tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

riscv: enable kernel access to shadow stack memory via the FWFT SBI call

The kernel has to perform shadow stack operations on the user shadow stack.
During signal delivery and sigreturn, the shadow stack token must be
created and validated respectively. Thus shadow stack access for the kernel
must be enabled.

In the future, when kernel shadow stacks are enabled, they must be
enabled as early as possible for better coverage and to prevent any
imbalance between the regular stack and the shadow stack. After
'relocate_enable_mmu' has completed, this is the earliest that it can
be enabled.

Reviewed-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> # QEMU, custom CVA6
Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-22-b55691eacf4f@rivosinc.com
[pjw@kernel.org: updated to apply; cleaned up commit message]
Signed-off-by: Paul Walmsley <pjw@kernel.org>

authored by

Deepak Gupta and committed by
Paul Walmsley 41213bf2 c9b859c4

+33
+6
arch/riscv/kernel/asm-offsets.c
··· 533 533 DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); 534 534 DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); 535 535 #endif 536 + #ifdef CONFIG_RISCV_SBI 537 + DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT); 538 + DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET); 539 + DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK); 540 + DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK); 541 + #endif 536 542 }
+27
arch/riscv/kernel/head.S
··· 15 15 #include <asm/image.h> 16 16 #include <asm/scs.h> 17 17 #include <asm/xip_fixup.h> 18 + #include <asm/usercfi.h> 18 19 #include "efi-header.S" 19 20 20 21 __HEAD ··· 171 170 call relocate_enable_mmu 172 171 #endif 173 172 call .Lsetup_trap_vector 173 + #if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) 174 + li a7, SBI_EXT_FWFT 175 + li a6, SBI_EXT_FWFT_SET 176 + li a0, SBI_FWFT_SHADOW_STACK 177 + li a1, 1 /* enable supervisor to access shadow stack access */ 178 + li a2, SBI_FWFT_SET_FLAG_LOCK 179 + ecall 180 + beqz a0, 1f 181 + la a1, riscv_nousercfi 182 + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI 183 + REG_S a0, (a1) 184 + 1: 185 + #endif 174 186 scs_load_current 175 187 call smp_callin 176 188 #endif /* CONFIG_SMP */ ··· 344 330 la tp, init_task 345 331 la sp, init_thread_union + THREAD_SIZE 346 332 addi sp, sp, -PT_SIZE_ON_STACK 333 + #if defined(CONFIG_RISCV_SBI) && defined(CONFIG_RISCV_USER_CFI) 334 + li a7, SBI_EXT_FWFT 335 + li a6, SBI_EXT_FWFT_SET 336 + li a0, SBI_FWFT_SHADOW_STACK 337 + li a1, 1 /* enable supervisor to access shadow stack access */ 338 + li a2, SBI_FWFT_SET_FLAG_LOCK 339 + ecall 340 + beqz a0, 1f 341 + la a1, riscv_nousercfi 342 + li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI 343 + REG_S a0, (a1) 344 + 1: 345 + #endif 347 346 scs_load_current 348 347 349 348 #ifdef CONFIG_KASAN