From: Deepak Gupta <debug@rivosinc.com>
To: Will Deacon <will@kernel.org>
Cc: Sami Tolvanen <samitolvanen@google.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Alexandre Ghiti <alex@ghiti.fr>,
Masahiro Yamada <masahiroy@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nicolas Schier <nicolas.schier@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>, Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>,
Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
Bill Wendling <morbo@google.com>,
Monk Chiang <monk.chiang@sifive.com>,
Kito Cheng <kito.cheng@sifive.com>,
Justin Stitt <justinstitt@google.com>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-kbuild@vger.kernel.org, linux-mm@kvack.org,
llvm@lists.linux.dev, rick.p.edgecombe@intel.com,
broonie@kernel.org, cleger@rivosinc.com, apatel@ventanamicro.com,
ajones@ventanamicro.com, conor.dooley@microchip.com,
charlie@rivosinc.com, samuel.holland@sifive.com,
bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com,
heinrich.schuchardt@canonical.com, andrew@sifive.com,
ved@rivosinc.com
Subject: Re: [PATCH 10/11] scs: generic scs code updated to leverage hw assisted shadow stack
Date: Mon, 28 Jul 2025 09:37:34 -0700 [thread overview]
Message-ID: <aIenTs_D4l414isp@debug.ba.rivosinc.com> (raw)
In-Reply-To: <aIdxUpSc-Co8wLYE@willie-the-truck>
On Mon, Jul 28, 2025 at 01:47:14PM +0100, Will Deacon wrote:
>On Fri, Jul 25, 2025 at 04:13:27PM +0000, Sami Tolvanen wrote:
>> On Thu, Jul 24, 2025 at 04:37:03PM -0700, Deepak Gupta wrote:
>> > diff --git a/include/linux/scs.h b/include/linux/scs.h
>> > index 4ab5bdc898cf..6ceee07c2d1a 100644
>> > --- a/include/linux/scs.h
>> > +++ b/include/linux/scs.h
>> > @@ -12,6 +12,7 @@
>> > #include <linux/poison.h>
>> > #include <linux/sched.h>
>> > #include <linux/sizes.h>
>> > +#include <asm/scs.h>
>> >
>> > #ifdef CONFIG_SHADOW_CALL_STACK
>> >
>> > @@ -37,22 +38,45 @@ static inline void scs_task_reset(struct task_struct *tsk)
>> > * Reset the shadow stack to the base address in case the task
>> > * is reused.
>> > */
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + task_scs_sp(tsk) = task_scs(tsk) + SCS_SIZE;
>> > +#else
>> > task_scs_sp(tsk) = task_scs(tsk);
>> > +#endif
>> > }
>> >
>> > static inline unsigned long *__scs_magic(void *s)
>> > {
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + return (unsigned long *)(s);
>> > +#else
>> > return (unsigned long *)(s + SCS_SIZE) - 1;
>> > +#endif
>> > }
>> >
>> > static inline bool task_scs_end_corrupted(struct task_struct *tsk)
>> > {
>> > unsigned long *magic = __scs_magic(task_scs(tsk));
>> > - unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
>> > + unsigned long sz;
>> > +
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + sz = (task_scs(tsk) + SCS_SIZE) - task_scs_sp(tsk);
>> > +#else
>> > + sz = task_scs_sp(tsk) - task_scs(tsk);
>> > +#endif
>> >
>> > return sz >= SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) != SCS_END_MAGIC;
>> > }
>> >
>> > +static inline void __scs_store_magic(unsigned long *s, unsigned long magic_val)
>> > +{
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + arch_scs_store(s, magic_val);
>> > +#else
>> > + *__scs_magic(s) = magic_val;
>> > +#endif
>> > +}
>> > +
>>
>> I'm not a huge fan of all the ifdefs. We could clean this up by
>> allowing architectures to simply override some these functions, or at
>> least use if (IS_ENABLED(CONFIG...)) instead. Will, any thoughts about
>> this?
>
>Yeah, I agree that allowing architectures to provide overrides makes
>sense, however I also suspect that some of this needs to be a runtime
>decision because not all CPUs will support the hardware-accelerated
>feature and will presumably want to fall back on the software
>implementation.
Hmm runtime fallback is an important point. Thanks. I'll munch on it a
bit.
>
>Will
WARNING: multiple messages have this Message-ID (diff)
From: Deepak Gupta <debug@rivosinc.com>
To: Will Deacon <will@kernel.org>
Cc: Sami Tolvanen <samitolvanen@google.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Alexandre Ghiti <alex@ghiti.fr>,
Masahiro Yamada <masahiroy@kernel.org>,
Nathan Chancellor <nathan@kernel.org>,
Nicolas Schier <nicolas.schier@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
David Hildenbrand <david@redhat.com>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>, Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>,
Nick Desaulniers <nick.desaulniers+lkml@gmail.com>,
Bill Wendling <morbo@google.com>,
Monk Chiang <monk.chiang@sifive.com>,
Kito Cheng <kito.cheng@sifive.com>,
Justin Stitt <justinstitt@google.com>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-kbuild@vger.kernel.org, linux-mm@kvack.org,
llvm@lists.linux.dev, rick.p.edgecombe@intel.com,
broonie@kernel.org, cleger@rivosinc.com, apatel@ventanamicro.com,
ajones@ventanamicro.com, conor.dooley@microchip.com,
charlie@rivosinc.com, samuel.holland@sifive.com,
bjorn@rivosinc.com, fweimer@redhat.com, jeffreyalaw@gmail.com,
heinrich.schuchardt@canonical.com, andrew@sifive.com,
ved@rivosinc.com
Subject: Re: [PATCH 10/11] scs: generic scs code updated to leverage hw assisted shadow stack
Date: Mon, 28 Jul 2025 09:37:34 -0700 [thread overview]
Message-ID: <aIenTs_D4l414isp@debug.ba.rivosinc.com> (raw)
In-Reply-To: <aIdxUpSc-Co8wLYE@willie-the-truck>
On Mon, Jul 28, 2025 at 01:47:14PM +0100, Will Deacon wrote:
>On Fri, Jul 25, 2025 at 04:13:27PM +0000, Sami Tolvanen wrote:
>> On Thu, Jul 24, 2025 at 04:37:03PM -0700, Deepak Gupta wrote:
>> > diff --git a/include/linux/scs.h b/include/linux/scs.h
>> > index 4ab5bdc898cf..6ceee07c2d1a 100644
>> > --- a/include/linux/scs.h
>> > +++ b/include/linux/scs.h
>> > @@ -12,6 +12,7 @@
>> > #include <linux/poison.h>
>> > #include <linux/sched.h>
>> > #include <linux/sizes.h>
>> > +#include <asm/scs.h>
>> >
>> > #ifdef CONFIG_SHADOW_CALL_STACK
>> >
>> > @@ -37,22 +38,45 @@ static inline void scs_task_reset(struct task_struct *tsk)
>> > * Reset the shadow stack to the base address in case the task
>> > * is reused.
>> > */
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + task_scs_sp(tsk) = task_scs(tsk) + SCS_SIZE;
>> > +#else
>> > task_scs_sp(tsk) = task_scs(tsk);
>> > +#endif
>> > }
>> >
>> > static inline unsigned long *__scs_magic(void *s)
>> > {
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + return (unsigned long *)(s);
>> > +#else
>> > return (unsigned long *)(s + SCS_SIZE) - 1;
>> > +#endif
>> > }
>> >
>> > static inline bool task_scs_end_corrupted(struct task_struct *tsk)
>> > {
>> > unsigned long *magic = __scs_magic(task_scs(tsk));
>> > - unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
>> > + unsigned long sz;
>> > +
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + sz = (task_scs(tsk) + SCS_SIZE) - task_scs_sp(tsk);
>> > +#else
>> > + sz = task_scs_sp(tsk) - task_scs(tsk);
>> > +#endif
>> >
>> > return sz >= SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) != SCS_END_MAGIC;
>> > }
>> >
>> > +static inline void __scs_store_magic(unsigned long *s, unsigned long magic_val)
>> > +{
>> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
>> > + arch_scs_store(s, magic_val);
>> > +#else
>> > + *__scs_magic(s) = magic_val;
>> > +#endif
>> > +}
>> > +
>>
>> I'm not a huge fan of all the ifdefs. We could clean this up by
>> allowing architectures to simply override some these functions, or at
>> least use if (IS_ENABLED(CONFIG...)) instead. Will, any thoughts about
>> this?
>
>Yeah, I agree that allowing architectures to provide overrides makes
>sense, however I also suspect that some of this needs to be a runtime
>decision because not all CPUs will support the hardware-accelerated
>feature and will presumably want to fall back on the software
>implementation.
Hmm runtime fallback is an important point. Thanks. I'll munch on it a
bit.
>
>Will
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2025-07-28 16:37 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-24 23:36 [PATCH 00/11] riscv: fine grained hardware assisted kernel control-flow integrity Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-24 23:36 ` [PATCH 01/11] riscv: add landing pad for asm routines Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-25 6:13 ` Heinrich Schuchardt
2025-07-25 6:13 ` Heinrich Schuchardt
2025-07-25 14:10 ` Deepak Gupta
2025-07-25 14:10 ` Deepak Gupta
2025-07-25 15:27 ` Sami Tolvanen
2025-07-25 15:27 ` Sami Tolvanen
2025-07-25 17:01 ` Deepak Gupta
2025-07-25 17:01 ` Deepak Gupta
2025-07-24 23:36 ` [PATCH 02/11] riscv: update asm call site in `call_on_irq_stack` to setup correct label Deepak Gupta
2025-07-25 6:23 ` Heinrich Schuchardt
2025-07-25 6:23 ` Heinrich Schuchardt
2025-07-25 14:16 ` Deepak Gupta
2025-07-25 14:16 ` Deepak Gupta
2025-07-25 15:33 ` Sami Tolvanen
2025-07-25 15:33 ` Sami Tolvanen
2025-07-25 16:56 ` Deepak Gupta
2025-07-25 16:56 ` Deepak Gupta
2025-07-24 23:36 ` [PATCH 03/11] riscv: indirect jmp in asm that's static in nature to use sw guarded jump Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-25 6:26 ` Heinrich Schuchardt
2025-07-25 6:26 ` Heinrich Schuchardt
2025-07-24 23:36 ` [PATCH 04/11] riscv: exception handlers can be software guarded transfers Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-24 23:36 ` [PATCH 05/11] riscv: enable landing pad enforcement Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-25 6:33 ` Heinrich Schuchardt
2025-07-25 6:33 ` Heinrich Schuchardt
2025-07-25 14:20 ` Deepak Gupta
2025-07-25 14:20 ` Deepak Gupta
2025-07-25 14:43 ` Heinrich Schuchardt
2025-07-25 14:43 ` Heinrich Schuchardt
2025-07-24 23:36 ` [PATCH 06/11] mm: Introduce ARCH_HAS_KERNEL_SHADOW_STACK Deepak Gupta
2025-07-24 23:36 ` Deepak Gupta
2025-07-26 7:42 ` Mike Rapoport
2025-07-26 7:42 ` Mike Rapoport
2025-07-29 0:36 ` Deepak Gupta
2025-07-29 0:36 ` Deepak Gupta
2025-07-24 23:37 ` [PATCH 07/11] scs: place init shadow stack in .shadowstack section Deepak Gupta
2025-07-24 23:37 ` Deepak Gupta
2025-07-24 23:37 ` [PATCH 08/11] riscv/mm: prepare shadow stack for init task Deepak Gupta
2025-07-24 23:37 ` Deepak Gupta
2025-07-24 23:37 ` [PATCH 09/11] riscv: scs: add hardware shadow stack support to scs Deepak Gupta
2025-07-24 23:37 ` Deepak Gupta
2025-07-24 23:37 ` [PATCH 10/11] scs: generic scs code updated to leverage hw assisted shadow stack Deepak Gupta
2025-07-24 23:37 ` Deepak Gupta
2025-07-25 16:13 ` Sami Tolvanen
2025-07-25 16:13 ` Sami Tolvanen
2025-07-25 16:42 ` Deepak Gupta
2025-07-25 16:42 ` Deepak Gupta
2025-07-25 16:47 ` Deepak Gupta
2025-07-25 16:47 ` Deepak Gupta
2025-07-25 16:46 ` Mark Brown
2025-07-25 16:46 ` Mark Brown
2025-07-28 12:47 ` Will Deacon
2025-07-28 12:47 ` Will Deacon
2025-07-28 16:37 ` Deepak Gupta [this message]
2025-07-28 16:37 ` Deepak Gupta
2025-07-25 17:06 ` Edgecombe, Rick P
2025-07-25 17:06 ` Edgecombe, Rick P
2025-07-25 17:19 ` Deepak Gupta
2025-07-25 17:19 ` Deepak Gupta
2025-07-25 18:05 ` Edgecombe, Rick P
2025-07-25 18:05 ` Edgecombe, Rick P
2025-07-28 19:23 ` Deepak Gupta
2025-07-28 19:23 ` Deepak Gupta
2025-07-28 21:19 ` Deepak Gupta
2025-07-28 21:19 ` Deepak Gupta
2025-07-24 23:37 ` [PATCH 11/11] riscv: Kconfig & Makefile for riscv kernel control flow integrity Deepak Gupta
2025-07-24 23:37 ` Deepak Gupta
2025-07-25 11:26 ` Heinrich Schuchardt
2025-07-25 11:26 ` Heinrich Schuchardt
2025-07-25 14:23 ` Deepak Gupta
2025-07-25 14:23 ` Deepak Gupta
2025-07-25 14:39 ` Heinrich Schuchardt
2025-07-25 14:39 ` Heinrich Schuchardt
2025-07-24 23:38 ` [PATCH 00/11] riscv: fine grained hardware assisted kernel control-flow integrity Deepak Gupta
2025-07-24 23:38 ` Deepak Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aIenTs_D4l414isp@debug.ba.rivosinc.com \
--to=debug@rivosinc.com \
--cc=Liam.Howlett@oracle.com \
--cc=ajones@ventanamicro.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=andrew@sifive.com \
--cc=aou@eecs.berkeley.edu \
--cc=apatel@ventanamicro.com \
--cc=bjorn@rivosinc.com \
--cc=broonie@kernel.org \
--cc=charlie@rivosinc.com \
--cc=cleger@rivosinc.com \
--cc=conor.dooley@microchip.com \
--cc=david@redhat.com \
--cc=fweimer@redhat.com \
--cc=heinrich.schuchardt@canonical.com \
--cc=jeffreyalaw@gmail.com \
--cc=justinstitt@google.com \
--cc=kito.cheng@sifive.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=lorenzo.stoakes@oracle.com \
--cc=masahiroy@kernel.org \
--cc=mhocko@suse.com \
--cc=monk.chiang@sifive.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=nicolas.schier@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=ved@rivosinc.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.