From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8CB9FC369C2
	for <linux-mm@archiver.kernel.org>; Fri, 25 Apr 2025 11:42:50 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A24266B00AF; Fri, 25 Apr 2025 07:42:48 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9D2A06B00B0; Fri, 25 Apr 2025 07:42:48 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 8750F6B00B1; Fri, 25 Apr 2025 07:42:48 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 6677E6B00AF
	for <linux-mm@kvack.org>; Fri, 25 Apr 2025 07:42:48 -0400 (EDT)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 92145120E6F
	for <linux-mm@kvack.org>; Fri, 25 Apr 2025 11:42:49 +0000 (UTC)
X-FDA: 83372379258.22.CB42386
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50])
	by imf21.hostedemail.com (Postfix) with ESMTP id 9FB881C000E
	for <linux-mm@kvack.org>; Fri, 25 Apr 2025 11:42:47 +0000 (UTC)
Authentication-Results: imf21.hostedemail.com;
	dkim=pass header.d=ventanamicro.com header.s=google header.b=MUXgATmC;
	dmarc=none;
	spf=pass (imf21.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745581367; a=rsa-sha256;
	cv=none;
	b=t7Hc0u1ciNUZ1ZfnFaAXt6PIgqyzoaQ/29ItEWg2mg43o7w19H0KeaA4hRzec3hP5S9TKm
	8WoLl7j53I8OSqYNdmWZwpRsKgtIV8o1U7DRXmQlvzNqLDWcfu+9izQcpRhvLpTMyFOeIm
	MQKzVcGXLGsVFCzFsnD4By64otJfqZM=
ARC-Authentication-Results: i=1;
	imf21.hostedemail.com;
	dkim=pass header.d=ventanamicro.com header.s=google header.b=MUXgATmC;
	dmarc=none;
	spf=pass (imf21.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1745581367;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=RyVQraiD8choursJseiRmBXZoIZWNTeRkqd4Ai9q43w=;
	b=yiAJ7Qghe4+BAPcqRbxlHNb9oPH1ro9LmHxKIkMJ/C6ImrAi3Ozb98oId2P45RdSL0dzOF
	i6NDL341//bM4MfSTAElZPls5EoPhtDqxJLDnjn1m7MtPW9a700QL9epsV9NyHuKzvEYxj
	Vcv0fmzDOhFuOlFLLBV84OAFvUpOU+A=
Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-43ce4e47a85so1795985e9.0
        for <linux-mm@kvack.org>; Fri, 25 Apr 2025 04:42:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ventanamicro.com; s=google; t=1745581366; x=1746186166; darn=kvack.org;
        h=in-reply-to:references:from:to:cc:subject:message-id:date
         :content-transfer-encoding:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=RyVQraiD8choursJseiRmBXZoIZWNTeRkqd4Ai9q43w=;
        b=MUXgATmCKZmI8BANUqVivWJaddButnoTGPxoVPPFUtnrE0QdW7F9ufl32T4ED0+IEX
         JBz69j9JZ+n24/hM/a7dmITs9Cgzhvu1Wdm/DeUCdD1jIkEFZUAGJsAePRkxYMEWn5D9
         HO2oREVPUcFmIBXR3H7CvhY/9s0NS6JBYWiQBA0bKFxCONQajv2D5DgjoWR/YebC8N12
         t7tbSzUWqmt0IBDcoGsBa4mT/XerbBd0RJtFStbR+l8hwMZtL0hBUtQ522ck+JHzolxB
         gLwMmvt/KQiGR+Yl4uYJy5zCKOdsAZ1ZnUFEd9CHG2hAL8UKhkGT9TaadSIG+xTSqZ8A
         au1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745581366; x=1746186166;
        h=in-reply-to:references:from:to:cc:subject:message-id:date
         :content-transfer-encoding:mime-version:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=RyVQraiD8choursJseiRmBXZoIZWNTeRkqd4Ai9q43w=;
        b=GnQ7PuXJuzdKtIzdUi0TkYU9AkSDxw5erqJMcnw3V2B+OITNNfELK9gF/wyYKNSm0c
         flj8yRopPFAk06DtfePCjwA3Xqfc1i9P2BphpNbm7ZrMhQuy6WicS47Aqir4iSf5qxBR
         ITRDJpZ83ndGR9D2F7dFYKROqOLMvXH3SSUZFomYfNTb/wR0FQoe8ecrs3t0CQA0HAZe
         jiw6NCSaqf11SZSobgxpwHpJROwaWxRa3oNo7QuFsGu5ZZta65juOa6x69oxdMvwo4J9
         6AKbk3IFyXpy/oi+pYeAJVL7mLAc34sTBbvxZAOD17TCTh4QweEHU1YC6edugnJkZTZl
         56Nw==
X-Forwarded-Encrypted: i=1; AJvYcCVX9jCCueTYPC9gbmDuRmlI2wTmsB0iDMJsy/EYhuR4OT3ajhIfweN1tJ0k40D0kuwh2f5YajpWmw==@kvack.org
X-Gm-Message-State: AOJu0YxipqzfzVAtPFqrpWqHOINhfwZMWTT7Xr0XTFPgNMOfHKxWnL0H
	oR8cAQ4xfNQZonRP6X7DEjIR07hJBUh+uZO17DQo4/x5x2YQA3rL+VTA0v0w+BQ=
X-Gm-Gg: ASbGncu9yvmGQLPP970/CTAuQp6qscDYJo0x2ehOlnQr2QsfHgsJI8aRZ3Wv2U1pxQO
	+/nd33JJ3YphXnlEor8S8Vyzu+aq+sNSRJp8XOph+vUVkVba+d87S0zl+8/zq0fsebEkVKrfkGv
	KT5aIm6IpY67Uy7z/+j96Z8vikPEoDHjAoebYIZX+lzniJzh2It3vrYc3HjJJDeiiI1hP2Fl3ht
	po6SCnnT891kO9+mt75pf0pSOnOIXtqmXP9ucZZRMeyDsJBQQ1he8+Ccx2sRw3Hr+sULWdyFp7h
	uacYPclLSulWN+YeY5Hvpf2je0d+MzRAfoITJFIx7VgnzRsi
X-Google-Smtp-Source: AGHT+IHSwXKm2b0KR1kACN9BXrADFLHJi8d2f8OL0xZ1T0iAnfUkAWtBlFVbUnZ2xOUkCinbSJhTAg==
X-Received: by 2002:a05:600c:1d01:b0:43d:fa5e:50e6 with SMTP id 5b1f17b1804b1-440a66c250dmr6293955e9.9.1745581365815;
        Fri, 25 Apr 2025 04:42:45 -0700 (PDT)
Received: from localhost ([2a02:8308:a00c:e200:84a3:2b0a:bdb8:ce08])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a073e4698csm2104230f8f.62.2025.04.25.04.42.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 25 Apr 2025 04:42:45 -0700 (PDT)
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Fri, 25 Apr 2025 13:42:44 +0200
Message-Id: <D9FOY8JACYTH.1FU7ZTEHFC5NI@ventanamicro.com>
Subject: Re: [PATCH v12 12/28] riscv: Implements arch agnostic shadow stack
 prctls
Cc: "Thomas Gleixner" <tglx@linutronix.de>, "Ingo Molnar"
 <mingo@redhat.com>, "Borislav Petkov" <bp@alien8.de>, "Dave Hansen"
 <dave.hansen@linux.intel.com>, <x86@kernel.org>, "H. Peter Anvin"
 <hpa@zytor.com>, "Andrew Morton" <akpm@linux-foundation.org>, "Liam R.
 Howlett" <Liam.Howlett@oracle.com>, "Vlastimil Babka" <vbabka@suse.cz>,
 "Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>, "Paul Walmsley"
 <paul.walmsley@sifive.com>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Albert
 Ou" <aou@eecs.berkeley.edu>, "Conor Dooley" <conor@kernel.org>, "Rob
 Herring" <robh@kernel.org>, "Krzysztof Kozlowski" <krzk+dt@kernel.org>,
 "Arnd Bergmann" <arnd@arndb.de>, "Christian Brauner" <brauner@kernel.org>,
 "Peter Zijlstra" <peterz@infradead.org>, "Oleg Nesterov" <oleg@redhat.com>,
 "Eric Biederman" <ebiederm@xmission.com>, "Kees Cook" <kees@kernel.org>,
 "Jonathan Corbet" <corbet@lwn.net>, "Shuah Khan" <shuah@kernel.org>, "Jann
 Horn" <jannh@google.com>, "Conor Dooley" <conor+dt@kernel.org>,
 <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
 <linux-mm@kvack.org>, <linux-riscv@lists.infradead.org>,
 <devicetree@vger.kernel.org>, <linux-arch@vger.kernel.org>,
 <linux-doc@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
 <alistair.francis@wdc.com>, <richard.henderson@linaro.org>,
 <jim.shu@sifive.com>, <andybnac@gmail.com>, <kito.cheng@sifive.com>,
 <charlie@rivosinc.com>, <atishp@rivosinc.com>, <evan@rivosinc.com>,
 <cleger@rivosinc.com>, <alexghiti@rivosinc.com>, <samitolvanen@google.com>,
 <broonie@kernel.org>, <rick.p.edgecombe@intel.com>, "linux-riscv"
 <linux-riscv-bounces@lists.infradead.org>
To: "Deepak Gupta" <debug@rivosinc.com>
From: =?utf-8?q?Radim_Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@ventanamicro.com>
References: <20250314-v5_user_cfi_series-v12-0-e51202b53138@rivosinc.com>
 <20250314-v5_user_cfi_series-v12-12-e51202b53138@rivosinc.com>
 <D92V2NPNZYV0.136MJ2HOK48HE@ventanamicro.com>
 <aAnBmexbL4XmVxQk@debug.ba.rivosinc.com>
 <D9EWR3RQK0FD.3GF55KNS53YSR@ventanamicro.com>
 <aAp_87-Xr6gn_hD7@debug.ba.rivosinc.com>
In-Reply-To: <aAp_87-Xr6gn_hD7@debug.ba.rivosinc.com>
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 9FB881C000E
X-Stat-Signature: 9ydyib4dkapbpezp6i9fepyk71erzd8x
X-Rspam-User: 
X-HE-Tag: 1745581367-837313
X-HE-Meta: U2FsdGVkX192EKVy53DVh4egT9uy9quTHoFEekeE15O25LxmYmn+56D1vbVau4cVdUF0MYZJUqc8d4m2dGrwnx9FIKQDSluQ7JmKOLYzRxnbsnurgla3wbM8lAbAv29/dpFK1jdQ+9gZUSTQuFiY0UJJYnWbjN1jdH9SwH6q+FJBRE9hisM+cDGCsJwRnhBduJZjU3LmRGxRYc82oAbFwEzgnjP1pEOaks3J+0kPuVc+XWzCFXJJeqr0uimQlucZIBjNfY013+duq16MGc9luke6Ov29pl2dUOaXa8XzbcbdtKcvL6SOI+2auhKLwZebWiIYmvEWiufQM6YVS/bCWUARYHmj+oNCTc+ncLHPyV5BhM9ufjFWazCj4fQDbvomB2TTAAgb0wgziHvJ3ld87UWWJX1BNALKthrnp3fUji/xy4QOmGN3k4sfQfJmae0Z08SFUdnYL8b+/69R4xm2IDr8PpxMCD43WCjAwe03gHu/Z4DdcXl+Lf7s8CgX6yFIpuOzIyzgrerjGdd67KAtSGIIioNX8L7oEt6EPt/DuAe7GrvytCVGxdksdJHPQMV3qbglEU5gp8CnoCuExkETFI47liI49KmC78WweRzmZB2fkKuqOi69h+OktQJW6yYoEYlxtXgCf8zpZe7J9YbbJBM41BMt/EYe36t+Xy7ypui11r+XXlu9fhVrfbMI8VQisSAbc9z/SivOzWmpnHb2l9p3Oa0zi7ucdOC7rKeHn6lEsF4l3zG2CwfvgL5HRwJXbQOoqHRxW1okx9vJAkmvFQYZQXSWY9xzjJDaGVihANRMU4oQkU8Q2r1Y0DcNCDz98m95QpLvf3tAk23vE6HxAGdhM4h+37b6pgJD+6s0sUJBi+GbAIxQyn9UVCToQGiLQIAdRF5EFGAkcwghyL2dDyR/W3SxQAFuvoyN9ZPsXaksDvd3k/jB84VMS9FexjRcf6ryAeYEln/qacBrMLb
 F8EG+bsN
 jnal51FVRa01746fHnpxw2VNbJEqdJq3J0GthPsej9tsyJJLmyvuhjhDtTDDxnPfm0RA6vuAy1C4GdWJnldWQfJdaRuaagIpniGMbQE69lpuHKp84W/gIt0nZZZQLN2sKXer5ZArQa90Ebkq4TtOLBh18j8B1NXZE5gygf/77j1RHf/Dja+iiIK02dzVYi6iVd+OvRzkV/Zy1Al8LF3UMaW6sM4lhkVUmlOoYL4I9WEAUhqB08u9tU3Ab8W0wlhCLZcSQweb4Leet59QYQPSublSukUw4Cq0dQV4rnNkft9MOgKq4xTVIro612Kv+OxHTIaIOx7GNM2wbWGCTnsMJfEZreU+Sd04LkKlbXM7oUoi8wG2tD1tT5A36ruJ4tk8FR/mASX7gXCsQyBEjRcDNIpGvEflS611eY3t3Wj7mdo1h8W1w/5dG/lKnceSwJ4kjuWJGnUI3N/ZqWTv5wja9U41Xj+3A5MjybABHJ/eN0B93tnc2V3LUOiJddZP7TNUDos1YTbuqEcn3pQB++DsbP5BTyDVXcYEp9u7jF+zTPoz6knpzWGRKzr3/3NVnzEak1l06iYf9hZW2NR0NR9/85uUSEN+zGjESUAzjwCkEPT7XpDBS+CYE4AfqLsAeCvqwmBiZbvqEH2QxeuKYRt1Q4Ky2+A==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

2025-04-24T11:16:19-07:00, Deepak Gupta <debug@rivosinc.com>:
> On Thu, Apr 24, 2025 at 03:36:54PM +0200, Radim Kr=C4=8Dm=C3=A1=C5=99 wro=
te:
>>2025-04-23T21:44:09-07:00, Deepak Gupta <debug@rivosinc.com>:
>>> On Thu, Apr 10, 2025 at 11:45:58AM +0200, Radim Kr=C4=8Dm=C3=A1=C5=99 w=
rote:
>>>>2025-03-14T14:39:31-07:00, Deepak Gupta <debug@rivosinc.com>:
>>>>> diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/as=
m/usercfi.h
>>>>> @@ -14,7 +15,8 @@ struct kernel_clone_args;
>>>>>  struct cfi_status {
>>>>>  	unsigned long ubcfi_en : 1; /* Enable for backward cfi. */
>>>>> -	unsigned long rsvd : ((sizeof(unsigned long) * 8) - 1);
>>>>> +	unsigned long ubcfi_locked : 1;
>>>>> +	unsigned long rsvd : ((sizeof(unsigned long) * 8) - 2);
>>>>
>>>>The rsvd field shouldn't be necessary as the container for the bitfield
>>>>is 'unsigned long' sized.
>>>>
>>>>Why don't we use bools here, though?
>>>>It might produce a better binary and we're not hurting for struct size.
>>>
>>> If you remember one of the previous patch discussion, this goes into
>>> `thread_info` Don't want to bloat it. Even if we end shoving into task_=
struct,
>>> don't want to bloat that either. I can just convert it into bitmask if
>>> bitfields are an eyesore here.
>>
>>  "unsigned long rsvd : ((sizeof(unsigned long) * 8) - 2);"
>>
>>is an eyesore that defines exactly the same as the two lines alone
>>
>>  unsigned long ubcfi_en : 1;
>>  unsigned long ubcfi_locked : 1;
>>
>>That one should be removed.
>>
>>If we have only 4 bits in 4/8 bytes, then bitfields do generate worse
>>code than 4 bools and a 0/4 byte hole.  The struct size stays the same.
>>
>>I don't care much about the switch to bools, though, because this code
>>is not called often.
>
> I'll remove the bitfields, have single `unsigned long cfi_control_state`
> And do `#define RISCV_UBCFI_EN 1` and so on.

I might have seemed too much against the bitfieds, sorry.  I am against
the rsvd fields, because it is a pointless cognitive overhead and even
this series already had a bug in them.

#defines should generate the same code as bitfields (worse than bools),
so the source code is really a matter of personal preference.
(I do prefer bitfields.)

>>>>> @@ -262,3 +292,83 @@ void shstk_release(struct task_struct *tsk)
>>>>> +int arch_lock_shadow_stack_status(struct task_struct *task,
>>>>> +				  unsigned long arg)
>>>>> +{
>>>>> +	/* If shtstk not supported or not enabled on task, nothing to lock =
here */
>>>>> +	if (!cpu_supports_shadow_stack() ||
>>>>> +	    !is_shstk_enabled(task) || arg !=3D 0)
>>>>> +		return -EINVAL;
>>>>
>>>>The task might want to prevent shadow stack from being enabled?
>>>
>>> But Why would it want to do that? Task can simply not issue the prctl. =
There
>>> are glibc tunables as well using which it can be disabled.
>>
>>The task might do it as some last resort to prevent a buggy code from
>>enabling shadow stacks that would just crash.  Or whatever complicated
>>reason userspace can think of.
>>
>>It's more the other way around.  I wonder why we're removing this option
>>when we don't really care what userspace does to itself.
>>I think it's complicating the kernel without an obvious gain.
>
> It just feels wierd. There isn't anything like this for other features li=
t-up
> via envcfg. Does hwprobe allow this on per-task basis? I'll look into it.

I think PMM doesn't allow to lock and the rest don't seem configurable
from userspace.

It's not that important and we hopefully won't be breaking any userspace
if we decided to allow it later, so I'm fine with this version.