLv656vqg6
         hCR/8Mj681NWCh53BVucbBzPefTawjsjXC7heX7ymUTOWv+RNy4t5LLKlSVGJJ7gEwX/
         F/lw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUCigBQ9FCfsrbMai+1KcaoaKFyXNdHtOhFviW9Bo740H1lgruNtBtPExiqPLIExMmU/e4A7amL8A==@kvack.org
X-Gm-Message-State: AOJu0YyXUbppP8lekejLpqApNPfv1pMacu2QGpQ+GNMtHR2kuoYXv7VG
	l3uoFrHwHncgOpGtpGCRBqQwU5gG7Ybu/m9mSXLiY+lVayI0+uocammE175d+Z4=
X-Google-Smtp-Source: 
 AGHT+IG6yIXYzR9JD2NjDYdt+nbX1nqBZC/ZCSHomZxkbURMdjlHvJ/tAFXpjz5XbsMyqRUISAOAUw==
X-Received: by 2002:a05:6a00:1487:b0:71e:49b:59c9 with SMTP id
 d2e1a72fcca58-71e1dbc7550mr621721b3a.24.1728427145912;
        Tue, 08 Oct 2024 15:39:05 -0700 (PDT)
Received: from debug.ba.rivosinc.com ([64.71.180.162])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-71df0ccc4b2sm6591270b3a.45.2024.10.08.15.39.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 08 Oct 2024 15:39:05 -0700 (PDT)
From: Deepak Gupta <debug@rivosinc.com>
Date: Tue, 08 Oct 2024 15:37:10 -0700
Subject: [PATCH v6 28/33] riscv: enable kernel access to shadow stack
 memory via FWFT sbi call
MIME-Version: 1.0
Message-Id: <20241008-v5_user_cfi_series-v6-28-60d9fe073f37@rivosinc.com>
References: <20241008-v5_user_cfi_series-v6-0-60d9fe073f37@rivosinc.com>
In-Reply-To: <20241008-v5_user_cfi_series-v6-0-60d9fe073f37@rivosinc.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>,
 x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 "Liam R. Howlett" <Liam.Howlett@oracle.com>,
 Vlastimil Babka <vbabka@suse.cz>,
 Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
 Paul Walmsley <paul.walmsley@sifive.com>,
 Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
 Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
 Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
 Christian Brauner <brauner@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
 Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
 linux-mm@kvack.org, linux-riscv@lists.infradead.org,
 devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
 linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
 alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com,
 andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com,
 atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com,
 alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org,
 rick.p.edgecombe@intel.com, Deepak Gupta <debug@rivosinc.com>
X-Mailer: b4 0.14.0
X-Rspam-User: 
X-Stat-Signature: o3s3ctknr76rpfu5eof8auj3c8nd4q5w
X-Rspamd-Queue-Id: 298D2140011
X-Rspamd-Server: rspam11
X-HE-Tag: 1728427146-486736
X-HE-Meta: 
 U2FsdGVkX19oCuNqm2hYhIb3E0rmY1fmrss3HHK23TTNjVLo+XzfLFkzenBKriRv0pwoIZGK/Nfyjd3xopMmSEKDHa76W9WPtqz/vgTjC+8J9QAOfISsj1WHSrs3LwJXf2cwfoLRNDg8W3Dwz1Gd5OC1avOC3YGkoEOGCCgIMC7vhN/d2X4ESsWG9AE6SrNNvlDUnPYKcXrlK0FUI3t7vUT3NuY7KUEAo5/8QstIx+AqNmL+t5jBL/e4cayRCJBaeepZuNY2irEqLKNQu/Jwp/NGEBg1v7rRWLuDVwrCvwOtoDaBNAB4kyTwyvhbIdqA0ewnwmUNXJckAetA1hIUi/6KLFMPRI9nLZVDTsNupJXRDXwt9bbDj4nLtpJm+YzhRUThp50S96TQK1FrGsQmv7FjPEuIfDiLkwLjpHXBUeEISkVUXRXAXf53ho29iuby3qdXi0rrao2e9IJ+c9LA/1RiyU7qK5mje5m913DDGCbA/ZpPbczJdL23dlqSpiDTCfhPSEvXC/pWOCIlVouWhDpP2ckIma4u/8b2MXcJ6K53CZhs9tZ9EwD2O5idB+6hno4wmAt+6IqQKxQVDPhplY8isSVZ15nYbQKyHYKtvPGRfyQZUZ2CoV76U3GUAKLqJ5kfzBv8lPX7P42L3bkzW/cLpJQgBfb4ayx3j4mhpmBKXnTSmyO35H4eqEPJYNMmmcSvlLn3IqZYuthCUn1yE9AfpHV1sRi/FDl7dslNwb34/Q/pMnYATc4l8hWUfpVFZjTL1atAP3+mJt1VLmQpbfkvx3+sK+KlFCXsjQj5ExzWYHOygj6deFMbPoMfjTp5SgqGeUEyL/CP7n2YRTGunEG9tWkBpazL/ESEu4Wmmbnhk4VfmrpXthPjn6g6XG2QN+eG6+exKMIN7kjy9JjbDcJi0TskUqD7tBsZplrD/B0ug4ZUEDDVxUIfiWJINH136cRFu3xQQ7cLRol2uEr
 Gfs3R1p/
 rQQIcmwHEvOAJz9A31KACtUSWYwDXfBwNoHbYz2ygQ7Z2k8Pf3MUZFsRjlI08a8NpTXcy1gtAA8UStgJRegrjTsQVwmXuanUQJbaww1SVOCDjofoyrKU1TWrnQrI7J+XAmkMIfJiG+CcHCfVKxascF+Hsf94jw4DtCyRvpR+CWpsiMMR3E4OBnSo9egyOrXDpkhe23JrORK2jbpL2Iy/8z4arUmBpj7ExBqpFt47xqtIpD2E8cczDKVCxtKC3449hhvjT9z9KFAKUBWnZqVGzB0UySvk/NTCOK4WqPhfQF4wAw7dmDLQfBqYWeQZm6rF0V018bwXxa2yhgxnU0aSvrlPLj3VkfN4Q3DxLflSgVf7IFLSnCEwfkZuz8msaUx4/xe5BiVO7QcKKWW7anYIzYJlLf9tlt2U7OD9F/JwdJz9W1k7lkJ0bs2PyGpHmYBsx9KdAhTmDLFKfh1bQzSC6fMZcNwQff8RDLfoTf3fq0B4iBiGIDPJwkMJ67YjwtWL050PV3cXOGLefBSiABob4fZG3N/N7ddAB9pv+EbuHnzfJOQHQW2LfC2DBtEx7Svi+dyoBdV8C7ZRiKig=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Kernel will have to perform shadow stack operations on user shadow stack.
Like during signal delivery and sigreturn, shadow stack token must be
created and validated respectively. Thus shadow stack access for kernel
must be enabled.

In future when kernel shadow stacks are enabled for linux kernel, it must
be enabled as early as possible for better coverage and prevent imbalance
between regular stack and shadow stack. After `relocate_enable_mmu` has
been done, this is as early as possible it can enabled.

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
 arch/riscv/kernel/asm-offsets.c |  4 ++++
 arch/riscv/kernel/head.S        | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
index 766bd33f10cb..a22ab8a41672 100644
--- a/arch/riscv/kernel/asm-offsets.c
+++ b/arch/riscv/kernel/asm-offsets.c
@@ -517,4 +517,8 @@ void asm_offsets(void)
 	DEFINE(FREGS_A6,	    offsetof(struct ftrace_regs, a6));
 	DEFINE(FREGS_A7,	    offsetof(struct ftrace_regs, a7));
 #endif
+	DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);
+	DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);
+	DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);
+	DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);
 }
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index 356d5397b2a2..6244408ca917 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -164,6 +164,12 @@ secondary_start_sbi:
 	call relocate_enable_mmu
 #endif
 	call .Lsetup_trap_vector
+	li a7, SBI_EXT_FWFT
+	li a6, SBI_EXT_FWFT_SET
+	li a0, SBI_FWFT_SHADOW_STACK
+	li a1, 1 /* enable supervisor to access shadow stack access */
+	li a2, SBI_FWFT_SET_FLAG_LOCK
+	ecall
 	scs_load_current
 	call smp_callin
 #endif /* CONFIG_SMP */
@@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel)
 	la tp, init_task
 	la sp, init_thread_union + THREAD_SIZE
 	addi sp, sp, -PT_SIZE_ON_STACK
+	li a7, SBI_EXT_FWFT
+	li a6, SBI_EXT_FWFT_SET
+	li a0, SBI_FWFT_SHADOW_STACK
+	li a1, 1 /* enable supervisor to access shadow stack access */
+	li a2, SBI_FWFT_SET_FLAG_LOCK
+	ecall
 	scs_load_current
 
 #ifdef CONFIG_KASAN