• Palmer Dabbelt's avatar
    Merge patch series "riscv: SCS support" · 24005d18
    Palmer Dabbelt authored
    Sami Tolvanen <samitolvanen@google.com> says:
    
    This series adds Shadow Call Stack (SCS) support for RISC-V. SCS
    uses compiler instrumentation to store return addresses in a
    separate shadow stack to protect them against accidental or
    malicious overwrites. More information about SCS can be found
    here:
    
      https://clang.llvm.org/docs/ShadowCallStack.html
    
    Patch 1 is from Deepak, and it simplifies VMAP_STACK overflow
    handling by adding support for accessing per-CPU variables
    directly in assembly. The patch is included in this series to
    make IRQ stack switching cleaner with SCS, and I've simply
    rebased it and fixed a couple of minor issues. Patch 2 uses this
    functionality to clean up the stack switching by moving duplicate
    code into a single function. On RISC-V, the compiler uses the
    gp register for storing the current shadow call stack pointer,
    which is incompatible with global pointer relaxation. Patch 3
    moves global pointer loading into a macro that can be easily
    disabled with SCS. Patch 4 implements SCS register loading and
    switching, and allows the feature to be enabled, and patch 5 adds
    separate per-CPU IRQ shadow call stacks when CONFIG_IRQ_STACKS is
    enabled. Patch 6 fixes the backward-edge CFI test in lkdtm for
    RISC-V.
    
    Note that this series requires Clang 17. Earlier Clang versions
    support SCS on RISC-V, but use the x18 register instead of gp,
    which isn't ideal. gcc has SCS support for arm64, but I'm not
    aware of plans to support RISC-V. Once the Zicfiss extension is
    ratified, it's probably preferable to use hardware-backed shadow
    stacks instead of SCS on hardware that supports the extension,
    and we may want to consider implementing CONFIG_DYNAMIC_SCS to
    patch between the implementation at runtime (similarly to the
    arm64 implementation, which switches to SCS when hardware PAC
    support isn't available).
    
    * b4-shazam-merge:
      lkdtm: Fix CFI_BACKWARD on RISC-V
      riscv: Use separate IRQ shadow call stacks
      riscv: Implement Shadow Call Stack
      riscv: Move global pointer loading to a macro
      riscv: Deduplicate IRQ stack switching
      riscv: VMAP_STACK overflow detection thread-safe
    
    Link: https://lore.kernel.org/r/20230927224757.1154247-8-samitolvanen@google.comSigned-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
    24005d18
entry.S 8.97 KB