From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com [209.85.222.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B00984A07 for ; Tue, 10 Mar 2026 00:04:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.175 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773101088; cv=none; b=a1cp7NIGjg7ka/LFVEQl043I48bnyyiv67+yNYK5FfiomY1FfePhNtPwdAXNWelx40Ag55lLaW8cJpPLr2tQeK8m68wWmeqBEOMv+ZrKly6twi6dYIGKGpZhQRA2TytRw+fNo91f25k7fI0NuKVosw4mDqH6M4KiyrfDHAVv0Xs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773101088; c=relaxed/simple; bh=U7X9Rrg53v2702lQDrtfo7i1Ovdx4/icSSy7DPGoGPk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=jCahay5pfkx11FOX5Gemg92EBzXibpQUtXZE0viFOIz9/Aj5f8cHQkHjRofDRvpQ2ZBxDWm0p7+R4jgOwROPLm6tSJFpwfpScKJCBa3ZwpIke4Ub7xDTH3hBqSMr/PiGvDn4FlHytT6/T2Js94jKHK1RelwatH0YegRVZdEybSI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b=K51tinoz; arc=none smtp.client-ip=209.85.222.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc.com header.i=@rivosinc.com header.b="K51tinoz" Received: by mail-qk1-f175.google.com with SMTP id af79cd13be357-8c6f21c2d81so1156300085a.2 for ; Mon, 09 Mar 2026 17:04:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc.com; s=google; t=1773101085; x=1773705885; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=JZ4enocr2Iaux0f+iqPmMDVxHO0+VFH8TDCns5aR9c8=; b=K51tinozQF/Vl0rw7ChXskUzTNNMJDk2PL/VU2yieOLlssRwqSZKT/0mN4X7fSx+v9 9Lq2ZHfJf8IursT5PLotrYsfEoBxFH1MNp1fZunMeuAQ1/xjTCXR8enDSVBK7JU1sT72 9A7F3DcpLsp5Uym1/ZSYTuWqzvt//G4vNcmtM+LaOTLlGL43G1XBzByvxJXppZrd8oEO zDTEBrBK44/T72KiTI8OxH5NN43g4TvRffSHzIWyiMSLFd29Pl76z/djXPlVcML9soJ1 Nmnl0xrFIyKF62Ko5d9YsIJX/C/hYSWdsZMYLmL4fEDP465MArOarAx7M1SeI3iQRe00 2z0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773101086; x=1773705886; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JZ4enocr2Iaux0f+iqPmMDVxHO0+VFH8TDCns5aR9c8=; b=rr9xxkdKEZk9HNb6cgwP5gUspZkNRcYsT8KCiFMVDCV/WR/+D7DZ5FLQLkhGJbhwAR t8nOgToYhqJ5eE/wSRLi2wtnV4BLCT+IQ48CfaJsWL0KlKqBEDxk53ibTNUxak/+YogZ X0dcr1ZIldrVEeU1z9MD0fN6niIbRLzXCoiTkOvofFByAcGWOUdOCVWVJw0Ue6TQ+Cv7 CHsFtyMMcINN2jzIj57CaEi4kuJILzGMX+C8qL1nZNFjIgkkRGzl7vrweb1H3Rw7yTtr PMUPf+H/9a+qgW8BNyint+y0dDZrJzr+d+iF4EZULzs3fMsO1WlbAx5SgnMo/AJ5zdug pv4A== X-Forwarded-Encrypted: i=1; AJvYcCV5lLLw5Yp3vVIj37p/FPkmrbUGWlnYXVdzvnSmWLJR6h2lgc0Qp2+7xgpvAbtzdt0WiYsbUbHoG2On/wc=@vger.kernel.org X-Gm-Message-State: AOJu0Yws7zeLUtbxuZw4sRFdS+vf9NC3I1yy5a6dNpewvA8qmglVvopi bgwcOvm8SS70G4ediENx9mTWOsrev54HCeL8Vyaof33/BYnYcwCzrH8nyymlt2lmj70= X-Gm-Gg: ATEYQzw2oezy+4eGIQaPn08Pkdd7S3007s+BW1rv2p7dgbvfBc7bgNRVjKjoDy/9TBL 4DYbi7gxN4xdyq9Q/bbKMB+7igNDRKm0SH8XcJVY/jMkkr4zHa22aAuzKdNUsHqTqjLM+4J8rJ4 bmreVjTfg9S4jLZ+FBT2XE3UycSEq6UiKS7/DRMpxNwQzq4cbaavauqYqnedZHV307vp5XMEBoy Dxj310H4/Ljerz1YJ2Z6vyKgEeUXhAQ/ayCVApUwGnTMIB7YT+qopAX8Sq/YM6uZn+JhyKSbe8Y AkLkKWStTVR3O4UO4YyJktjoWkWh67v4PAVeGoRQEvijfVKfQpS8qgGo1lPYoGZDclRjTPMJak4 GR0zf3p0RmwgIGR6yRN0FA1QXJkG7rgDkeRMgCLOQHyTQc5sQT4Bj3bdUJnAdWLijDOeLCRNbt7 IRFO9GkG+nknlz0Oe0IrvHVyeqza/P3I4A X-Received: by 2002:a05:620a:4722:b0:8cb:4b07:c42f with SMTP id af79cd13be357-8cd6d512ccbmr1714595185a.82.1773101085607; Mon, 09 Mar 2026 17:04:45 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8cd7aec942csm509131885a.10.2026.03.09.17.04.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Mar 2026 17:04:45 -0700 (PDT) Date: Mon, 9 Mar 2026 17:04:43 -0700 From: Deepak Gupta To: Zong Li Cc: pjw@kernel.org, palmer@dabbelt.com, aou@eecs.berkeley.edu, alex@ghiti.fr, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] riscv: cif: clear CFI lock status in start_thread Message-ID: References: <20260306080622.3864367-1-zong.li@sifive.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20260306080622.3864367-1-zong.li@sifive.com> On Fri, Mar 06, 2026 at 12:06:22AM -0800, Zong Li wrote: >When libc locks the CFI status through the following prctl: > - PR_LOCK_SHADOW_STACK_STATUS > - PR_LOCK_INDIR_BR_LP_STATUS > >A newly forked process will inherit the lock status if it Might want use term "newly execd address space" or something like that. libc shouldn't be enabling cfi after `fork` or `clone`. `exec*` are the ones which should have their slate clean and it seems like `lock` status was not set to clear which this patch fixes. Thanks for that. >does not clear the lock bits. Since the lock bits remain >set, libc will later fail to enable the landing pad and >shadow stack. > >Signed-off-by: Zong Li >--- > arch/riscv/include/asm/usercfi.h | 8 ++++---- > arch/riscv/kernel/process.c | 2 ++ > arch/riscv/kernel/usercfi.c | 12 ++++++------ > 3 files changed, 12 insertions(+), 10 deletions(-) > >diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h >index f7fa9d602aae..c4ab11378308 100644 >--- a/arch/riscv/include/asm/usercfi.h >+++ b/arch/riscv/include/asm/usercfi.h >@@ -39,7 +39,7 @@ void set_active_shstk(struct task_struct *task, unsigned long shstk_addr); > bool is_shstk_enabled(struct task_struct *task); > bool is_shstk_locked(struct task_struct *task); > bool is_shstk_allocated(struct task_struct *task); >-void set_shstk_lock(struct task_struct *task); >+void set_shstk_lock(struct task_struct *task, bool lock); > void set_shstk_status(struct task_struct *task, bool enable); > unsigned long get_active_shstk(struct task_struct *task); > int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr); >@@ -47,7 +47,7 @@ int save_user_shstk(struct task_struct *tsk, unsigned long *saved_shstk_ptr); > bool is_indir_lp_enabled(struct task_struct *task); > bool is_indir_lp_locked(struct task_struct *task); > void set_indir_lp_status(struct task_struct *task, bool enable); >-void set_indir_lp_lock(struct task_struct *task); >+void set_indir_lp_lock(struct task_struct *task, bool lock); > > #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE) > >@@ -69,7 +69,7 @@ void set_indir_lp_lock(struct task_struct *task); > > #define is_shstk_allocated(task) false > >-#define set_shstk_lock(task) do {} while (0) >+#define set_shstk_lock(task, lock) do {} while (0) > > #define set_shstk_status(task, enable) do {} while (0) > >@@ -79,7 +79,7 @@ void set_indir_lp_lock(struct task_struct *task); > > #define set_indir_lp_status(task, enable) do {} while (0) > >-#define set_indir_lp_lock(task) do {} while (0) >+#define set_indir_lp_lock(task, lock) do {} while (0) > > #define restore_user_shstk(tsk, shstk_ptr) -EINVAL > >diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c >index 6b3648256a0f..36bac478f1e1 100644 >--- a/arch/riscv/kernel/process.c >+++ b/arch/riscv/kernel/process.c >@@ -164,11 +164,13 @@ void start_thread(struct pt_regs *regs, unsigned long pc, > set_shstk_status(current, false); > set_shstk_base(current, 0, 0); > set_active_shstk(current, 0); >+ set_shstk_lock(current, false); > /* > * disable indirect branch tracking on exec. > * libc will enable it later via prctl. > */ > set_indir_lp_status(current, false); >+ set_indir_lp_lock(current, false); Perhaps set status field to zero to prevent any future regression too. > > #ifdef CONFIG_64BIT > regs->status &= ~SR_UXL; >diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c >index a8530e6afb1e..a101e317fe5e 100644 >--- a/arch/riscv/kernel/usercfi.c >+++ b/arch/riscv/kernel/usercfi.c >@@ -74,9 +74,9 @@ void set_shstk_status(struct task_struct *task, bool enable) > csr_write(CSR_ENVCFG, task->thread.envcfg); > } > >-void set_shstk_lock(struct task_struct *task) >+void set_shstk_lock(struct task_struct *task, bool lock) > { >- task->thread_info.user_cfi_state.ubcfi_locked = 1; >+ task->thread_info.user_cfi_state.ubcfi_locked = lock; > } > > bool is_indir_lp_enabled(struct task_struct *task) >@@ -104,9 +104,9 @@ void set_indir_lp_status(struct task_struct *task, bool enable) > csr_write(CSR_ENVCFG, task->thread.envcfg); > } > >-void set_indir_lp_lock(struct task_struct *task) >+void set_indir_lp_lock(struct task_struct *task, bool lock) > { >- task->thread_info.user_cfi_state.ufcfi_locked = 1; >+ task->thread_info.user_cfi_state.ufcfi_locked = lock; > } > /* > * If size is 0, then to be compatible with regular stack we want it to be as big as >@@ -452,7 +452,7 @@ int arch_lock_shadow_stack_status(struct task_struct *task, > !is_shstk_enabled(task) || arg != 0) > return -EINVAL; > >- set_shstk_lock(task); >+ set_shstk_lock(task, true); > > return 0; > } >@@ -502,7 +502,7 @@ int arch_lock_indir_br_lp_status(struct task_struct *task, > !is_indir_lp_enabled(task) || arg != 0) > return -EINVAL; > >- set_indir_lp_lock(task); >+ set_indir_lp_lock(task, true); > > return 0; > } >-- >2.43.7 >