On Mon, Sep 19, 2022 at 9:45 PM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > On Sun, Sep 18, 2022 at 11:52:43AM -0400, guoren@xxxxxxxxxx wrote: > > > +ENTRY(call_on_stack) > > + /* Create a frame record to save our ra and fp */ > > + addi sp, sp, -RISCV_SZPTR > > + REG_S ra, (sp) > > + addi sp, sp, -RISCV_SZPTR > > + REG_S fp, (sp) > > + > > + /* Save sp in fp */ > > + move fp, sp > > + > > + /* Move to the new stack and call the function there */ > > + li a3, IRQ_STACK_SIZE > > + add sp, a1, a3 > > + jalr a2 > > + > > + /* > > + * Restore sp from prev fp, and fp, ra from the frame > > + */ > > + move sp, fp > > + REG_L fp, (sp) > > + addi sp, sp, RISCV_SZPTR > > + REG_L ra, (sp) > > + addi sp, sp, RISCV_SZPTR > > + ret > > +ENDPROC(call_on_stack) > > IIRC x86_64 moved away from a stack-switch function like this because it > presents a convenient exploit gadget. I found: https://lore.kernel.org/all/20210204204903.350275743@xxxxxxxxxxxxx/ - The fact that the stack switching code ended up being an easy to find exploit gadget. What's the exploit gadget? Do you have a ref link? Thx. > > I'm not much of an exploit writer and I've no idea how effective our > inline stategy is, perhaps other can comment. It seems that I should move to an inline flavor. a0cfc74d0b00 ("x86/irq: Provide macro for inlining irq stack switching") -- Best Regards Guo Ren
