On Sat, Mar 15, 2025 at 6:51 AM Deepak Gupta <debug@xxxxxxxxxxxx> wrote:
>
> prctls implemented are:
> PR_SET_INDIR_BR_LP_STATUS, PR_GET_INDIR_BR_LP_STATUS and
> PR_LOCK_INDIR_BR_LP_STATUS
>
> Signed-off-by: Deepak Gupta <debug@xxxxxxxxxxxx>
> ---
> arch/riscv/include/asm/usercfi.h | 16 +++++++-
> arch/riscv/kernel/entry.S | 2 +-
> arch/riscv/kernel/process.c | 5 +++
> arch/riscv/kernel/usercfi.c | 79 ++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 100 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
> index c4dcd256f19a..a8cec7c14d1d 100644
> --- a/arch/riscv/include/asm/usercfi.h
> +++ b/arch/riscv/include/asm/usercfi.h
> @@ -16,7 +16,9 @@ struct kernel_clone_args;
> struct cfi_status {
> unsigned long ubcfi_en : 1; /* Enable for backward cfi. */
> unsigned long ubcfi_locked : 1;
> - unsigned long rsvd : ((sizeof(unsigned long) * 8) - 2);
> + unsigned long ufcfi_en : 1; /* Enable for forward cfi. Note that ELP goes in sstatus */
> + unsigned long ufcfi_locked : 1;
> + unsigned long rsvd : ((sizeof(unsigned long) * 8) - 4);
> unsigned long user_shdw_stk; /* Current user shadow stack pointer */
> unsigned long shdw_stk_base; /* Base address of shadow stack */
> unsigned long shdw_stk_size; /* size of shadow stack */
> @@ -33,6 +35,10 @@ bool is_shstk_locked(struct task_struct *task);
> bool is_shstk_allocated(struct task_struct *task);
> void set_shstk_lock(struct task_struct *task);
> void set_shstk_status(struct task_struct *task, bool enable);
> +bool is_indir_lp_enabled(struct task_struct *task);
> +bool is_indir_lp_locked(struct task_struct *task);
> +void set_indir_lp_status(struct task_struct *task, bool enable);
> +void set_indir_lp_lock(struct task_struct *task);
>
> #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
>
> @@ -58,6 +64,14 @@ void set_shstk_status(struct task_struct *task, bool enable);
>
> #define set_shstk_status(task, enable)
>
> +#define is_indir_lp_enabled(task) false
> +
> +#define is_indir_lp_locked(task) false
> +
> +#define set_indir_lp_status(task, enable)
> +
> +#define set_indir_lp_lock(task)
> +
> #endif /* CONFIG_RISCV_USER_CFI */
>
> #endif /* __ASSEMBLY__ */
> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> index 68c99124ea55..00494b54ff4a 100644
> --- a/arch/riscv/kernel/entry.S
> +++ b/arch/riscv/kernel/entry.S
> @@ -143,7 +143,7 @@ SYM_CODE_START(handle_exception)
> * Disable the FPU/Vector to detect illegal usage of floating point
> * or vector in kernel space.
> */
> - li t0, SR_SUM | SR_FS_VS
> + li t0, SR_SUM | SR_FS_VS | SR_ELP
>
> REG_L s0, TASK_TI_USER_SP(tp)
> csrrc s1, CSR_STATUS, t0
> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c
> index cd11667593fe..4587201dd81d 100644
> --- a/arch/riscv/kernel/process.c
> +++ b/arch/riscv/kernel/process.c
> @@ -160,6 +160,11 @@ void start_thread(struct pt_regs *regs, unsigned long pc,
> set_shstk_status(current, false);
> set_shstk_base(current, 0, 0);
> set_active_shstk(current, 0);
> + /*
> + * disable indirect branch tracking on exec.
> + * libc will enable it later via prctl.
> + */
> + set_indir_lp_status(current, false);
>
> #ifdef CONFIG_64BIT
> regs->status &= ~SR_UXL;
> diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
> index b93b324eed26..7937bcef9271 100644
> --- a/arch/riscv/kernel/usercfi.c
> +++ b/arch/riscv/kernel/usercfi.c
> @@ -72,6 +72,35 @@ void set_shstk_lock(struct task_struct *task)
> task->thread_info.user_cfi_state.ubcfi_locked = 1;
> }
>
> +bool is_indir_lp_enabled(struct task_struct *task)
> +{
> + return task->thread_info.user_cfi_state.ufcfi_en ? true : false;
> +}
> +
> +bool is_indir_lp_locked(struct task_struct *task)
> +{
> + return task->thread_info.user_cfi_state.ufcfi_locked ? true : false;
> +}
> +
> +void set_indir_lp_status(struct task_struct *task, bool enable)
> +{
> + if (!cpu_supports_indirect_br_lp_instr())
> + return;
> +
> + task->thread_info.user_cfi_state.ufcfi_en = enable ? 1 : 0;
> +
> + if (enable)
> + task->thread.envcfg |= ENVCFG_LPE;
> + else
> + task->thread.envcfg &= ~ENVCFG_LPE;
> +
> + csr_write(CSR_ENVCFG, task->thread.envcfg);
> +}
> +
> +void set_indir_lp_lock(struct task_struct *task)
> +{
> + task->thread_info.user_cfi_state.ufcfi_locked = 1;
> +}
> /*
> * If size is 0, then to be compatible with regular stack we want it to be as big as
> * regular stack. Else PAGE_ALIGN it and return back
> @@ -372,3 +401,53 @@ int arch_lock_shadow_stack_status(struct task_struct *task,
>
> return 0;
> }
> +
> +int arch_get_indir_br_lp_status(struct task_struct *t, unsigned long __user *status)
> +{
> + unsigned long fcfi_status = 0;
> +
> + if (!cpu_supports_indirect_br_lp_instr())
> + return -EINVAL;
> +
> + /* indirect branch tracking is enabled on the task or not */
> + fcfi_status |= (is_indir_lp_enabled(t) ? PR_INDIR_BR_LP_ENABLE : 0);
> +
> + return copy_to_user(status, &fcfi_status, sizeof(fcfi_status)) ? -EFAULT : 0;
> +}
> +
> +int arch_set_indir_br_lp_status(struct task_struct *t, unsigned long status)
> +{
> + bool enable_indir_lp = false;
> +
> + if (!cpu_supports_indirect_br_lp_instr())
> + return -EINVAL;
> +
> + /* indirect branch tracking is locked and further can't be modified by user */
> + if (is_indir_lp_locked(t))
> + return -EINVAL;
> +
> + /* Reject unknown flags */
> + if (status & ~PR_INDIR_BR_LP_ENABLE)
> + return -EINVAL;
> +
> + enable_indir_lp = (status & PR_INDIR_BR_LP_ENABLE) ? true : false;
> + set_indir_lp_status(t, enable_indir_lp);
> +
> + return 0;
> +}
> +
> +int arch_lock_indir_br_lp_status(struct task_struct *task,
> + unsigned long arg)
> +{
> + /*
> + * If indirect branch tracking is not supported or not enabled on task,
> + * nothing to lock here
> + */
> + if (!cpu_supports_indirect_br_lp_instr() ||
> + !is_indir_lp_enabled(task) || arg != 0)
> + return -EINVAL;
> +
> + set_indir_lp_lock(task);
> +
> + return 0;
> +}
>
LGTM
Reviewed-by: Zong Li <zong.li@xxxxxxxxxx>
> --
> 2.34.1
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-riscv
