Received: by 2002:a05:7412:bb8d:b0:d7:7d3a:4fe2 with SMTP id js13csp1039135rdb; Tue, 15 Aug 2023 22:41:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFrHR3FnlSkN/i5wWzRjKzDHzZAyqomdc5UJc2lbsTdYRzkZrX/qWTHwdNKJZJRlJklj2Yt X-Received: by 2002:a05:6402:50d:b0:524:24dc:c455 with SMTP id m13-20020a056402050d00b0052424dcc455mr547168edv.42.1692164486292; Tue, 15 Aug 2023 22:41:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692164486; cv=none; d=google.com; s=arc-20160816; b=xWhEUa103+9R0aRiH5B7YkoDKnP1kYX9K4dR0HQeuL9yfqPv6sf9EDVOiWNda3XVqV yzqJEdjlGZe4nyiqzX2yomcBtjqadyv4+so5ODRZBsQRaRCwsAVGqiRG/cy+BMdkKQQm 9hG76x4k5ZMf2F+4HaTRJxik5CV2Y2WVuzh0//OTljXAnfjKK7n37j9OfpYf5aIhqH9A O3uW7m1sT+HUfffq0Zos1ME9SxFMG24wMjlu45YZFR/E3bywRU4QtNhKFzIKlqWcR0RC K0I6/MVNtd89VGd/O9a0PfzDnTwJRpbau4o86eTDBwBa7fPv8q8YLswFQ+ZZYkcDk1Dy f7QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=L+rF7qXlm85+inyE0x2kMcx6MOVnRuwpPreOUoY672A=; fh=8emAeMHeOhOkvXnGUePcpDQoa+dF4kFgK6pEar1YaxA=; b=eQV95WyaosKWyoeeqCLn2lfnBtrUxhAOssxvdwex5Y93Dbi12s5/gKSoGEEjGcO5nO Z4Jk0wgRlhqX+kYrxFD+uQ+6U66v/xi+0bG2j25w3u/eK7auA8BrdeibzSryV2iUfu+L MnNPd5gTC59u6B7EeLjGgcQI0pRUOhbTRmO1O6ozLqAXG1sTieWB+mRK0S2Uf2BnYp2D 2fDgFGSN0TX/+fxxFJSHBDvW8NEIzMjnjHqkvEsjFp7b1+dai9W36uxm07Sgc7bibG6q Ag+n5p1AF4SPbPOEDp9Uc5MXfH1wtkNm40mzYZGNodY/Sb/MS8prRO12yJqswJ9hoWes dptg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=n9Ga5o8u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r1-20020a056402034100b00525450760a6si5763353edw.690.2023.08.15.22.41.02; Tue, 15 Aug 2023 22:41:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=n9Ga5o8u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230506AbjHNSAL (ORCPT + 99 others); Mon, 14 Aug 2023 14:00:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40556 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230498AbjHNR7e (ORCPT ); Mon, 14 Aug 2023 13:59:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FDB01BD for ; Mon, 14 Aug 2023 10:59:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D3FE5637B7 for ; Mon, 14 Aug 2023 17:59:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88967C433C8; Mon, 14 Aug 2023 17:59:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692035971; bh=FS2sEL2B80bH8ltwGIi7XOqH2+c7YsqW7sPWp/SuQ2s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=n9Ga5o8ukskYsbpvWB8DCdAIH7+jkzTTwlEVWzn7Y9m1TeA0d3qL1/g0royEgWaZA XKRrzRa8QUIM8kfuAPH+KPAZnW9Si/53wBxUxcIRf9r7rtytGsAVNebXKzykpqil7/ OqDI4NSi79K9fsQmivTcG9Y817LtdgjUBe/AmlmbLwHcA25Ox4ZZ+7kfQu4bg8B4ZY 9cq05uEvOYFhgl+Id9gHFEM+6B+Jdtx/ZE3SVK0iQcbz+RmR2za9MFa1VqHZUjuTbP +EVrAfumNhvOLhl8aCy9WzqOUS/v+sCK5MB3TKfIb6M4zH/JgsgO9scOErtu5BmDOp bVd3IRztrPIHg== Date: Mon, 14 Aug 2023 10:59:28 -0700 From: Nathan Chancellor To: Sami Tolvanen Cc: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook , Guo Ren , Deepak Gupta , Nick Desaulniers , Fangrui Song , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/5] riscv: SCS support Message-ID: <20230814175928.GA1028706@dev-arch.thelio-3990X> References: <20230811233556.97161-7-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230811233556.97161-7-samitolvanen@google.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sami, On Fri, Aug 11, 2023 at 11:35:57PM +0000, Sami Tolvanen wrote: > Hi folks, > > This series adds Shadow Call Stack (SCS) support for RISC-V. SCS > uses compiler instrumentation to store return addresses in a > separate shadow stack to protect them against accidental or > malicious overwrites. More information about SCS can be found > here: > > https://clang.llvm.org/docs/ShadowCallStack.html > > Patch 1 is from Deepak, and it simplifies VMAP_STACK overflow > handling by adding support for accessing per-CPU variables > directly in assembly. The patch is included in this series to > make IRQ stack switching cleaner with SCS, and I've simply > rebased it. Patch 2 uses this functionality to clean up the stack > switching by moving duplicate code into a single function. On > RISC-V, the compiler uses the gp register for storing the current > shadow call stack pointer, which is incompatible with global > pointer relaxation. Patch 3 moves global pointer loading into a > macro that can be easily disabled with SCS. Patch 4 implements > SCS register loading and switching, and allows the feature to be > enabled, and patch 5 adds separate per-CPU IRQ shadow call stacks > when CONFIG_IRQ_STACKS is enabled. > > Note that this series requires Clang 17. Earlier Clang versions > support SCS on RISC-V, but use the x18 register instead of gp, > which isn't ideal. gcc has SCS support for arm64, but I'm not > aware of plans to support RISC-V. Once the Zicfiss extension is > ratified, it's probably preferable to use hardware-backed shadow > stacks instead of SCS on hardware that supports the extension, > and we may want to consider implementing CONFIG_DYNAMIC_SCS to > patch between the implementation at runtime (similarly to the > arm64 implementation, which switches to SCS when hardware PAC > support isn't available). I took this series for a spin on top of 6.5-rc6 with both LLVM 18 (built within the past couple of days) and LLVM 17.0.0-rc2 but it seems that the CFI_BACKWARDS LKDTM test does not pass with CONFIG_SHADOW_CALL_STACK=y. [ 73.324652] lkdtm: Performing direct entry CFI_BACKWARD [ 73.324900] lkdtm: Attempting unchecked stack return address redirection ... [ 73.325178] lkdtm: Eek: return address mismatch! 0000000000000002 != ffffffff80614982 [ 73.325478] lkdtm: FAIL: stack return address manipulation failed! Does the test need to be adjusted or is there some other issue? Cheers, Nathan