[PATCH v14 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call

Deepak Gupta Tue, 29 Apr 2025 17:40:02 -0700

Kernel will have to perform shadow stack operations on user shadow stack.
Like during signal delivery and sigreturn, shadow stack token must be
created and validated respectively. Thus shadow stack access for kernel
must be enabled.


In future when kernel shadow stacks are enabled for linux kernel, it must
be enabled as early as possible for better coverage and prevent imbalance
between regular stack and shadow stack. After `relocate_enable_mmu` has
been done, this is as early as possible it can enabled.

Reviewed-by: Zong Li <zong...@sifive.com>
Signed-off-by: Deepak Gupta <de...@rivosinc.com>
---
 arch/riscv/kernel/asm-offsets.c |  4 ++++
 arch/riscv/kernel/head.S        | 23 +++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
index f33945432f8f..7ab41f01aa17 100644
--- a/arch/riscv/kernel/asm-offsets.c
+++ b/arch/riscv/kernel/asm-offsets.c
@@ -514,4 +514,8 @@ void asm_offsets(void)
        DEFINE(FREGS_A6,            offsetof(struct __arch_ftrace_regs, a6));
        DEFINE(FREGS_A7,            offsetof(struct __arch_ftrace_regs, a7));
 #endif
+       DEFINE(SBI_EXT_FWFT, SBI_EXT_FWFT);
+       DEFINE(SBI_EXT_FWFT_SET, SBI_EXT_FWFT_SET);
+       DEFINE(SBI_FWFT_SHADOW_STACK, SBI_FWFT_SHADOW_STACK);
+       DEFINE(SBI_FWFT_SET_FLAG_LOCK, SBI_FWFT_SET_FLAG_LOCK);
 }
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index 356d5397b2a2..d47876eca637 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -15,6 +15,7 @@
 #include <asm/image.h>
 #include <asm/scs.h>
 #include <asm/xip_fixup.h>
+#include <asm/usercfi.h>
 #include "efi-header.S"
 
 __HEAD
@@ -164,6 +165,17 @@ secondary_start_sbi:
        call relocate_enable_mmu
 #endif
        call .Lsetup_trap_vector
+       li a7, SBI_EXT_FWFT
+       li a6, SBI_EXT_FWFT_SET
+       li a0, SBI_FWFT_SHADOW_STACK
+       li a1, 1 /* enable supervisor to access shadow stack access */
+       li a2, SBI_FWFT_SET_FLAG_LOCK
+       ecall
+       beqz a0, 1f
+       la a1, riscv_nousercfi
+       li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI
+       REG_S a0, (a1)
+1:
        scs_load_current
        call smp_callin
 #endif /* CONFIG_SMP */
@@ -320,6 +332,17 @@ SYM_CODE_START(_start_kernel)
        la tp, init_task
        la sp, init_thread_union + THREAD_SIZE
        addi sp, sp, -PT_SIZE_ON_STACK
+       li a7, SBI_EXT_FWFT
+       li a6, SBI_EXT_FWFT_SET
+       li a0, SBI_FWFT_SHADOW_STACK
+       li a1, 1 /* enable supervisor to access shadow stack access */
+       li a2, SBI_FWFT_SET_FLAG_LOCK
+       ecall
+       beqz a0, 1f
+       la a1, riscv_nousercfi
+       li a0, CMDLINE_DISABLE_RISCV_USERCFI_BCFI
+       REG_S a0, (a1)
+1:
        scs_load_current
 
 #ifdef CONFIG_KASAN

-- 
2.43.0

[PATCH v14 22/27] riscv: enable kernel access to shadow stack memory via FWFT sbi call

Reply via email to