From: Deepak Gupta <debug@rivosinc.com>
To: paul.walmsley@sifive.com, rick.p.edgecombe@intel.com,
broonie@kernel.org, Szabolcs.Nagy@arm.com, kito.cheng@sifive.com,
keescook@chromium.org, ajones@ventanamicro.com,
conor.dooley@microchip.com, cleger@rivosinc.com,
atishp@atishpatra.org, alex@ghiti.fr, bjorn@rivosinc.com,
alexghiti@rivosinc.com, samuel.holland@sifive.com,
conor@kernel.org
Cc: linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-kselftest@vger.kernel.org, corbet@lwn.net,
palmer@dabbelt.com, aou@eecs.berkeley.edu, robh+dt@kernel.org,
krzysztof.kozlowski+dt@linaro.org, oleg@redhat.com,
akpm@linux-foundation.org, arnd@arndb.de, ebiederm@xmission.com,
Liam.Howlett@oracle.com, vbabka@suse.cz, lstoakes@gmail.com,
shuah@kernel.org, brauner@kernel.org, debug@rivosinc.com,
andy.chiu@sifive.com, jerry.shih@sifive.com,
hankuan.chen@sifive.com, greentime.hu@sifive.com,
evan@rivosinc.com, xiao.w.wang@intel.com, charlie@rivosinc.com,
apatel@ventanamicro.com, mchitale@ventanamicro.com,
dbarboza@ventanamicro.com, sameo@rivosinc.com,
shikemeng@huaweicloud.com, willy@infradead.org,
vincent.chen@sifive.com, guoren@kernel.org,
samitolvanen@google.com, songshuaishuai@tinylab.org,
gerg@kernel.org, heiko@sntech.de, bhe@redhat.com,
jeeheng.sia@starfivetech.com, cyy@cyyself.name,
maskray@google.com, ancientmodern4@gmail.com,
mathis.salmen@matsal.de, cuiyunhui@bytedance.com,
bgray@linux.ibm.com, mpe@ellerman.id.au, baruch@tkos.co.il,
alx@kernel.org, david@redhat.com, catalin.marinas@arm.com,
revest@chromium.org, josh@joshtriplett.org, shr@devkernel.io,
deller@gmx.de, omosnace@redhat.com, ojeda@kernel.org,
jhubbard@nvidia.com
Subject: [PATCH v3 18/29] riscv: Implements arch agnostic shadow stack prctls
Date: Wed, 3 Apr 2024 16:35:06 -0700 [thread overview]
Message-ID: <20240403234054.2020347-19-debug@rivosinc.com> (raw)
In-Reply-To: <20240403234054.2020347-1-debug@rivosinc.com>
Implement architecture agnostic prctls() interface for setting and getting
shadow stack status.
prctls implemented are PR_GET_SHADOW_STACK_STATUS,
PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS.
As part of PR_SET_SHADOW_STACK_STATUS/PR_GET_SHADOW_STACK_STATUS, only
PR_SHADOW_STACK_ENABLE is implemented because RISCV allows each mode to
write to their own shadow stack using `sspush` or `ssamoswap`.
PR_LOCK_SHADOW_STACK_STATUS locks current configuration of shadow stack
enabling.
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
arch/riscv/include/asm/usercfi.h | 18 +++++-
arch/riscv/kernel/process.c | 8 +++
arch/riscv/kernel/usercfi.c | 107 +++++++++++++++++++++++++++++++
3 files changed, 132 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
index b47574a7a8c9..a168ae0fa5d8 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -7,6 +7,7 @@
#ifndef __ASSEMBLY__
#include <linux/types.h>
+#include <linux/prctl.h>
struct task_struct;
struct kernel_clone_args;
@@ -14,7 +15,8 @@ struct kernel_clone_args;
#ifdef CONFIG_RISCV_USER_CFI
struct cfi_status {
unsigned long ubcfi_en : 1; /* Enable for backward cfi. */
- unsigned long rsvd : ((sizeof(unsigned long)*8) - 1);
+ unsigned long ubcfi_locked : 1;
+ unsigned long rsvd : ((sizeof(unsigned long)*8) - 2);
unsigned long user_shdw_stk; /* Current user shadow stack pointer */
unsigned long shdw_stk_base; /* Base address of shadow stack */
unsigned long shdw_stk_size; /* size of shadow stack */
@@ -26,6 +28,10 @@ void shstk_release(struct task_struct *tsk);
void set_shstk_base(struct task_struct *task, unsigned long shstk_addr, unsigned long size);
void set_active_shstk(struct task_struct *task, unsigned long shstk_addr);
bool is_shstk_enabled(struct task_struct *task);
+bool is_shstk_locked(struct task_struct *task);
+void set_shstk_status(struct task_struct *task, bool enable);
+
+#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
#else
@@ -56,6 +62,16 @@ static inline bool is_shstk_enabled(struct task_struct *task)
return false;
}
+static inline bool is_shstk_locked(struct task_struct *task)
+{
+ return false;
+}
+
+static inline void set_shstk_status(struct task_struct *task, bool enable)
+{
+
+}
+
#endif /* CONFIG_RISCV_USER_CFI */
#endif /* __ASSEMBLY__ */
diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c
index ef48a25b0eff..3fb8b23f629b 100644
--- a/arch/riscv/kernel/process.c
+++ b/arch/riscv/kernel/process.c
@@ -145,6 +145,14 @@ void start_thread(struct pt_regs *regs, unsigned long pc,
regs->epc = pc;
regs->sp = sp;
+ /*
+ * clear shadow stack state on exec.
+ * libc will set it later via prctl.
+ */
+ set_shstk_status(current, false);
+ set_shstk_base(current, 0, 0);
+ set_active_shstk(current, 0);
+
#ifdef CONFIG_64BIT
regs->status &= ~SR_UXL;
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index 11ef7ab925c9..cdedf1f78b3e 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -24,6 +24,16 @@ bool is_shstk_enabled(struct task_struct *task)
return task->thread_info.user_cfi_state.ubcfi_en ? true : false;
}
+bool is_shstk_allocated(struct task_struct *task)
+{
+ return task->thread_info.user_cfi_state.shdw_stk_base ? true : false;
+}
+
+bool is_shstk_locked(struct task_struct *task)
+{
+ return task->thread_info.user_cfi_state.ubcfi_locked ? true : false;
+}
+
void set_shstk_base(struct task_struct *task, unsigned long shstk_addr, unsigned long size)
{
task->thread_info.user_cfi_state.shdw_stk_base = shstk_addr;
@@ -42,6 +52,23 @@ void set_active_shstk(struct task_struct *task, unsigned long shstk_addr)
task->thread_info.user_cfi_state.user_shdw_stk = shstk_addr;
}
+void set_shstk_status(struct task_struct *task, bool enable)
+{
+ task->thread_info.user_cfi_state.ubcfi_en = enable ? 1 : 0;
+
+ if (enable)
+ task->thread_info.envcfg |= ENVCFG_SSE;
+ else
+ task->thread_info.envcfg &= ~ENVCFG_SSE;
+
+ csr_write(CSR_ENVCFG, task->thread_info.envcfg);
+}
+
+void set_shstk_lock(struct task_struct *task)
+{
+ task->thread_info.user_cfi_state.ubcfi_locked = 1;
+}
+
/*
* If size is 0, then to be compatible with regular stack we want it to be as big as
* regular stack. Else PAGE_ALIGN it and return back
@@ -268,3 +295,83 @@ void shstk_release(struct task_struct *tsk)
vm_munmap(base, size);
set_shstk_base(tsk, 0, 0);
}
+
+int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status)
+{
+ unsigned long bcfi_status = 0;
+
+ if (!cpu_supports_shadow_stack())
+ return -EINVAL;
+
+ /* this means shadow stack is enabled on the task */
+ bcfi_status |= (is_shstk_enabled(t) ? PR_SHADOW_STACK_ENABLE : 0);
+
+ return copy_to_user(status, &bcfi_status, sizeof(bcfi_status)) ? -EFAULT : 0;
+}
+
+int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status)
+{
+ unsigned long size = 0, addr = 0;
+ bool enable_shstk = false;
+
+ if (!cpu_supports_shadow_stack())
+ return -EINVAL;
+
+ /* Reject unknown flags */
+ if (status & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK)
+ return -EINVAL;
+
+ /* bcfi status is locked and further can't be modified by user */
+ if (is_shstk_locked(t))
+ return -EINVAL;
+
+ enable_shstk = status & PR_SHADOW_STACK_ENABLE;
+ /* Request is to enable shadow stack and shadow stack is not enabled already */
+ if (enable_shstk && !is_shstk_enabled(t)) {
+ /* shadow stack was allocated and enable request again
+ * no need to support such usecase and return EINVAL.
+ */
+ if (is_shstk_allocated(t))
+ return -EINVAL;
+
+ size = calc_shstk_size(0);
+ addr = allocate_shadow_stack(0, size, 0, false);
+ if (IS_ERR_VALUE(addr))
+ return -ENOMEM;
+ set_shstk_base(t, addr, size);
+ set_active_shstk(t, addr + size);
+ }
+
+ /*
+ * If a request to disable shadow stack happens, let's go ahead and release it
+ * Although, if CLONE_VFORKed child did this, then in that case we will end up
+ * not releasing the shadow stack (because it might be needed in parent). Although
+ * we will disable it for VFORKed child. And if VFORKed child tries to enable again
+ * then in that case, it'll get entirely new shadow stack because following condition
+ * are true
+ * - shadow stack was not enabled for vforked child
+ * - shadow stack base was anyways pointing to 0
+ * This shouldn't be a big issue because we want parent to have availability of shadow
+ * stack whenever VFORKed child releases resources via exit or exec but at the same
+ * time we want VFORKed child to break away and establish new shadow stack if it desires
+ *
+ */
+ if (!enable_shstk)
+ shstk_release(t);
+
+ set_shstk_status(t, enable_shstk);
+ return 0;
+}
+
+int arch_lock_shadow_stack_status(struct task_struct *task,
+ unsigned long arg)
+{
+ /* If shtstk not supported or not enabled on task, nothing to lock here */
+ if (!cpu_supports_shadow_stack() ||
+ !is_shstk_enabled(task))
+ return -EINVAL;
+
+ set_shstk_lock(task);
+
+ return 0;
+}
--
2.43.2
WARNING: multiple messages have this Message-ID (diff)
From: Deepak Gupta <debug@rivosinc.com>
To: paul.walmsley@sifive.com, rick.p.edgecombe@intel.com,
broonie@kernel.org, Szabolcs.Nagy@arm.com, kito.cheng@sifive.com,
keescook@chromium.org, ajones@ventanamicro.com,
conor.dooley@microchip.com, cleger@rivosinc.com,
atishp@atishpatra.org, alex@ghiti.fr, bjorn@rivosinc.com,
alexghiti@rivosinc.com, samuel.holland@sifive.com,
conor@kernel.org
Cc: linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-kselftest@vger.kernel.org, corbet@lwn.net,
palmer@dabbelt.com, aou@eecs.berkeley.edu, robh+dt@kernel.org,
krzysztof.kozlowski+dt@linaro.org, oleg@redhat.com,
akpm@linux-foundation.org, arnd@arndb.de, ebiederm@xmission.com,
Liam.Howlett@oracle.com, vbabka@suse.cz, lstoakes@gmail.com,
shuah@kernel.org, brauner@kernel.org, debug@rivosinc.com,
andy.chiu@sifive.com, jerry.shih@sifive.com,
hankuan.chen@sifive.com, greentime.hu@sifive.com,
evan@rivosinc.com, xiao.w.wang@intel.com, charlie@rivosinc.com,
apatel@ventanamicro.com, mchitale@ventanamicro.com,
dbarboza@ventanamicro.com, sameo@rivosinc.com,
shikemeng@huaweicloud.com, willy@infradead.org,
vincent.chen@sifive.com, guoren@kernel.org,
samitolvanen@google.com, songshuaishuai@tinylab.org,
gerg@kernel.org, heiko@sntech.de, bhe@redhat.com,
jeeheng.sia@starfivetech.com, cyy@cyyself.name,
maskray@google.com, ancientmodern4@gmail.com,
mathis.salmen@matsal.de, cuiyunhui@bytedance.com,
bgray@linux.ibm.com, mpe@ellerman.id.au, baruch@tkos.co.il,
alx@kernel.org, david@redhat.com, catalin.marinas@arm.com,
revest@chromium.org, josh@joshtriplett.org, shr@devkernel.io,
deller@gmx.de, omosnace@redhat.com, ojeda@kernel.org,
jhubbard@nvidia.com
Subject: [PATCH v3 18/29] riscv: Implements arch agnostic shadow stack prctls
Date: Wed, 3 Apr 2024 16:35:06 -0700 [thread overview]
Message-ID: <20240403234054.2020347-19-debug@rivosinc.com> (raw)
In-Reply-To: <20240403234054.2020347-1-debug@rivosinc.com>
Implement architecture agnostic prctls() interface for setting and getting
shadow stack status.
prctls implemented are PR_GET_SHADOW_STACK_STATUS,
PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS.
As part of PR_SET_SHADOW_STACK_STATUS/PR_GET_SHADOW_STACK_STATUS, only
PR_SHADOW_STACK_ENABLE is implemented because RISCV allows each mode to
write to their own shadow stack using `sspush` or `ssamoswap`.
PR_LOCK_SHADOW_STACK_STATUS locks current configuration of shadow stack
enabling.
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
arch/riscv/include/asm/usercfi.h | 18 +++++-
arch/riscv/kernel/process.c | 8 +++
arch/riscv/kernel/usercfi.c | 107 +++++++++++++++++++++++++++++++
3 files changed, 132 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
index b47574a7a8c9..a168ae0fa5d8 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -7,6 +7,7 @@
#ifndef __ASSEMBLY__
#include <linux/types.h>
+#include <linux/prctl.h>
struct task_struct;
struct kernel_clone_args;
@@ -14,7 +15,8 @@ struct kernel_clone_args;
#ifdef CONFIG_RISCV_USER_CFI
struct cfi_status {
unsigned long ubcfi_en : 1; /* Enable for backward cfi. */
- unsigned long rsvd : ((sizeof(unsigned long)*8) - 1);
+ unsigned long ubcfi_locked : 1;
+ unsigned long rsvd : ((sizeof(unsigned long)*8) - 2);
unsigned long user_shdw_stk; /* Current user shadow stack pointer */
unsigned long shdw_stk_base; /* Base address of shadow stack */
unsigned long shdw_stk_size; /* size of shadow stack */
@@ -26,6 +28,10 @@ void shstk_release(struct task_struct *tsk);
void set_shstk_base(struct task_struct *task, unsigned long shstk_addr, unsigned long size);
void set_active_shstk(struct task_struct *task, unsigned long shstk_addr);
bool is_shstk_enabled(struct task_struct *task);
+bool is_shstk_locked(struct task_struct *task);
+void set_shstk_status(struct task_struct *task, bool enable);
+
+#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
#else
@@ -56,6 +62,16 @@ static inline bool is_shstk_enabled(struct task_struct *task)
return false;
}
+static inline bool is_shstk_locked(struct task_struct *task)
+{
+ return false;
+}
+
+static inline void set_shstk_status(struct task_struct *task, bool enable)
+{
+
+}
+
#endif /* CONFIG_RISCV_USER_CFI */
#endif /* __ASSEMBLY__ */
diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c
index ef48a25b0eff..3fb8b23f629b 100644
--- a/arch/riscv/kernel/process.c
+++ b/arch/riscv/kernel/process.c
@@ -145,6 +145,14 @@ void start_thread(struct pt_regs *regs, unsigned long pc,
regs->epc = pc;
regs->sp = sp;
+ /*
+ * clear shadow stack state on exec.
+ * libc will set it later via prctl.
+ */
+ set_shstk_status(current, false);
+ set_shstk_base(current, 0, 0);
+ set_active_shstk(current, 0);
+
#ifdef CONFIG_64BIT
regs->status &= ~SR_UXL;
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index 11ef7ab925c9..cdedf1f78b3e 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -24,6 +24,16 @@ bool is_shstk_enabled(struct task_struct *task)
return task->thread_info.user_cfi_state.ubcfi_en ? true : false;
}
+bool is_shstk_allocated(struct task_struct *task)
+{
+ return task->thread_info.user_cfi_state.shdw_stk_base ? true : false;
+}
+
+bool is_shstk_locked(struct task_struct *task)
+{
+ return task->thread_info.user_cfi_state.ubcfi_locked ? true : false;
+}
+
void set_shstk_base(struct task_struct *task, unsigned long shstk_addr, unsigned long size)
{
task->thread_info.user_cfi_state.shdw_stk_base = shstk_addr;
@@ -42,6 +52,23 @@ void set_active_shstk(struct task_struct *task, unsigned long shstk_addr)
task->thread_info.user_cfi_state.user_shdw_stk = shstk_addr;
}
+void set_shstk_status(struct task_struct *task, bool enable)
+{
+ task->thread_info.user_cfi_state.ubcfi_en = enable ? 1 : 0;
+
+ if (enable)
+ task->thread_info.envcfg |= ENVCFG_SSE;
+ else
+ task->thread_info.envcfg &= ~ENVCFG_SSE;
+
+ csr_write(CSR_ENVCFG, task->thread_info.envcfg);
+}
+
+void set_shstk_lock(struct task_struct *task)
+{
+ task->thread_info.user_cfi_state.ubcfi_locked = 1;
+}
+
/*
* If size is 0, then to be compatible with regular stack we want it to be as big as
* regular stack. Else PAGE_ALIGN it and return back
@@ -268,3 +295,83 @@ void shstk_release(struct task_struct *tsk)
vm_munmap(base, size);
set_shstk_base(tsk, 0, 0);
}
+
+int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status)
+{
+ unsigned long bcfi_status = 0;
+
+ if (!cpu_supports_shadow_stack())
+ return -EINVAL;
+
+ /* this means shadow stack is enabled on the task */
+ bcfi_status |= (is_shstk_enabled(t) ? PR_SHADOW_STACK_ENABLE : 0);
+
+ return copy_to_user(status, &bcfi_status, sizeof(bcfi_status)) ? -EFAULT : 0;
+}
+
+int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status)
+{
+ unsigned long size = 0, addr = 0;
+ bool enable_shstk = false;
+
+ if (!cpu_supports_shadow_stack())
+ return -EINVAL;
+
+ /* Reject unknown flags */
+ if (status & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK)
+ return -EINVAL;
+
+ /* bcfi status is locked and further can't be modified by user */
+ if (is_shstk_locked(t))
+ return -EINVAL;
+
+ enable_shstk = status & PR_SHADOW_STACK_ENABLE;
+ /* Request is to enable shadow stack and shadow stack is not enabled already */
+ if (enable_shstk && !is_shstk_enabled(t)) {
+ /* shadow stack was allocated and enable request again
+ * no need to support such usecase and return EINVAL.
+ */
+ if (is_shstk_allocated(t))
+ return -EINVAL;
+
+ size = calc_shstk_size(0);
+ addr = allocate_shadow_stack(0, size, 0, false);
+ if (IS_ERR_VALUE(addr))
+ return -ENOMEM;
+ set_shstk_base(t, addr, size);
+ set_active_shstk(t, addr + size);
+ }
+
+ /*
+ * If a request to disable shadow stack happens, let's go ahead and release it
+ * Although, if CLONE_VFORKed child did this, then in that case we will end up
+ * not releasing the shadow stack (because it might be needed in parent). Although
+ * we will disable it for VFORKed child. And if VFORKed child tries to enable again
+ * then in that case, it'll get entirely new shadow stack because following condition
+ * are true
+ * - shadow stack was not enabled for vforked child
+ * - shadow stack base was anyways pointing to 0
+ * This shouldn't be a big issue because we want parent to have availability of shadow
+ * stack whenever VFORKed child releases resources via exit or exec but at the same
+ * time we want VFORKed child to break away and establish new shadow stack if it desires
+ *
+ */
+ if (!enable_shstk)
+ shstk_release(t);
+
+ set_shstk_status(t, enable_shstk);
+ return 0;
+}
+
+int arch_lock_shadow_stack_status(struct task_struct *task,
+ unsigned long arg)
+{
+ /* If shtstk not supported or not enabled on task, nothing to lock here */
+ if (!cpu_supports_shadow_stack() ||
+ !is_shstk_enabled(task))
+ return -EINVAL;
+
+ set_shstk_lock(task);
+
+ return 0;
+}
--
2.43.2
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-04-03 23:42 UTC|newest]
Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-03 23:34 [PATCH v3 00/29] riscv control-flow integrity for usermode Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 01/29] riscv: envcfg save and restore on task switching Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-09 0:10 ` Charlie Jenkins
2024-05-09 0:10 ` Charlie Jenkins
2024-05-09 19:00 ` Deepak Gupta
2024-05-09 19:00 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 02/29] riscv: define default value for envcfg for task Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-10 22:33 ` Charlie Jenkins
2024-05-10 22:33 ` Charlie Jenkins
2024-05-13 18:33 ` Deepak Gupta
2024-05-13 18:33 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 03/29] riscv/Kconfig: enable HAVE_EXIT_THREAD for riscv Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-10 22:36 ` Charlie Jenkins
2024-05-10 22:36 ` Charlie Jenkins
2024-04-03 23:34 ` [PATCH v3 04/29] riscv: zicfilp / zicfiss in dt-bindings (extensions.yaml) Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-04-10 11:58 ` Rob Herring
2024-04-10 11:58 ` Rob Herring
2024-04-10 21:37 ` Deepak Gupta
2024-04-10 21:37 ` Deepak Gupta
2024-04-15 19:41 ` Rob Herring
2024-04-15 19:41 ` Rob Herring
2024-04-16 15:44 ` Deepak Gupta
2024-04-16 15:44 ` Deepak Gupta
2024-05-09 18:14 ` Conor Dooley
2024-05-09 18:14 ` Conor Dooley
2024-05-09 18:46 ` Deepak Gupta
2024-05-09 18:46 ` Deepak Gupta
2024-05-09 20:32 ` Conor Dooley
2024-05-09 20:32 ` Conor Dooley
2024-05-09 23:26 ` Deepak Gupta
2024-05-09 23:26 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 05/29] riscv: zicfiss / zicfilp enumeration Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-09 0:00 ` Andy Chiu
2024-05-09 0:00 ` Andy Chiu
2024-05-09 0:07 ` Charlie Jenkins
2024-05-09 0:07 ` Charlie Jenkins
2024-04-03 23:34 ` [PATCH v3 06/29] riscv: zicfiss / zicfilp extension csr and bit definitions Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-10 22:37 ` Charlie Jenkins
2024-05-10 22:37 ` Charlie Jenkins
2024-04-03 23:34 ` [PATCH v3 07/29] riscv: usercfi state for task and save/restore of CSR_SSP on trap entry/exit Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-10 22:51 ` Charlie Jenkins
2024-05-10 22:51 ` Charlie Jenkins
2024-04-03 23:34 ` [PATCH v3 08/29] mm: Define VM_SHADOW_STACK for RISC-V Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-04-04 18:58 ` David Hildenbrand
2024-04-04 18:58 ` David Hildenbrand
2024-04-04 19:04 ` Mark Brown
2024-04-04 19:04 ` Mark Brown
2024-04-04 19:15 ` David Hildenbrand
2024-04-04 19:15 ` David Hildenbrand
2024-04-04 19:21 ` Deepak Gupta
2024-04-04 19:21 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 09/29] mm: abstract shadow stack vma behind `vma_is_shadow_stack` Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-04-04 19:02 ` David Hildenbrand
2024-04-04 19:02 ` David Hildenbrand
2024-04-04 21:39 ` Deepak Gupta
2024-04-04 21:39 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 10/29] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-10 21:02 ` Charlie Jenkins
2024-05-10 21:02 ` Charlie Jenkins
2024-05-13 17:47 ` Deepak Gupta
2024-05-13 17:47 ` Deepak Gupta
2024-05-13 18:36 ` Charlie Jenkins
2024-05-13 18:36 ` Charlie Jenkins
2024-05-13 18:41 ` Deepak Gupta
2024-05-13 18:41 ` Deepak Gupta
2024-05-13 21:26 ` Charlie Jenkins
2024-05-13 21:26 ` Charlie Jenkins
2024-05-12 16:24 ` Alexandre Ghiti
2024-05-12 16:24 ` Alexandre Ghiti
2024-05-13 18:29 ` Deepak Gupta
2024-05-13 18:29 ` Deepak Gupta
2024-04-03 23:34 ` [PATCH v3 11/29] riscv mm: manufacture shadow stack pte Deepak Gupta
2024-04-03 23:34 ` Deepak Gupta
2024-05-12 16:26 ` Alexandre Ghiti
2024-05-12 16:26 ` Alexandre Ghiti
2024-04-03 23:35 ` [PATCH v3 12/29] riscv mmu: teach pte_mkwrite to manufacture shadow stack PTEs Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-12 16:28 ` Alexandre Ghiti
2024-05-12 16:28 ` Alexandre Ghiti
2024-05-13 17:33 ` Deepak Gupta
2024-05-13 17:33 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 13/29] riscv mmu: write protect and shadow stack Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-12 16:31 ` Alexandre Ghiti
2024-05-12 16:31 ` Alexandre Ghiti
2024-05-13 17:32 ` Deepak Gupta
2024-05-13 17:32 ` Deepak Gupta
2024-05-23 14:59 ` Alexandre Ghiti
2024-05-23 14:59 ` Alexandre Ghiti
2024-05-24 7:16 ` Deepak Gupta
2024-05-24 7:16 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 14/29] riscv/mm: Implement map_shadow_stack() syscall Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-12 16:50 ` Alexandre Ghiti
2024-05-12 16:50 ` Alexandre Ghiti
2024-05-13 17:25 ` Deepak Gupta
2024-05-13 17:25 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 15/29] riscv/shstk: If needed allocate a new shadow stack on clone Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-12 17:05 ` Alexandre Ghiti
2024-05-12 17:05 ` Alexandre Ghiti
2024-05-13 17:10 ` Deepak Gupta
2024-05-13 17:10 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 16/29] prctl: arch-agnostic prctl for shadow stack Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 17/29] prctl: arch-agnostic prctl for indirect branch tracking Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-10 23:29 ` Charlie Jenkins
2024-05-10 23:29 ` Charlie Jenkins
2024-05-13 18:31 ` Deepak Gupta
2024-05-13 18:31 ` Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta [this message]
2024-04-03 23:35 ` [PATCH v3 18/29] riscv: Implements arch agnostic shadow stack prctls Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 19/29] riscv: Implements arch agnostic indirect branch tracking prctls Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 20/29] riscv/kernel: update __show_regs to print shadow stack register Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-12 17:10 ` Alexandre Ghiti
2024-05-12 17:10 ` Alexandre Ghiti
2024-04-03 23:35 ` [PATCH v3 21/29] riscv/traps: Introduce software check exception Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 22/29] riscv sigcontext: adding cfi state field in sigcontext Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-24 9:46 ` Andy Chiu
2024-05-24 9:46 ` Andy Chiu
2024-05-24 19:11 ` Deepak Gupta
2024-05-24 19:11 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 23/29] riscv signal: Save and restore of shadow stack for signal Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 24/29] riscv/ptrace: riscv cfi status and state via ptrace and in core files Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 25/29] riscv/hwprobe: zicfilp / zicfiss enumeration in hwprobe Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 26/29] riscv: create a config for shadow stack and landing pad instr support Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 27/29] riscv: Documentation for landing pad / indirect branch tracking Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-10 20:30 ` Charlie Jenkins
2024-05-10 20:30 ` Charlie Jenkins
2024-05-13 17:07 ` Deepak Gupta
2024-05-13 17:07 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 28/29] riscv: Documentation for shadow stack on riscv Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-04-03 23:35 ` [PATCH v3 29/29] kselftest/riscv: kselftest for user mode cfi Deepak Gupta
2024-04-03 23:35 ` Deepak Gupta
2024-05-09 18:21 ` Charlie Jenkins
2024-05-09 18:21 ` Charlie Jenkins
2024-05-09 19:16 ` Deepak Gupta
2024-05-09 19:16 ` Deepak Gupta
2024-05-10 1:20 ` Charlie Jenkins
2024-05-10 1:20 ` Charlie Jenkins
2024-05-09 0:33 ` [PATCH v3 00/29] riscv control-flow integrity for usermode Charlie Jenkins
2024-05-09 0:33 ` Charlie Jenkins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240403234054.2020347-19-debug@rivosinc.com \
--to=debug@rivosinc.com \
--cc=Liam.Howlett@oracle.com \
--cc=Szabolcs.Nagy@arm.com \
--cc=ajones@ventanamicro.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=alexghiti@rivosinc.com \
--cc=alx@kernel.org \
--cc=ancientmodern4@gmail.com \
--cc=andy.chiu@sifive.com \
--cc=aou@eecs.berkeley.edu \
--cc=apatel@ventanamicro.com \
--cc=arnd@arndb.de \
--cc=atishp@atishpatra.org \
--cc=baruch@tkos.co.il \
--cc=bgray@linux.ibm.com \
--cc=bhe@redhat.com \
--cc=bjorn@rivosinc.com \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=charlie@rivosinc.com \
--cc=cleger@rivosinc.com \
--cc=conor.dooley@microchip.com \
--cc=conor@kernel.org \
--cc=corbet@lwn.net \
--cc=cuiyunhui@bytedance.com \
--cc=cyy@cyyself.name \
--cc=david@redhat.com \
--cc=dbarboza@ventanamicro.com \
--cc=deller@gmx.de \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=evan@rivosinc.com \
--cc=gerg@kernel.org \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=hankuan.chen@sifive.com \
--cc=heiko@sntech.de \
--cc=jeeheng.sia@starfivetech.com \
--cc=jerry.shih@sifive.com \
--cc=jhubbard@nvidia.com \
--cc=josh@joshtriplett.org \
--cc=keescook@chromium.org \
--cc=kito.cheng@sifive.com \
--cc=krzysztof.kozlowski+dt@linaro.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=lstoakes@gmail.com \
--cc=maskray@google.com \
--cc=mathis.salmen@matsal.de \
--cc=mchitale@ventanamicro.com \
--cc=mpe@ellerman.id.au \
--cc=ojeda@kernel.org \
--cc=oleg@redhat.com \
--cc=omosnace@redhat.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=revest@chromium.org \
--cc=rick.p.edgecombe@intel.com \
--cc=robh+dt@kernel.org \
--cc=sameo@rivosinc.com \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=shikemeng@huaweicloud.com \
--cc=shr@devkernel.io \
--cc=shuah@kernel.org \
--cc=songshuaishuai@tinylab.org \
--cc=vbabka@suse.cz \
--cc=vincent.chen@sifive.com \
--cc=willy@infradead.org \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.