mirror of
https://github.com/torvalds/linux
synced 2024-09-20 02:57:25 +00:00
d1584d791a
Implement CONFIG_SHADOW_CALL_STACK for RISC-V. When enabled, the compiler injects instructions to all non-leaf C functions to store the return address to the shadow stack and unconditionally load it again before returning, which makes it harder to corrupt the return address through a stack overflow, for example. The active shadow call stack pointer is stored in the gp register, which makes SCS incompatible with gp relaxation. Use --no-relax-gp to ensure gp relaxation is disabled and disable global pointer loading. Add SCS pointers to struct thread_info, implement SCS initialization, and task switching Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Tested-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20230927224757.1154247-12-samitolvanen@google.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
118 lines
3.6 KiB
C
118 lines
3.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (C) 2009 Chen Liqin <liqin.chen@sunplusct.com>
|
|
* Copyright (C) 2012 Regents of the University of California
|
|
* Copyright (C) 2017 SiFive
|
|
*/
|
|
|
|
#ifndef _ASM_RISCV_THREAD_INFO_H
|
|
#define _ASM_RISCV_THREAD_INFO_H
|
|
|
|
#include <asm/page.h>
|
|
#include <linux/const.h>
|
|
|
|
/* thread information allocation */
|
|
#define THREAD_SIZE_ORDER CONFIG_THREAD_SIZE_ORDER
|
|
#define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER)
|
|
|
|
/*
|
|
* By aligning VMAP'd stacks to 2 * THREAD_SIZE, we can detect overflow by
|
|
* checking sp & (1 << THREAD_SHIFT), which we can do cheaply in the entry
|
|
* assembly.
|
|
*/
|
|
#ifdef CONFIG_VMAP_STACK
|
|
#define THREAD_ALIGN (2 * THREAD_SIZE)
|
|
#else
|
|
#define THREAD_ALIGN THREAD_SIZE
|
|
#endif
|
|
|
|
#define THREAD_SHIFT (PAGE_SHIFT + THREAD_SIZE_ORDER)
|
|
#define OVERFLOW_STACK_SIZE SZ_4K
|
|
#define SHADOW_OVERFLOW_STACK_SIZE (1024)
|
|
|
|
#define IRQ_STACK_SIZE THREAD_SIZE
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#include <asm/processor.h>
|
|
#include <asm/csr.h>
|
|
|
|
/*
|
|
* low level task data that entry.S needs immediate access to
|
|
* - this struct should fit entirely inside of one cache line
|
|
* - if the members of this struct changes, the assembly constants
|
|
* in asm-offsets.c must be updated accordingly
|
|
* - thread_info is included in task_struct at an offset of 0. This means that
|
|
* tp points to both thread_info and task_struct.
|
|
*/
|
|
struct thread_info {
|
|
unsigned long flags; /* low level flags */
|
|
int preempt_count; /* 0=>preemptible, <0=>BUG */
|
|
/*
|
|
* These stack pointers are overwritten on every system call or
|
|
* exception. SP is also saved to the stack it can be recovered when
|
|
* overwritten.
|
|
*/
|
|
long kernel_sp; /* Kernel stack pointer */
|
|
long user_sp; /* User stack pointer */
|
|
int cpu;
|
|
unsigned long syscall_work; /* SYSCALL_WORK_ flags */
|
|
#ifdef CONFIG_SHADOW_CALL_STACK
|
|
void *scs_base;
|
|
void *scs_sp;
|
|
#endif
|
|
};
|
|
|
|
#ifdef CONFIG_SHADOW_CALL_STACK
|
|
#define INIT_SCS \
|
|
.scs_base = init_shadow_call_stack, \
|
|
.scs_sp = init_shadow_call_stack,
|
|
#else
|
|
#define INIT_SCS
|
|
#endif
|
|
|
|
/*
|
|
* macros/functions for gaining access to the thread information structure
|
|
*
|
|
* preempt_count needs to be 1 initially, until the scheduler is functional.
|
|
*/
|
|
#define INIT_THREAD_INFO(tsk) \
|
|
{ \
|
|
.flags = 0, \
|
|
.preempt_count = INIT_PREEMPT_COUNT, \
|
|
INIT_SCS \
|
|
}
|
|
|
|
void arch_release_task_struct(struct task_struct *tsk);
|
|
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
|
|
|
|
#endif /* !__ASSEMBLY__ */
|
|
|
|
/*
|
|
* thread information flags
|
|
* - these are process state flags that various assembly files may need to
|
|
* access
|
|
* - pending work-to-be-done flags are in lowest half-word
|
|
* - other flags in upper half-word(s)
|
|
*/
|
|
#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */
|
|
#define TIF_SIGPENDING 2 /* signal pending */
|
|
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
|
|
#define TIF_RESTORE_SIGMASK 4 /* restore signal mask in do_signal() */
|
|
#define TIF_MEMDIE 5 /* is terminating due to OOM killer */
|
|
#define TIF_NOTIFY_SIGNAL 9 /* signal notifications exist */
|
|
#define TIF_UPROBE 10 /* uprobe breakpoint or singlestep */
|
|
#define TIF_32BIT 11 /* compat-mode 32bit process */
|
|
|
|
#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
|
|
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
|
|
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
|
|
#define _TIF_NOTIFY_SIGNAL (1 << TIF_NOTIFY_SIGNAL)
|
|
#define _TIF_UPROBE (1 << TIF_UPROBE)
|
|
|
|
#define _TIF_WORK_MASK \
|
|
(_TIF_NOTIFY_RESUME | _TIF_SIGPENDING | _TIF_NEED_RESCHED | \
|
|
_TIF_NOTIFY_SIGNAL | _TIF_UPROBE)
|
|
|
|
#endif /* _ASM_RISCV_THREAD_INFO_H */
|