From: Palmer Dabbelt Date: Thu, 2 Nov 2023 21:05:23 +0000 (-0700) Subject: Merge patch series "riscv: SCS support" X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=24005d184aaa80984e0511c4ec6e6a0860fdddb8;p=linux.git Merge patch series "riscv: SCS support" Sami Tolvanen says: This series adds Shadow Call Stack (SCS) support for RISC-V. SCS uses compiler instrumentation to store return addresses in a separate shadow stack to protect them against accidental or malicious overwrites. More information about SCS can be found here: https://clang.llvm.org/docs/ShadowCallStack.html Patch 1 is from Deepak, and it simplifies VMAP_STACK overflow handling by adding support for accessing per-CPU variables directly in assembly. The patch is included in this series to make IRQ stack switching cleaner with SCS, and I've simply rebased it and fixed a couple of minor issues. Patch 2 uses this functionality to clean up the stack switching by moving duplicate code into a single function. On RISC-V, the compiler uses the gp register for storing the current shadow call stack pointer, which is incompatible with global pointer relaxation. Patch 3 moves global pointer loading into a macro that can be easily disabled with SCS. Patch 4 implements SCS register loading and switching, and allows the feature to be enabled, and patch 5 adds separate per-CPU IRQ shadow call stacks when CONFIG_IRQ_STACKS is enabled. Patch 6 fixes the backward-edge CFI test in lkdtm for RISC-V. Note that this series requires Clang 17. Earlier Clang versions support SCS on RISC-V, but use the x18 register instead of gp, which isn't ideal. gcc has SCS support for arm64, but I'm not aware of plans to support RISC-V. Once the Zicfiss extension is ratified, it's probably preferable to use hardware-backed shadow stacks instead of SCS on hardware that supports the extension, and we may want to consider implementing CONFIG_DYNAMIC_SCS to patch between the implementation at runtime (similarly to the arm64 implementation, which switches to SCS when hardware PAC support isn't available). * b4-shazam-merge: lkdtm: Fix CFI_BACKWARD on RISC-V riscv: Use separate IRQ shadow call stacks riscv: Implement Shadow Call Stack riscv: Move global pointer loading to a macro riscv: Deduplicate IRQ stack switching riscv: VMAP_STACK overflow detection thread-safe Link: https://lore.kernel.org/r/20230927224757.1154247-8-samitolvanen@google.com Signed-off-by: Palmer Dabbelt --- 24005d184aaa80984e0511c4ec6e6a0860fdddb8 diff --cc arch/riscv/kernel/entry.S index d7dd9030df3f8,3a0db310325a1..9f92c067f7e1e --- a/arch/riscv/kernel/entry.S +++ b/arch/riscv/kernel/entry.S @@@ -13,9 -15,8 +15,10 @@@ #include #include #include + #include + .section .irqentry.text, "ax" + SYM_CODE_START(handle_exception) /* * If coming from userspace, preserve the user thread pointer and load diff --cc arch/riscv/purgatory/Makefile index 982fc8e771085,6a3c16bd5ca3b..280b0eb352b8b --- a/arch/riscv/purgatory/Makefile +++ b/arch/riscv/purgatory/Makefile @@@ -81,10 -81,10 +81,14 @@@ ifdef CONFIG_CFI_CLAN PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) endif +ifdef CONFIG_RELOCATABLE +PURGATORY_CFLAGS_REMOVE += -fPIE +endif + + ifdef CONFIG_SHADOW_CALL_STACK + PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_SCS) + endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS)