Received: by 2002:a05:7412:bb8d:b0:d7:7d3a:4fe2 with SMTP id js13csp1518661rdb; Wed, 16 Aug 2023 14:05:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG/zWkGJ1qhcep7NWp2dTKwpmhzj5XzoteET9wcKKD+IU3VBcTaTxbZ7ERa/oGxMZTq7nne X-Received: by 2002:a05:6512:39cd:b0:4fd:fef7:95a5 with SMTP id k13-20020a05651239cd00b004fdfef795a5mr2972430lfu.11.1692219900807; Wed, 16 Aug 2023 14:05:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692219900; cv=none; d=google.com; s=arc-20160816; b=jJBkbWsxRvgTEeY3smR4zI6GkF9QXgwQjbAMWzbgSYKlD2GGMDRpLYl6lUrEyslFA9 QWFvYxTFJkQPRj5OIbW0YAGkbcYNOVrnM8RxXvdP/XnDaz7eouSXkA6ZXh0w/m2By6T7 jB9XBVXoAs5LAS1uOrQmkA0hW6HKwpP1+ZrC4BnH3vyNncleD8C1+5DVmy7bC+6DUYqH 7cXKOCxQK076Y3us67M8jCDQdOX2sp3Tz6BtGcR4Sd3uZycFpjaIFLYrwfA99TpypKsD H2qBm5pAnY5qsmW1Mjiwtr0MtE2uRRKyPTROxgycQ5CcUHA/iyv+Aw9JKmK2TZb9/BfI lDRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=0OzZfD0LxzioiKcT0/PJFomCt5xMHK3Naf5sQrGSKYI=; fh=8emAeMHeOhOkvXnGUePcpDQoa+dF4kFgK6pEar1YaxA=; b=mknJMn8VnVBnmbKRIqMzFDOv5qrHygPYK7zfFaHDFnNdohV00SBb9YEx1fqiim9hxz 0R+K/QEg0JvUZi/CJQ32UNfZlxnlnnIOV+7QRLQ7O/RmwuGljgLe0uZAt/IPJUzZBY4A TgjuCIStk06+CUzpdKFFrOYZt6hgX/zuTE+rvF+4dguwH3ZGawC9IaIBuR9eMYX1mNWH I27KmS6hLGwoxiqykm+myCySq4b/WeN8BYZu79Nh8nAQ9rHkO26nJW5AWNKbD04yuxlw iFv2A030kobStCjw6Cug0fKEPdM7EfgTNF/qmZeFe77/4zmdF+068yoLT5POCoIEAEEi u4Qg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qDsJ4Pyb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s26-20020a170906961a00b0099325564b77si11192288ejx.548.2023.08.16.14.04.34; Wed, 16 Aug 2023 14:05:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qDsJ4Pyb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344875AbjHPQnW (ORCPT + 99 others); Wed, 16 Aug 2023 12:43:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344949AbjHPQm4 (ORCPT ); Wed, 16 Aug 2023 12:42:56 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9760930D2 for ; Wed, 16 Aug 2023 09:42:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 333F366CFA for ; Wed, 16 Aug 2023 16:42:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D2AF1C433C8; Wed, 16 Aug 2023 16:42:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692204153; bh=58unTFnXGEq3UBUCeC2OOQ34OOD9B4fl4PEKWgwKnBU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=qDsJ4PybcVzKHecuX6kYS/XWs0yKGqmYNteF7T/NL+/93pWCmql4uxXQ2pI2rJfdX 6UQNv1XFXDcjCsKQCGrW35qSAi5xhYyztHRTVmCFcQ1Q/3NKP63VtpfOI6xSH3Ad6F bb4jahKCpOvIkedMgSEexaTY+Q3IzpKOEpN6zP0Uq+XwLzbBZMMN5PzIp942eFd6Zk wf/FVi8RSJ89Lbo0yfnZpDeNAEgXi8QYhdepy6rfIUWdmH1+nDo43oytuI1hs80oLP cAR1Ki1DXuTfQVjBUPLRvef12BfIQSkcHQKPwsovgQa0NvhWdpVT4z5YhkeT3pfcNZ uCEPjn0OiZSxQ== Date: Wed, 16 Aug 2023 09:42:31 -0700 From: Nathan Chancellor To: Sami Tolvanen Cc: Paul Walmsley , Palmer Dabbelt , Albert Ou , Kees Cook , Guo Ren , Deepak Gupta , Nick Desaulniers , Fangrui Song , linux-riscv@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 0/6] riscv: SCS support Message-ID: <20230816164231.GA1653714@dev-arch.thelio-3990X> References: <20230815203442.1608773-8-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230815203442.1608773-8-samitolvanen@google.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sami, On Tue, Aug 15, 2023 at 08:34:43PM +0000, Sami Tolvanen wrote: > Hi folks, > > This series adds Shadow Call Stack (SCS) support for RISC-V. SCS > uses compiler instrumentation to store return addresses in a > separate shadow stack to protect them against accidental or > malicious overwrites. More information about SCS can be found > here: > > https://clang.llvm.org/docs/ShadowCallStack.html > > Patch 1 is from Deepak, and it simplifies VMAP_STACK overflow > handling by adding support for accessing per-CPU variables > directly in assembly. The patch is included in this series to > make IRQ stack switching cleaner with SCS, and I've simply > rebased it. Patch 2 uses this functionality to clean up the stack > switching by moving duplicate code into a single function. On > RISC-V, the compiler uses the gp register for storing the current > shadow call stack pointer, which is incompatible with global > pointer relaxation. Patch 3 moves global pointer loading into a > macro that can be easily disabled with SCS. Patch 4 implements > SCS register loading and switching, and allows the feature to be > enabled, and patch 5 adds separate per-CPU IRQ shadow call stacks > when CONFIG_IRQ_STACKS is enabled. Patch 6 fixes the backward- > edge CFI test in lkdtm for RISC-V. > > Note that this series requires Clang 17. Earlier Clang versions > support SCS on RISC-V, but use the x18 register instead of gp, > which isn't ideal. gcc has SCS support for arm64, but I'm not > aware of plans to support RISC-V. Once the Zicfiss extension is > ratified, it's probably preferable to use hardware-backed shadow > stacks instead of SCS on hardware that supports the extension, > and we may want to consider implementing CONFIG_DYNAMIC_SCS to > patch between the implementation at runtime (similarly to the > arm64 implementation, which switches to SCS when hardware PAC > support isn't available). I took this series for a spin in QEMU with both LLVM 18.0.0 and 17.0.0-rc2 and the LKDTM test now passes with CONFIG_SHADOW_CALL_STACK=y (and fails with LLVM 16.0.0, as CONFIG_SHADOW_CALL_STACK is not selectable there). Tested-by: Nathan Chancellor Cheers, Nathan