From: Deepak Gupta <debug@rivosinc.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "corbet@lwn.net" <corbet@lwn.net>,
"robh@kernel.org" <robh@kernel.org>,
"lorenzo.stoakes@oracle.com" <lorenzo.stoakes@oracle.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"vbabka@suse.cz" <vbabka@suse.cz>,
"brauner@kernel.org" <brauner@kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>,
"Liam.Howlett@oracle.com" <Liam.Howlett@oracle.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"oleg@redhat.com" <oleg@redhat.com>,
"krzk+dt@kernel.org" <krzk+dt@kernel.org>,
"conor@kernel.org" <conor@kernel.org>,
"ebiederm@xmission.com" <ebiederm@xmission.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"arnd@arndb.de" <arnd@arndb.de>, "bp@alien8.de" <bp@alien8.de>,
"kees@kernel.org" <kees@kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"shuah@kernel.org" <shuah@kernel.org>,
"broonie@kernel.org" <broonie@kernel.org>,
"jim.shu@sifive.com" <jim.shu@sifive.com>,
"alistair.francis@wdc.com" <alistair.francis@wdc.com>,
"cleger@rivosinc.com" <cleger@rivosinc.com>,
"kito.cheng@sifive.com" <kito.cheng@sifive.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"samitolvanen@google.com" <samitolvanen@google.com>,
"evan@rivosinc.com" <evan@rivosinc.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"atishp@rivosinc.com" <atishp@rivosinc.com>,
"andybnac@gmail.com" <andybnac@gmail.com>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
"charlie@rivosinc.com" <charlie@rivosinc.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"richard.henderson@linaro.org" <richard.henderson@linaro.org>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"alexghiti@rivosinc.com" <alexghiti@rivosinc.com>
Subject: Re: [PATCH v6 16/33] riscv/shstk: If needed allocate a new shadow stack on clone
Date: Tue, 8 Oct 2024 16:17:47 -0700 [thread overview]
Message-ID: <ZwW9m6pqcTFBovuG@debug.ba.rivosinc.com> (raw)
In-Reply-To: <aa75cbd142c51b996423f18769d8b8d7ecc39081.camel@intel.com>
On Tue, Oct 08, 2024 at 10:55:29PM +0000, Edgecombe, Rick P wrote:
>On Tue, 2024-10-08 at 15:36 -0700, Deepak Gupta wrote:
>> +unsigned long shstk_alloc_thread_stack(struct task_struct *tsk,
>> + const struct kernel_clone_args *args)
>> +{
>> + unsigned long addr, size;
>> +
>> + /* If shadow stack is not supported, return 0 */
>> + if (!cpu_supports_shadow_stack())
>> + return 0;
>> +
>> + /*
>> + * If shadow stack is not enabled on the new thread, skip any
>> + * switch to a new shadow stack.
>> + */
>> + if (!is_shstk_enabled(tsk))
>> + return 0;
>> +
>> + /*
>> + * For CLONE_VFORK the child will share the parents shadow stack.
>> + * Set base = 0 and size = 0, this is special means to track this state
>> + * so the freeing logic run for child knows to leave it alone.
>> + */
>> + if (args->flags & CLONE_VFORK) {
>> + set_shstk_base(tsk, 0, 0);
>> + return 0;
>> + }
>> +
>> + /*
>> + * For !CLONE_VM the child will use a copy of the parents shadow
>> + * stack.
>> + */
>> + if (!(args->flags & CLONE_VM))
>> + return 0;
>> +
>> + /*
>> + * reaching here means, CLONE_VM was specified and thus a separate shadow
>> + * stack is needed for new cloned thread. Note: below allocation is happening
>> + * using current mm.
>> + */
>> + size = calc_shstk_size(args->stack_size);
>> + addr = allocate_shadow_stack(0, size, 0, false);
>> + if (IS_ERR_VALUE(addr))
>> + return addr;
>> +
>> + set_shstk_base(tsk, addr, size);
>> +
>> + return addr + size;
>> +}
>
>A lot of this patch and the previous one is similar to x86's and arm's. It great
>that we can have consistency around this behavior.
>
>There might be enough consistency to refactor some of the arch code into a
>kernel/shstk.c.
>
>Should we try?
Yeah you're right. Honestly, I've been shameless in adapting most of the flows
from x86 `shstk.c` for risc-v. So thank you for that.
Now that we've `ARCH_HAS_USER_SHADOW_STACK` part of multiple patch series (riscv
shadowstack, clone3 and I think arm64 gcs series as well). It's probably the
appropriate time to find common grounds.
This is what I suggest
- move most of the common/arch agnostic shadow stack stuff in kernel/shstk.c
This gets part of compile if `ARCH_HAS_USER_SHADOW_STACK` is enabled/selected.
- allow arch specific branch out guard checks for "if cpu supports", "is shadow stack
enabled on the task_struct" (I expect each arch layout of task_struct will be
different, no point finding common ground there), etc.
I think it's worth a try.
If you already don't have patches, I'll spend some time to see what it takes to
converge in my next version. If I end up into some roadblock, will use this thread
for further discussion.
next prev parent reply other threads:[~2024-10-08 23:17 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-08 22:36 [PATCH v6 00/33] riscv control-flow integrity for usermode Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 01/33] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 02/33] mm: helper `is_shadow_stack_vma` to check shadow stack vma Deepak Gupta
2024-10-09 11:11 ` Mark Brown
2024-10-08 22:36 ` [PATCH v6 03/33] riscv: Enable cbo.zero only when all harts support Zicboz Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 04/33] riscv: Add support for per-thread envcfg CSR values Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 05/33] riscv: Call riscv_user_isa_enable() only on the boot hart Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 06/33] riscv/Kconfig: enable HAVE_EXIT_THREAD for riscv Deepak Gupta
2024-10-09 11:28 ` Mark Brown
2024-10-29 22:06 ` Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 07/33] dt-bindings: riscv: zicfilp and zicfiss in dt-bindings (extensions.yaml) Deepak Gupta
2024-10-25 21:58 ` Rob Herring (Arm)
2024-10-08 22:36 ` [PATCH v6 08/33] riscv: zicfiss / zicfilp enumeration Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 09/33] riscv: zicfiss / zicfilp extension csr and bit definitions Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 10/33] riscv: usercfi state for task and save/restore of CSR_SSP on trap entry/exit Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 11/33] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE Deepak Gupta
2024-10-09 13:36 ` Lorenzo Stoakes
2024-10-10 0:02 ` Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 12/33] riscv mm: manufacture shadow stack pte Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 13/33] riscv mmu: teach pte_mkwrite to manufacture shadow stack PTEs Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 14/33] riscv mmu: write protect and shadow stack Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 15/33] riscv/mm: Implement map_shadow_stack() syscall Deepak Gupta
2024-10-08 22:36 ` [PATCH v6 16/33] riscv/shstk: If needed allocate a new shadow stack on clone Deepak Gupta
2024-10-08 22:55 ` Edgecombe, Rick P
2024-10-08 23:17 ` Deepak Gupta [this message]
2024-10-08 23:31 ` Edgecombe, Rick P
2024-10-09 10:25 ` Mark Brown
2024-10-08 22:36 ` [PATCH v6 17/33] prctl: arch-agnostic prctl for shadow stack Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 18/33] prctl: arch-agnostic prctl for indirect branch tracking Deepak Gupta
2024-10-09 11:03 ` Mark Brown
2024-10-08 22:37 ` [PATCH v6 19/33] riscv: Implements arch agnostic shadow stack prctls Deepak Gupta
2024-10-09 12:44 ` Mark Brown
2024-10-08 22:37 ` [PATCH v6 20/33] riscv: Implements arch agnostic indirect branch tracking prctls Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 21/33] riscv/traps: Introduce software check exception Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 22/33] riscv: signal: abstract header saving for setup_sigcontext Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 23/33] riscv/signal: save and restore of shadow stack for signal Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 24/33] riscv/kernel: update __show_regs to print shadow stack register Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 25/33] riscv/ptrace: riscv cfi status and state via ptrace and in core files Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 26/33] riscv/hwprobe: zicfilp / zicfiss enumeration in hwprobe Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 27/33] riscv: Add Firmware Feature SBI extensions definitions Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 28/33] riscv: enable kernel access to shadow stack memory via FWFT sbi call Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 29/33] riscv: kernel command line option to opt out of user cfi Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 30/33] riscv: create a config for shadow stack and landing pad instr support Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 31/33] riscv: Documentation for landing pad / indirect branch tracking Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 32/33] riscv: Documentation for shadow stack on riscv Deepak Gupta
2024-10-08 22:37 ` [PATCH v6 33/33] kselftest/riscv: kselftest for user mode cfi Deepak Gupta
2024-10-11 5:44 ` Zong Li
2024-10-11 10:18 ` Mark Brown
2024-10-11 11:43 ` Zong Li
2024-10-11 19:45 ` Deepak Gupta
2024-10-14 14:33 ` Zong Li
2024-10-09 11:05 ` [PATCH v6 00/33] riscv control-flow integrity for usermode Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZwW9m6pqcTFBovuG@debug.ba.rivosinc.com \
--to=debug@rivosinc.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=alexghiti@rivosinc.com \
--cc=alistair.francis@wdc.com \
--cc=andybnac@gmail.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=atishp@rivosinc.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=charlie@rivosinc.com \
--cc=cleger@rivosinc.com \
--cc=conor@kernel.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=evan@rivosinc.com \
--cc=hpa@zytor.com \
--cc=jim.shu@sifive.com \
--cc=kees@kernel.org \
--cc=kito.cheng@sifive.com \
--cc=krzk+dt@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=rick.p.edgecombe@intel.com \
--cc=robh@kernel.org \
--cc=samitolvanen@google.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).