On Mon, Mar 10, 2025 at 11:44 PM Deepak Gupta debug@rivosinc.com wrote:
Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled.
In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled.
Signed-off-by: Deepak Gupta debug@rivosinc.com
arch/riscv/kernel/asm-offsets.c | 4 ++++ arch/riscv/kernel/head.S | 12 ++++++++++++ 2 files changed, 16 insertions(+)
diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index 0c188aaf3925..21f99d5757b6 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -515,4 +515,8 @@ void asm_offsets(void) DEFINE(FREGS_A6, offsetof(struct __arch_ftrace_regs, a6)); DEFINE(FREGS_A7, offsetof(struct __arch_ftrace_regs, a7)); #endif
DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);} diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index 356d5397b2a2..6244408ca917 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -164,6 +164,12 @@ secondary_start_sbi: call relocate_enable_mmu #endif call .Lsetup_trap_vector
li a7, SBI_EXT_FWFTli a6, SBI_EXT_FWFT_SETli a0, SBI_FWFT_SHADOW_STACKli a1, 1 /* enable supervisor to access shadow stack access */li a2, SBI_FWFT_SET_FLAG_LOCKecall scs_load_current call smp_callin#endif /* CONFIG_SMP */ @@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK
li a7, SBI_EXT_FWFTli a6, SBI_EXT_FWFT_SETli a0, SBI_FWFT_SHADOW_STACKli a1, 1 /* enable supervisor to access shadow stack access */li a2, SBI_FWFT_SET_FLAG_LOCKecall scs_load_current#ifdef CONFIG_KASAN
LGTM.
Reviewed-by: Zong Li zong.li@sifive.com
-- 2.34.1
linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv