Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp22721281rwd; Fri, 30 Jun 2023 11:38:05 -0700 (PDT) X-Google-Smtp-Source: APBJJlHp/vsbtL0o1D+kUEpvqjse04bbPUvfgmdklHnFhkFpWAPMrcfW61Pv+0sUfr4E9gr/7nDx X-Received: by 2002:a05:6358:a58:b0:133:e15:caa3 with SMTP id 24-20020a0563580a5800b001330e15caa3mr3098809rwb.25.1688150284972; Fri, 30 Jun 2023 11:38:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688150284; cv=none; d=google.com; s=arc-20160816; b=vpRJgNCTYHNXktX6aQQGpXVVUKudaIeJnb6K1sQ+ieTCRFLijyOosJr1ijMfXnCPxp KH7KsW1uxpTDJcDtJpdW2Dmk8gCVf0X75Dlvb20MAOUc6qfGqY58xwr7d9M9K+N10OHC UFqdBwhMiSVx95OWh1KW0noX7ND9NWK+nZEzH548dIYZA365Bzj+NfkKnvcpyqTVX5cE 4mR0cPSN86AkK4OG+JPu7jTXgkXfa5EM3GRFgxigFOKXCbJAR8wzPHzNmOD8OEYtfCi3 g/92QWFPp+LD/PYIR9C2xMMh5oH6fqzByyvaMY9cX7QOmUXb2reU81/i0Pp7lIcJTV4y SVVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=uZJJetuBbyHmtx8DbYztgxxDQeL5eYQA+7KCOoIY7rU=; fh=OCV63wBTrJIWgXPg7RMQ8/IXx8xZ6cUExDp1DigCJ+o=; b=i13LDm7H3abF9w1nJbIN6vqqsOgQ+1tiVmpOqqQ4MG5voa0RCCSLQQ2J1Y2qgLhT7D SS7Z5QWr3afQaSuCeiB3o/KWcQx88GY8RHUa4oOnEj+Ev9r7PRc9MvMDyFx4RQyh9Ohs pb2KUqSdT+og24oPs5FNJzeGyLeI9gSa73jqX+SfY0D7T1G8I3aLuQI+rwbw5tH8LgZT zTsPvF0whilCe8aRJd4gjI98x+uivVpRruc77LxJTe7wRlMyx7SY4VnmL+eYnD2iP5rL huzODs05VtkGccMY+e0AgbBYeJBTMS9nRPRtfmaXBra9FiQZF+kA6vdw7x8xg3bcW32K BnHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NTgXSX4M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id az9-20020a056a02004900b0055b731aa9adsi767008pgb.562.2023.06.30.11.37.50; Fri, 30 Jun 2023 11:38:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NTgXSX4M; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232141AbjF3S3e (ORCPT + 99 others); Fri, 30 Jun 2023 14:29:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232606AbjF3S3d (ORCPT ); Fri, 30 Jun 2023 14:29:33 -0400 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D3C21B5 for ; Fri, 30 Jun 2023 11:29:32 -0700 (PDT) Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-262e66481c4so1151568a91.1 for ; Fri, 30 Jun 2023 11:29:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688149771; x=1690741771; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=uZJJetuBbyHmtx8DbYztgxxDQeL5eYQA+7KCOoIY7rU=; b=NTgXSX4MGPhVE5xJegfe7GAIBLJ+GvIVJ7Wml0XsL2a75vwQmUVfExZ2I06bGaGF9O v//z0xnkr0vWAc3fDGEBV2jow7KGwqiMkqB9Z5Qa2Cdj/3nTEJaIu1Z1a9ivXbaXXeyF U+vxM2e9YP/FAcJMJJwc0PXgLXrCdFk62i3/A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688149771; x=1690741771; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uZJJetuBbyHmtx8DbYztgxxDQeL5eYQA+7KCOoIY7rU=; b=c1HsPdR43jRNYchHxpSMFcatzcm/AzIDloUo0pwttNc3MIGkF3uUbDSpKP5wNgV5Px JXSU61LZLIaCb1o6ttAmDG5X3mt2zWtGMnREx5IXBuwSf2VHpIn/1HlU4aup0yeatRVn Z94ILqIUqGpSrWUQsugZjPAmkTYaLytQyW6rx7teK6NYEMQjg5FJkTyQvl85MqoOmP4Q ackLg7/oRGNsoVVlar8G5gBsR4Y3QMguGaoW7XK3b16+XZm+QEyVCMvGC6FgFsUp78s4 dsvIjHqwCg8eci+PpocDzHdc3w2rSy1MbdbsX8fHyHSxhoQ4AT5AEvo5qKGV3wwasmen VTPQ== X-Gm-Message-State: ABy/qLZLBB3uLOF21DCOgPqtbsqjhI/MibHN0yRqU0gbUt91VWuKFWCm QskvdyJ19JipDigxxcYLF8uicg== X-Received: by 2002:a17:90a:f484:b0:262:c414:e0af with SMTP id bx4-20020a17090af48400b00262c414e0afmr2635720pjb.31.1688149771151; Fri, 30 Jun 2023 11:29:31 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id o6-20020a17090a744600b00262d9b4b527sm9935978pjk.52.2023.06.30.11.29.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jun 2023 11:29:30 -0700 (PDT) Date: Fri, 30 Jun 2023 11:29:29 -0700 From: Kees Cook To: Sami Tolvanen Cc: Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/6] riscv: Implement syscall wrappers Message-ID: <202306301128.E8B5E51B5@keescook> References: <20230629234244.1752366-8-samitolvanen@google.com> <20230629234244.1752366-9-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230629234244.1752366-9-samitolvanen@google.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 29, 2023 at 11:42:46PM +0000, Sami Tolvanen wrote: > Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved > syscall handling to C code, which exposed function pointer type > mismatches that trip fine-grained forward-edge Control-Flow Integrity > (CFI) checks as syscall handlers are all called through the same > syscall_t pointer type. To fix the type mismatches, implement pt_regs > based syscall wrappers similarly to x86 and arm64. > > This patch is based on arm64 syscall wrappers added in commit > 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal > was to minimize the risk of userspace-controlled values being used > under speculation. This may be a concern for riscv in future as well. > > Following other architectures, the syscall wrappers generate three > functions for each syscall; __riscv_sys_ takes a pt_regs > pointer and extracts arguments from registers, __se_sys_ > is a sign-extension wrapper that casts the long arguments to the > correct types for the real syscall implementation, which is named > __do_sys_. > > Signed-off-by: Sami Tolvanen This all looks correct to me; though I have not run tested it. I'm glad to see another arch using this style. Reviewed-by: Kees Cook -- Kees Cook