From patchwork Fri Jul 11 13:52:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116135 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 540A83858C98 for ; Fri, 11 Jul 2025 13:56:25 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 540A83858C98 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=UxwS55MN X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 46EEE3858D20 for ; Fri, 11 Jul 2025 13:53:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 46EEE3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 46EEE3858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241984; cv=none; b=ARaDL/mU6Nv/ABLjQbq8fou++WIdowToNfcom5mRluESdZJNR7uiRdPx4NZSowXl/dIknc1/HJ5jY6x9k7RRfaJlBu9HVxPqP+6dzdOa4ggUoaWANPd2krsm0WVQrgHD6d13PpQCrKJREbOA4M1GFizK8e7xuK8QaV0dEqY3thc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241984; c=relaxed/simple; bh=AzMpxCdVdRx99adNgp6X0Gukjwb7fcs5+a4UYCHOO6I=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=GrH0PzCNUu1cgNHDs9775BQ8EeGIylL0Eynah5IQVJM44taW9ibbQybGNKe59fo5I8WO0weOXebxkmQ1RtUHqM9/NA8EiGwux2U9ETFbSqNYvTvoE60kdO4Tm+F+y/DujN5tcgSSELHaYvuD4lz3aRnLwI4Se5WY5853c3HOrTM= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 46EEE3858D20 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-234f17910d8so22255675ad.3 for ; Fri, 11 Jul 2025 06:53:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241983; x=1752846783; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TYIqkSvL6dMejsPs1syz/elcm5s9TMaQpYdIkm4RbH8=; b=UxwS55MNH0x8L6fq45egK8klGZI5MVdCszcpz7ImkPUvet9Y4bkCG+C8N/ReMom8mA n9EQmID0Ty+WEkbTPkk9MoiL/tQY4lseESu+HkYwSGLFJk29kMHcdZHJahfRlim2xjkw IAe25dzqa6kHAiv8o7FcPKa+riPc2vd83W+yBJfb/805ojXZcL2RybxNgKzipUy36qrx o20mYiRCt0ZRF83LkvgY1S1mmObipN+iU7NWSz8FVY3YlaON/eb4Is0c4kRZBxZ4hbL3 ayWHXV3dyjsTRrOcNVKU5Jg9Hc76AwZadBrqxdTjf57dQwwCBArI6aR0HE2/U1yEjCGU gRkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241983; x=1752846783; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TYIqkSvL6dMejsPs1syz/elcm5s9TMaQpYdIkm4RbH8=; b=u0n8LWUbBFaiUhHtdNytNKm+YI9hCu0LE5MSu9Jzo9hubcoiR8gyZlzL7xFj+HIuGu YkHhHTiszMiQDwVlCndmSOGkd6uFtP0vRM9h27NAcwuZtFmaf+iz/j0e1HnDMoH2re8P nbzv4mAJF23q9JKONpdz9blLKMuLp4NYMc9pyP3SVIYrBMzwbvW7VC5ihE0qP79kvvCG 0Z6yhPOOkRKsta2pf7XTek/s4EUUUsRYyn4f7z1XPd/avXFpAR1IiAPHRgoDMYTRMwO/ SPACsTwfHwdmoB5yihJrUC4lEsgWNwe5GZN/SijATA5IFtaR6Eb5cNd6rihQ7/Ieoemq KZyQ== X-Gm-Message-State: AOJu0YztUYLQLskamXVe8BxoVuY1jlYPpU4Zdqr/GA3C72qXHnF1PgL9 FkTLiuR/Q0l2kKSGcCYRSseEJUvxW0BNpH8vUXHMcF2+NXqSgzRXYCY0abojPClfyYz/R8CFKNU B86V4E82DStK7wQWftHQQ8DkeLIFu0f6HP7A84Al5POIil0WhwfnPIJ0+2R5QLR43AmoSdFmwq2 vVLeTTjyjLmUAr0k8J3suiRkeczAFDM4ixzXasdVO/sdURCHzSndY= X-Gm-Gg: ASbGncuqJ8uHmWqFSokPvTqo2AOaBx2RvmaC9CRI0GQKLoIUEMNChwMdUy24NhViADS CnGPOQV8NKD7IuwpLSZEh/MTyFU1JPJyQ3aDjotfv3NI8xmnVw+l9NKwW7gEHN/BGHo4OZiJXIQ ZC+WZm8QyGNc1gTCz2rfGlczpGfx17hyKW8AHKiC5S3BJqtfYy/sICUl6nN5nW7p5jRo3+ClCpa YT6RnZ7kR6p5Uu3vavEWjAi77sOAZimzFSn3JKFFJxvNbiVv/oZdOijuaDCIByfOmVfMGOPqDP9 gXu5mpngDpYflLTs3vTEgNSvEWf9S4rgJr/u1iQi1HkXRlZD7DR1vb8xNtQ76vGGYr1gdJtwp8A +7TXhWOk/1XTWXbOrgKkjwN+veskpH3uN3cReZ/vgt46weXSwaWc= X-Google-Smtp-Source: AGHT+IGM6PxNEdmGXouTOWhW7kA5oOjyhdqkEIUz5TtjDc54K66BtLLEJq9FunddG9ThfbDQLf0CRw== X-Received: by 2002:a17:902:c94b:b0:235:f3df:bbff with SMTP id d9443c01a7336-23dede2eb8cmr47819735ad.4.1752241982599; Fri, 11 Jul 2025 06:53:02 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:02 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 01/14] riscv: Add --enable-cfi option for controlling cfi features Date: Fri, 11 Jul 2025 06:52:42 -0700 Message-Id: <20250711135255.1732496-2-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- INSTALL | 13 +++++++++++++ NEWS | 3 +++ configure | 12 ++++++++++++ configure.ac | 6 ++++++ manual/install.texi | 12 ++++++++++++ 5 files changed, 46 insertions(+) diff --git a/INSTALL b/INSTALL index d3200f271f..476861b521 100644 --- a/INSTALL +++ b/INSTALL @@ -155,6 +155,19 @@ passed to 'configure'. For example: NOTE: '--enable-cet' is only supported on x86_64 and x32. +'--enable-cfi' + Enable RISC-V Control Flow Integrity Extensions (Zicfilp/Zicfiss) + support. When the GNU C Library is built with '--enable-cfi', the + resulting library is protected with landing pad and shadow stack. + This feature is currently supported on RV64 with GCC 15 and + binutils 2.45 or later. With '--enable-cfi', it is an error to + dlopen a non CFI enabled shared library in CFI enabled application. + The restriction can be loosen by setting to permissive mode with + the use of the glibc tunables, see glibc tunables section for more + information. + + NOTE: '--enable-cfi' is only supported on RV64. + '--enable-memory-tagging' Enable memory tagging support if the architecture supports it. When the GNU C Library is built with this option then the resulting diff --git a/NEWS b/NEWS index 521fbd5e07..02a39b05e4 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,9 @@ Major new features: * The ISO C2Y family of unsigned abs functions, i.e. uabs, ulabs, ullabs and uimaxabs, are now supported. +* Added --enable-cfi option to enable the RISC-V CFI extensions + (Zicfilp/Zicfiss) support on RV64 Linux. + Deprecated and removed features, and other changes affecting compatibility: * The glibc.rtld.execstack now supports a compatibility mode to allow diff --git a/configure b/configure index 7cda641fce..5a996c8f25 100755 --- a/configure +++ b/configure @@ -818,6 +818,7 @@ enable_nscd enable_pt_chown enable_mathvec enable_cet +enable_cfi enable_scv enable_fortify_source with_cpu @@ -1499,6 +1500,7 @@ Optional Features: depends on architecture] --enable-cet enable Intel Control-flow Enforcement Technology (CET), x86 only + --enable-cfi enable Control Flow Integrity (CFI), RISC-V only --disable-scv syscalls will not use scv instruction, even if the kernel supports it, powerpc only --enable-fortify-source[=1|2|3] @@ -4853,6 +4855,16 @@ esac fi +# Check whether --enable-cfi was given. +if test ${enable_cfi+y} +then : + enableval=$enable_cfi; enable_cfi=$enableval +else case e in #( + e) enable_cfi=no ;; +esac +fi + + # Check whether --enable-scv was given. if test ${enable_scv+y} then : diff --git a/configure.ac b/configure.ac index 0b0d8875cc..9bda3d1520 100644 --- a/configure.ac +++ b/configure.ac @@ -421,6 +421,12 @@ AC_ARG_ENABLE([cet], [enable_cet=$enableval], [enable_cet=$libc_cv_compiler_default_cet]) +AC_ARG_ENABLE([cfi], + AS_HELP_STRING([--enable-cfi], + [enable Control Flow Integrity (CFI), RISC-V only]), + [enable_cfi=$enableval], + [enable_cfi=no]) + AC_ARG_ENABLE([scv], AS_HELP_STRING([--disable-scv], [syscalls will not use scv instruction, even if the kernel supports it, powerpc only]), diff --git a/manual/install.texi b/manual/install.texi index 7fcdda9146..d3e7153365 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -185,6 +185,18 @@ non CET enabled shared library in CET enabled application. NOTE: @option{--enable-cet} is only supported on x86_64 and x32. +@item --enable-cfi +Enable RISC-V Control Flow Integrity Extensions (Zicfilp/Zicfiss) support. +When @theglibc{} is built with @option{--enable-cfi}, the resulting +library is protected with landing pad and shadow stack@. +This feature is currently supported on RV64 with GCC 15 and binutils 2.45 +or later. With @option{--enable-cfi}, it is an error to dlopen a non CFI +enabled shared library in CFI enabled application. The restriction can be +loosen by setting to permissive mode with the use of the glibc tunables, +see glibc tunables section for more information. + +NOTE: @option{--enable-cfi} is only supported on RV64. + @item --enable-memory-tagging Enable memory tagging support if the architecture supports it. When @theglibc{} is built with this option then the resulting library will From patchwork Fri Jul 11 13:52:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116132 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A07913857B8C for ; Fri, 11 Jul 2025 13:55:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A07913857B8C Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=As+r2Ouu X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by sourceware.org (Postfix) with ESMTPS id 9BAB83858CDA for ; Fri, 11 Jul 2025 13:53:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9BAB83858CDA Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9BAB83858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::636 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241985; cv=none; b=LRxdRVxNQad6lQ5OH8bk/PEtrp1Qjuoa/KqH3YbGvwq25h/qwPk1DtBZjPZWB/DzRZ6nIgvZz7PYQ+fwSUmRiNtYp3kYY+5w41f9MXrstxbOrCvMbXXTtWKbXX97jV1Jft663o8cG3+4NFua8fkQdJQv8ISEGHDr5qZXcd2O2x0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241985; c=relaxed/simple; bh=UA035UjhoMHM71/qlYY5LxkgPr6HLqdsnOHB3HvKTDw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=TFbb2GaGgu23wIq7EJcKx8aG1C5uwKhLXYHQu49YXjJix9YSPg4a19jfFqyyJcSCjBSVTxqq3UxyjlPRL3o/dXsd7vqPElcqzQ/geAfh0PgfoNGroMoNDQElfvoSZyXVS/LWf7UFw1e7vwpR4mQlRCHNGr3ptj18QkzMSIS1OGs= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9BAB83858CDA Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-23c703c471dso27916955ad.0 for ; Fri, 11 Jul 2025 06:53:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241984; x=1752846784; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5I6cbD39cWPMq9YdX/rJJeTigJPqjk3ke/H26qzNAZ0=; b=As+r2OuuAThviJXr3xrGSTef0cf9oXI4YM7HguP4xKueIgxMkhif8KVaSNfQKVBDWR +mvFiUSayF1ZnEl7hA2ZTs2fl6Eke2PzMfXvEYVa2cTNuPFtYHp49iMiEPe4914mwOzz fh9W4gSC3wnJpS6H+a1rATA5vLlxkMWZDJdFV0bqkJuV76pbpUnynVn2gRhOYlNGFpPC Tci+tlEOHhg7armi8miZNVYBMRA7QwwhnyYCTQNtEpNejFchLH4j+B7xoYFXSyLU5e5g yHeRULJgv/E+tBXPuj0WZ3t9+xxEF1jOYWAmsXsI2X/SAuC3rFQKFzIkO/3Z0uvji20a 9iTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241984; x=1752846784; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5I6cbD39cWPMq9YdX/rJJeTigJPqjk3ke/H26qzNAZ0=; b=n+Km0QtRUdpVyyehZAqw9s7s6QJV/BEQ6rjimJZcrQyh8Gu2DiVvP4mEwqm59XCdnl PeoCoOWXNE88QCkSTEayLKi6Sm6rVyI10E4J22u0czKfWPpw83NMQjGHzvkiuzNlN66X nFmKvtxippWrJ22F//sbiL2yPI4WPXY0aJqQ0qB57DyJPlVKFE0htK12c4yFMIc5mRXf uBv2ky3bRYmoTCbLdCnrR1I1DqT/LSC+WKHgMCk228XvtkNJCiao3yBJC0aqJLi5Nbpt B/YQ5NNG1yXbEokowZ31VFLj3QcpF+YsZftOhMD5FWoG14DL+Fg4DUWgWJAySjlCw09Z vcaA== X-Gm-Message-State: AOJu0YxgpckrDb45XJvUC73yCgCQNb+iIQmVXjN4Q/1xtAMxjK5+Un7i zDWGeEJLeNcZRSlVF7iB17ocQq/J1skOOUIIaMPqcEZETxAIcU5q2OCqNF8LhTFZet6PugeHYZV H2Vsbcj63MByS7qF55Zhv+Cn1z78Hb8WcLBIYnjKOnZOj9GRN7JvUjfx++n0dM4TycsIAj8nSFy vV2C7uFAJCLK75o+e1wEaG8SCgaFU7Cv3+rl5ScxPfLlsqJB1c/cHdFw== X-Gm-Gg: ASbGnct0JHFvS35FQ7fQUorDAHRSOnmwwOOVu6KQOnYzb5ZPwP7WxfVCCPNGqaEi7cQ TfD34NtM6C9LI6tl3OevJ3iWlboQnWDjqMI8Xoy4qcTbZ4lI7Rh8tYnav7hnwjD/TxZjcgU6tif 0xSIc5eYDPj/DeZyG2eFJFPtQk6FyvKfGNK07ZoN9hTg02yoV+8k+PmIS++qKMsPtjg0t3OXjZP 6UHX/GxKejS2GDUM/2um5gusfUL1hJnQAM6bZO4vNT4aBJwHBaX20BcE9hCH2FyyXlHbQiPATiC aLH5gZC9/PLvQ0fqYrBNuzbge0g4II2m5/YzYb8huNYluEcZlYviF08brgGH/wDU0R+l6E48ckk Bdn7YqXOiz58JvsWaGsamHVG35I8bfu1EZYZ2AGdK X-Google-Smtp-Source: AGHT+IFDaMazu4fl4lZ6BXd2Qsv338klAq//UJhbSHEjSsuNV4t34tK/dmcyBTjwyb89E5CjVLZtYw== X-Received: by 2002:a17:903:189:b0:234:986c:66cf with SMTP id d9443c01a7336-23dede46e28mr53281355ad.16.1752241983892; Fri, 11 Jul 2025 06:53:03 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:03 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Hau Hsu Subject: [PATCH v2 02/14] riscv/cfi: Setup necessary options for enable-cfi option Date: Fri, 11 Jul 2025 06:52:43 -0700 Message-Id: <20250711135255.1732496-3-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Co-authored-by: Hau Hsu --- sysdeps/riscv/Makefile | 9 +++++++++ sysdeps/riscv/preconfigure | 2 ++ sysdeps/riscv/preconfigure.ac | 1 + 3 files changed, 12 insertions(+) diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index c08753ae8a..99976fddad 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -15,3 +15,12 @@ ASFLAGS-.os += -Wa,-mno-relax ASFLAGS-.o += -Wa,-mno-relax sysdep-CFLAGS += -mno-relax endif + +# Enable RISC-V CFI +ifeq (yes,$(riscv-enable-cfi)) +CFLAGS-.o += -fcf-protection=full +CFLAGS-.os += -fcf-protection=full +CFLAGS-.op += -fcf-protection=full +CFLAGS-.oS += -fcf-protection=full +asm-CPPFLAGS += -fcf-protection=full -include sysdep.h +endif diff --git a/sysdeps/riscv/preconfigure b/sysdeps/riscv/preconfigure index a5de5ccb7d..439b526452 100644 --- a/sysdeps/riscv/preconfigure +++ b/sysdeps/riscv/preconfigure @@ -62,6 +62,8 @@ riscv*) printf "%s\n" "#define RISCV_ABI_FLEN $abi_flen" >>confdefs.h + config_vars="$config_vars +riscv-enable-cfi = $enable_cfi" ;; esac diff --git a/sysdeps/riscv/preconfigure.ac b/sysdeps/riscv/preconfigure.ac index a5c30e0dbf..fb75ae427a 100644 --- a/sysdeps/riscv/preconfigure.ac +++ b/sysdeps/riscv/preconfigure.ac @@ -60,5 +60,6 @@ riscv*) AC_DEFINE_UNQUOTED([RISCV_ABI_XLEN], [$xlen]) AC_DEFINE_UNQUOTED([RISCV_ABI_FLEN], [$abi_flen]) + LIBC_CONFIG_VAR([riscv-enable-cfi], [$enable_cfi]) ;; esac From patchwork Fri Jul 11 13:52:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116139 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E3656385C6E0 for ; Fri, 11 Jul 2025 14:01:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E3656385C6E0 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=bEHeiNUK X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by sourceware.org (Postfix) with ESMTPS id E90263858C98 for ; Fri, 11 Jul 2025 13:53:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E90263858C98 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E90263858C98 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::636 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241987; cv=none; b=fTOVsely13ko1tLTkwlCKx4IG+29CZB3zvNwglh6vzLOU6Zm2Q/EYLtdCtbliF3GQRAHMQLKYfu05sD+Y4/UiV2woViW8KzMj8yBJZSzAYga1HmykA0NYVm5B2L5Em8dmUlWrK1c5neVrafBYeMh8Ps7Ico73q69+Ej9HtKgjEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241987; c=relaxed/simple; bh=Aka2c57LnopQnN8zpZ1tI6qTYepXUurKTxqE6jZrJNo=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=aCsGIHuS2f/H5gpK7m+cZ/jKq0bBqgMJ2GyMriMjsqQWHY2vzVx/gYRJBkS78gYRvBKRjKcPhau3dMtI8zol+a6p0sP4kpFdRMmmB9J/u55VknLvPLkYrZYHXES/KeG7/RFYNRhulN1uVTHf8MfDlrSdVSK/mBsbh5Wc0emx9w4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E90263858C98 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-234fcadde3eso26976585ad.0 for ; Fri, 11 Jul 2025 06:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241985; x=1752846785; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bUkm3kwz42us4ZOrKjp539716DR8GccXTVBm7hcxt+I=; b=bEHeiNUKxTNtXmnX1GwklgyT2n//k+7aN/27t3dxlneG+ygSmG4RxP64eIHMXlUvDm zqKz9YVt+67JjSVTd8kFkX7NTvgHwrqu7nPvffuS6nL9KODORwtnb1JfZASYIB/CP9s6 PktyJ3zkVyv+JmerExCrW9sjdqddlUUgzRj3s4c0yZl6Wl0p59QMQsSNIUsrQADbQFrd B3JbNcKGQxm6JgAopcnUAlM+1stuSDsP9TW8viksjgmPYa7+5wsnzpVo+MWZ+RNacqlR 82xg0LQZLM3awxn2DBY4F0678vJske6Y6azivCfIMmjRkQ2argAQlSFCMQGdOfR+mhk7 4a1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241985; x=1752846785; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bUkm3kwz42us4ZOrKjp539716DR8GccXTVBm7hcxt+I=; b=fpkn6Y8msLX87bPAkg9sPMP5i+ZrVCQhfseXevFhHYb3iJhRfkYeJeX5ohZzDg5ZJA PHfM3yq0+tD1QIhuM4N0+uGLq/WCu+ZOd0KL5JDZveUKOvlKkwr3xYVZ9UXrZzNmu4k+ 9u2q+o+C3dqo4ks7ssbXmyM9jlont8kHpnz8CSwC5JT+czmc3StukzOX3qUO0lJklJIM c3+o264ihee+2Ftv3SVPQG2PLqwX2GyJ3TLZsmpx3PRVH0G2ROeTSCbPOFWX3SryW7V/ dTMUwgkilPpSV2+RhCY7ofSc48kcBRidx5qhVT2lNDKdGOSHT2TRYCTvMW+nZHQqtNHD DP8Q== X-Gm-Message-State: AOJu0Ywa127ZCsbzhLhUasCvc6eAjihThmUItAko4/HI46NVr/cMR/dv 126GycHEMwi8RAZ8pCN9Uhmoc14FdpyTwUVnbG+1b/2lT81Uv56spKhQN4e+oHoHIbEfee57Fxk 5AdNCV+iPv50zp6HXvXQ3PQIv8Eob0IfFwfD/fv3KGXV1EM/IgZYI7XXeUtbxNH7YCQyGVGWYYS wQ9hB+TwpoETMda0kUOE1OI+wSZ1f6mdxCKzAT7bTnJ3HOnuD3eVTlhA== X-Gm-Gg: ASbGncucduobhAdaUIjDP/+tlMZF3v6g7n2w7NRppNrzi4wbJeYzGluQw2fGxw2Kjc1 UfqiN2fztOVVZaGkC7/DuSjtqVzNap4BtMmQRWqp/pc0jZCHOazf/jmgzMxnRr92nGBZYyNymGB y19GUi3t6zHtzRoD6iMAQDsQVRankKnywLV8kilmR8CPGkbYD11SCKyqR32benzD937PhjnJPAM 0fKOc8KkVIJV0l1ArnL3uuyGvk+FWpz1k2kdUuE7R+tMptpqJwEmyU8I6HzZqxXsIDI/0FOkiEh 5eRVUOgS3pUF/HsinMEB8gDugqfER/IpRY7J6z/x/f9GxbXUO/+zf/S/LVVM0Jf7iWpYxurhOAx 5ZZQDnEUlU4gEA39lcxD+BVjnrqsjulZG0lGmrWkv X-Google-Smtp-Source: AGHT+IFltmKXzdOvpz9qOTcPfa9GMtaYlKiQ2lu3YxV9mPizm0HCKOO8LnrQVURZod5fI+FVn9TGMQ== X-Received: by 2002:a17:902:fc87:b0:234:b44c:d3c8 with SMTP id d9443c01a7336-23dee263c5emr45456915ad.37.1752241985452; Fri, 11 Jul 2025 06:53:05 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:04 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 03/14] riscv: Add GNU property definitions for RISC-V CFI Date: Fri, 11 Jul 2025 06:52:44 -0700 Message-Id: <20250711135255.1732496-4-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Add GNU properties used by RISC-V CFI extensions (zicfilp/zicfiss) --- elf/elf.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/elf/elf.h b/elf/elf.h index 1e1a59c14d..575c14f022 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1426,6 +1426,11 @@ typedef struct SHSTK. */ #define GNU_PROPERTY_X86_FEATURE_1_SHSTK (1U << 1) +/* RISC-V specific GNU PROPERTY. */ +#define GNU_PROPERTY_RISCV_FEATURE_1_AND 0xc0000000 +#define GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED (1u << 0) +#define GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS (1u << 1) + /* Move records. */ typedef struct { From patchwork Fri Jul 11 13:52:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116134 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id F34E43857B8C for ; Fri, 11 Jul 2025 13:56:19 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F34E43857B8C Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=gS1OYoch X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 64B303858C31 for ; Fri, 11 Jul 2025 13:53:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 64B303858C31 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 64B303858C31 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241988; cv=none; b=lmdjPHlvJAuzGQ834hQ4ZI9DaZ569EeegHH02/nNY6R4HzkW2EW5YzlIlD42TVqwASqxMDnKWbct+W6+S+ENqwg9Ciqo9odYlSg6gKVZSA+/YrUMutTzRgWQS3oVcTA+LDxfEzo+iE/xyTwIogQDnNpNe1FROBdZcDDK3uvQ03Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241988; c=relaxed/simple; bh=jFgl22qsawMBW+7Z7T3DLVZIVNFZhXnQFGDr3HoT400=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=FPcUhM5msqm0x4BNIrcLeBYhM4dWrGC4J2HPb2b4MKJQibXtxWJmC37JKJcjuvtKqZyag4l3FkMuU4bf5G8WuVi2pBwvdSBUHBbjiZkVertqJvw4NGJMlK2WuFaNSk7Aw4wTKWj75W33VNZNDABBOy1Ks+14bzsejBNYi4P5kkY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 64B303858C31 Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-2349f096605so27180645ad.3 for ; Fri, 11 Jul 2025 06:53:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241987; x=1752846787; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pRU38b4t8mxWML6LctMDZ1d5+u297ofA+DChm0WaO28=; b=gS1OYoch/Rn/cYagYb4uys2zjAokdjuQXR0YwEDsLS1s/Mq8lVgfTyrMMeKCQ4lkm3 FstmZYcLn80rgEv8r/YRG8Ok2u2FKjFxHtwW9Me6H8iwilDSXnlNSOdkZCDCIyFlFrao wfae4eeemuP3nlPEBef7VrJAV2oh0rQ9bpf38NimSdYeVwOgbYPZrpr6V3UadwYJn7wN hZvG8wkNsBzBTKlHqiYWqD1ARdi+70owkIrtqpV19VjgRmc/OMe9vzGJ+ti+ilYQftXw EMLS+EjDGlEspWaWNw6Hl9Ec0D6ATMBsJwHjaVZKT7b87BIjxHp2q+FUsuoXrofh+s8P YIHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241987; x=1752846787; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pRU38b4t8mxWML6LctMDZ1d5+u297ofA+DChm0WaO28=; b=h65jU/lcM95YUPEcadez6UgJl2DI0Cny2N1sW2lO1FsqIfzEfnHvYVT6S3o6CYgY1W DHlhOYk0Xvs+MDXWOeISqjdzbw31X8bX7syG3B7MuailMLvILbDDNRDrk35mwN1ObBql +g8PucE1vvp4+FOqZEWts4+JzXJZWa5PYyth8ZGZKmnfqQVKYorHwqZrcZqwyJlqz+P1 m2mT5BkF3fSh6KEjiAWTVZ9hQRrY83ilxJa8DZE3EfnWpWQjd+Z5l2AlWLYoZNs/MtpU ATYuGw6FqrYpEQoJJZTynvqy1G7u9kQ5G6IiKvtaoz55UAMH6x+67kJLXe+BxuC+JAHW itpA== X-Gm-Message-State: AOJu0Ywo0TzInk3Y6bx4OQ2HTnJfgEQzAwB7QIff0nclcu2WkUr76YHL xDq8Tv26LgobfsacyyE7grHpiEiWExUQ5H89Yf/eByMb5XnJnYb2fdcCu3zqxfymTZ1QMaXSmqg S4CE2b9/HxQlch6S2y+Lv5KE3p/FLHXL9f7L/Xr8Msm0mlQ5SITigwdyXz+L6i/URtz4SyrUow9 JwXbhs7KVgpoJh8v/kBtoNPZG4Vy32XB456IfSqyPDsYWphWBdvQe8rw== X-Gm-Gg: ASbGncsX7ISAqLGnSFp1GThaStCY1vgkHgabHNarfU6LOgNaEE5VrrKXlR77KXNIi0M P+gdsuWdziCDiE7s4CQdnRMohtNeL9Y6HuyTMpznxdvJ9CySO8ar/Qdj0UkTiI5ihHQfwsdCiJp MyYJJGrkJydJoym1H5wa5nV+wMmkSiQAv+omJbkIyiSwZrlQ8rQPUCF5cC2hZwVjkU5GLPa2H3Y 9ZQwKTGBkkeTbMxhJJ8OnsjaZm1XRVGW8f4DD5V15o7AQ0CZvUE2wVshA2QcbpbAd/4/4jhyFiV ZFPdBW+5MhuedQHASqq5PBVI0JYonSOo3KDRj5gpjwntVf8g269YFjqmfGfQXJlg+tfyRXF9dnd +8zaHpQ5Zu3GUZPHMvgD0dPCYr8BtjCrN2kH+mXZE X-Google-Smtp-Source: AGHT+IFu/qsW+S7+wdUPO2hejzsEDFwEMH61OxoxsdGxONVNCeDKmUYN5P2rc9O/f8NUGyURS4t2qA== X-Received: by 2002:a17:903:1209:b0:235:e942:cb9d with SMTP id d9443c01a7336-23dee18b28emr49660195ad.17.1752241986764; Fri, 11 Jul 2025 06:53:06 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:06 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Hau Hsu Subject: [PATCH v2 04/14] riscv: Adjust assembly routines to support landing pad Date: Fri, 11 Jul 2025 06:52:45 -0700 Message-Id: <20250711135255.1732496-5-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, PROLO_LEO3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Landing pads, instructions for setting the label value as well as alignment directives are inserted at where they should be. Frame offsets for floating point registers in _dl_runtime_resolve are also adjusted because now t2 has to be saved onto the stack. Co-authored-by: Hau Hsu Co-authored-by: Kito Cheng --- sysdeps/riscv/__longjmp.S | 1 + sysdeps/riscv/crti.S | 4 ++ sysdeps/riscv/crtn.S | 4 ++ sysdeps/riscv/dl-machine.h | 8 +++ sysdeps/riscv/dl-trampoline.S | 61 +++++++++++------ sysdeps/riscv/multiarch/memcpy_noalignment.S | 4 ++ sysdeps/riscv/setjmp.S | 3 + sysdeps/riscv/start.S | 10 +++ sysdeps/unix/sysv/linux/riscv/clone.S | 2 + sysdeps/unix/sysv/linux/riscv/sysdep.S | 1 + sysdeps/unix/sysv/linux/riscv/sysdep.h | 71 ++++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/vfork.S | 1 + 12 files changed, 150 insertions(+), 20 deletions(-) create mode 100644 sysdeps/riscv/crti.S create mode 100644 sysdeps/riscv/crtn.S diff --git a/sysdeps/riscv/__longjmp.S b/sysdeps/riscv/__longjmp.S index 7228b457a6..47ff3aa09e 100644 --- a/sysdeps/riscv/__longjmp.S +++ b/sysdeps/riscv/__longjmp.S @@ -20,6 +20,7 @@ #include ENTRY (__longjmp) + LPAD REG_L ra, 0*SZREG(a0) REG_L s0, 1*SZREG(a0) REG_L s1, 2*SZREG(a0) diff --git a/sysdeps/riscv/crti.S b/sysdeps/riscv/crti.S new file mode 100644 index 0000000000..fb1097c5ca --- /dev/null +++ b/sysdeps/riscv/crti.S @@ -0,0 +1,4 @@ +/* crti.S is empty because .init_array/.fini_array are used exclusively. + Include sysdep.h to define gnu property if necessary. */ + +#include diff --git a/sysdeps/riscv/crtn.S b/sysdeps/riscv/crtn.S new file mode 100644 index 0000000000..b2e7cb692e --- /dev/null +++ b/sysdeps/riscv/crtn.S @@ -0,0 +1,4 @@ +/* crtn.S is empty because .init_array/.fini_array are used exclusively. + Include sysdep.h to define gnu property if necessary. */ + +#include diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index dcc3e0883b..76f43a242b 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -28,6 +28,13 @@ #include #include #include +/* This is a marker to remind us to add real expansion to setup the label + for the function signature label scheme in the future */ +#ifdef __riscv_landing_pad_unlabeled +# define SET_LPAD +#else +# define SET_LPAD +#endif #ifndef _RTLD_PROLOGUE # define _RTLD_PROLOGUE(entry) \ @@ -126,6 +133,7 @@ elf_machine_dynamic (void) # Pass our finalizer function to _start.\n\ lla a0, _dl_fini\n\ # Jump to the user entry point.\n\ + " STRINGXV (SET_LPAD) "\n\ jr s0\n\ " _RTLD_EPILOGUE (ENTRY_POINT) \ _RTLD_EPILOGUE (_dl_start_user) "\ diff --git a/sysdeps/riscv/dl-trampoline.S b/sysdeps/riscv/dl-trampoline.S index 93d04af326..2b25f64a3b 100644 --- a/sysdeps/riscv/dl-trampoline.S +++ b/sysdeps/riscv/dl-trampoline.S @@ -25,13 +25,27 @@ /* Assembler veneer called from the PLT header code for lazy loading. The PLT header passes its own args in t0-t2. */ -#ifdef __riscv_float_abi_soft -# define FRAME_SIZE (-((-10 * SZREG) & ALMASK)) -#else -# define FRAME_SIZE (-((-10 * SZREG - 8 * SZFREG) & ALMASK)) +#ifdef __riscv_landing_pad + +# ifdef __riscv_float_abi_soft +# define FRAME_SIZE (-((-11 * SZREG) & ALMASK)) +# else +# define FRAME_SIZE (-((-11 * SZREG - 8 * SZFREG) & ALMASK)) +# define FREG_BASE_OFFSET (11*SZREG) +# endif + +# else + +# ifdef __riscv_float_abi_soft +# define FRAME_SIZE (-((-10 * SZREG) & ALMASK)) +# else +# define FRAME_SIZE (-((-10 * SZREG - 8 * SZFREG) & ALMASK)) +# define FREG_BASE_OFFSET (10*SZREG) +# endif #endif ENTRY (_dl_runtime_resolve) + LPAD # Save arguments to stack. addi sp, sp, -FRAME_SIZE REG_S ra, 9*SZREG(sp) @@ -43,16 +57,19 @@ ENTRY (_dl_runtime_resolve) REG_S a5, 6*SZREG(sp) REG_S a6, 7*SZREG(sp) REG_S a7, 8*SZREG(sp) +#ifdef __riscv_landing_pad + REG_S t2, 10*SZREG(sp) +#endif #ifndef __riscv_float_abi_soft - FREG_S fa0, (10*SZREG + 0*SZFREG)(sp) - FREG_S fa1, (10*SZREG + 1*SZFREG)(sp) - FREG_S fa2, (10*SZREG + 2*SZFREG)(sp) - FREG_S fa3, (10*SZREG + 3*SZFREG)(sp) - FREG_S fa4, (10*SZREG + 4*SZFREG)(sp) - FREG_S fa5, (10*SZREG + 5*SZFREG)(sp) - FREG_S fa6, (10*SZREG + 6*SZFREG)(sp) - FREG_S fa7, (10*SZREG + 7*SZFREG)(sp) + FREG_S fa0, (FREG_BASE_OFFSET + 0*SZFREG)(sp) + FREG_S fa1, (FREG_BASE_OFFSET + 1*SZFREG)(sp) + FREG_S fa2, (FREG_BASE_OFFSET + 2*SZFREG)(sp) + FREG_S fa3, (FREG_BASE_OFFSET + 3*SZFREG)(sp) + FREG_S fa4, (FREG_BASE_OFFSET + 4*SZFREG)(sp) + FREG_S fa5, (FREG_BASE_OFFSET + 5*SZFREG)(sp) + FREG_S fa6, (FREG_BASE_OFFSET + 6*SZFREG)(sp) + FREG_S fa7, (FREG_BASE_OFFSET + 7*SZFREG)(sp) #endif # Update .got.plt and obtain runtime address of callee. @@ -60,6 +77,7 @@ ENTRY (_dl_runtime_resolve) mv a0, t0 # link map add a1, a1, t1 # reloc offset (== thrice the .got.plt offset) la a2, _dl_fixup + SET_LPAD jalr a2 mv t1, a0 @@ -73,16 +91,19 @@ ENTRY (_dl_runtime_resolve) REG_L a5, 6*SZREG(sp) REG_L a6, 7*SZREG(sp) REG_L a7, 8*SZREG(sp) +#ifdef __riscv_landing_pad + REG_L t2, 10*SZREG(sp) +#endif #ifndef __riscv_float_abi_soft - FREG_L fa0, (10*SZREG + 0*SZFREG)(sp) - FREG_L fa1, (10*SZREG + 1*SZFREG)(sp) - FREG_L fa2, (10*SZREG + 2*SZFREG)(sp) - FREG_L fa3, (10*SZREG + 3*SZFREG)(sp) - FREG_L fa4, (10*SZREG + 4*SZFREG)(sp) - FREG_L fa5, (10*SZREG + 5*SZFREG)(sp) - FREG_L fa6, (10*SZREG + 6*SZFREG)(sp) - FREG_L fa7, (10*SZREG + 7*SZFREG)(sp) + FREG_L fa0, (FREG_BASE_OFFSET + 0*SZFREG)(sp) + FREG_L fa1, (FREG_BASE_OFFSET + 1*SZFREG)(sp) + FREG_L fa2, (FREG_BASE_OFFSET + 2*SZFREG)(sp) + FREG_L fa3, (FREG_BASE_OFFSET + 3*SZFREG)(sp) + FREG_L fa4, (FREG_BASE_OFFSET + 4*SZFREG)(sp) + FREG_L fa5, (FREG_BASE_OFFSET + 5*SZFREG)(sp) + FREG_L fa6, (FREG_BASE_OFFSET + 6*SZFREG)(sp) + FREG_L fa7, (FREG_BASE_OFFSET + 7*SZFREG)(sp) #endif addi sp, sp, FRAME_SIZE diff --git a/sysdeps/riscv/multiarch/memcpy_noalignment.S b/sysdeps/riscv/multiarch/memcpy_noalignment.S index dd135f4a4d..e97748e82b 100644 --- a/sysdeps/riscv/multiarch/memcpy_noalignment.S +++ b/sysdeps/riscv/multiarch/memcpy_noalignment.S @@ -34,7 +34,11 @@ #define BLOCK_SIZE (16 * SZREG) .attribute unaligned_access, 1 +#ifdef __riscv_landing_pad + .align 2 +#endif ENTRY (__memcpy_noalignment) + LPAD beq a2, zero, L(ret) /* if LEN < SZREG jump to tail handling. */ diff --git a/sysdeps/riscv/setjmp.S b/sysdeps/riscv/setjmp.S index 600ea84db6..df048cb544 100644 --- a/sysdeps/riscv/setjmp.S +++ b/sysdeps/riscv/setjmp.S @@ -20,14 +20,17 @@ #include ENTRY (_setjmp) + LPAD li a1, 0 j HIDDEN_JUMPTARGET (__sigsetjmp) END (_setjmp) ENTRY (setjmp) + LPAD li a1, 1 /* Fallthrough */ END (setjmp) ENTRY (__sigsetjmp) + LPAD REG_S ra, 0*SZREG(a0) REG_S s0, 1*SZREG(a0) REG_S s1, 2*SZREG(a0) diff --git a/sysdeps/riscv/start.S b/sysdeps/riscv/start.S index 2db79c0ae6..ff083b13a4 100644 --- a/sysdeps/riscv/start.S +++ b/sysdeps/riscv/start.S @@ -47,12 +47,14 @@ ENTRY (ENTRY_POINT) .cfi_label to force starting the FDE. */ .cfi_label .Ldummy cfi_undefined (ra) + LPAD call load_gp mv a5, a0 /* rtld_fini. */ /* main may be in a shared library. */ #if defined PIC && !defined SHARED /* Avoid relocation in static PIE since _start is called before it is relocated. */ + SET_LPAD lla a0, __wrap_main #else la a0, main @@ -69,7 +71,11 @@ ENTRY (ENTRY_POINT) END (ENTRY_POINT) #if defined PIC && !defined SHARED +#ifdef __riscv_landing_pad + .align 2 +#endif /* __riscv_landing_pad */ __wrap_main: + LPAD tail main@plt #endif @@ -79,9 +85,13 @@ __wrap_main: needs to be initialized before calling __libc_start_main in that case. So we redundantly initialize it at the beginning of _start. */ +#ifdef __riscv_landing_pad + .align 2 +#endif /* __riscv_landing_pad */ load_gp: .option push .option norelax + LPAD lla gp, __global_pointer$ .option pop ret diff --git a/sysdeps/unix/sysv/linux/riscv/clone.S b/sysdeps/unix/sysv/linux/riscv/clone.S index 1362dd9c22..d6a0996ec8 100644 --- a/sysdeps/unix/sysv/linux/riscv/clone.S +++ b/sysdeps/unix/sysv/linux/riscv/clone.S @@ -31,6 +31,7 @@ .text LEAF (__clone) + LPAD /* Align stack to a 128-bit boundary as per RISC-V ABI. */ andi a1,a1,ALMASK @@ -82,6 +83,7 @@ L (thread_start): REG_L a0,SZREG(sp) /* Argument pointer. */ /* Call the user's function. */ + SET_LPAD jalr a1 /* Call exit with the function's return value. */ diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.S b/sysdeps/unix/sysv/linux/riscv/sysdep.S index b50671b9b7..e7ea424e45 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.S +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.S @@ -23,6 +23,7 @@ #endif ENTRY (__syscall_error) + LPAD mv t0, ra /* Fall through to __syscall_set_errno. */ END (__syscall_error) diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.h b/sysdeps/unix/sysv/linux/riscv/sysdep.h index ee015dfeb6..14a1f3a647 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.h +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.h @@ -53,6 +53,75 @@ # include +/* GNU_PROPERTY_RISCV_* macros from elf.h for use in asm code. */ +#define FEATURE_1_AND 0xc0000000 + +/* Add a NT_GNU_PROPERTY_TYPE_0 note. */ +#if __riscv_xlen == 32 +# define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 2; \ + .word 4; \ + .word 12; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .text +#else +# define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 3; \ + .word 4; \ + .word 16; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .word 0; \ + .text +#endif + +/* Add GNU property note with the supported features to all asm code + where sysdep.h is included. */ +#undef __VALUE_FOR_FEATURE_1_AND +#if defined (__riscv_landing_pad) || defined (__riscv_shadow_stack) +# if defined (__riscv_landing_pad_unlabeled) +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x3 +# else +# define __VALUE_FOR_FEATURE_1_AND 0x1 +# endif +# elif defined (__riscv_landing_pad_func_sig) +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x6 +# else +# define __VALUE_FOR_FEATURE_1_AND 0x4 +# endif +# else +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x2 +# else +# error "What?" +# endif +# endif +#endif + +#if defined (__VALUE_FOR_FEATURE_1_AND) +GNU_PROPERTY (FEATURE_1_AND, __VALUE_FOR_FEATURE_1_AND) +#endif +#undef __VALUE_FOR_FEATURE_1_AND + +#ifdef __riscv_landing_pad_unlabeled +# define SET_LPAD +# define LPAD lpad 0 +#else +# define SET_LPAD +# define LPAD +#endif + # define ENTRY(name) LEAF(name) # define L(label) .L ## label @@ -64,6 +133,7 @@ .text; \ .align 2; \ ENTRY (name); \ + LPAD; \ li a7, SYS_ify (syscall_name); \ scall; \ li a7, -4096; \ @@ -111,6 +181,7 @@ # define PSEUDO_NOERRNO(name, syscall_name, args) \ .align 2; \ ENTRY (name); \ + LPAD; \ li a7, SYS_ify (syscall_name); \ scall; diff --git a/sysdeps/unix/sysv/linux/riscv/vfork.S b/sysdeps/unix/sysv/linux/riscv/vfork.S index 1e39b7a057..4cf7b5a9d8 100644 --- a/sysdeps/unix/sysv/linux/riscv/vfork.S +++ b/sysdeps/unix/sysv/linux/riscv/vfork.S @@ -29,6 +29,7 @@ .text LEAF (__libc_vfork) + LPAD li a0, (CLONE_VFORK | CLONE_VM | SIGCHLD) mv a1, sp From patchwork Fri Jul 11 13:52:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116138 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B09F73856096 for ; Fri, 11 Jul 2025 14:00:59 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B09F73856096 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=H+X72ZOg X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id B1A7D385800F for ; Fri, 11 Jul 2025 13:53:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B1A7D385800F Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B1A7D385800F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::629 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241989; cv=none; b=CAY7+6tUJt4ALVBguGyIUFEML8lKPNET3zXzyXJv/wHLTUIBasu+QodKb4LGPVQ954eX7sPKbps1aGengt3BWPnaMiMn3t8J6EvP1IlZbuBxDneChKUgRotpGqoSlUR2eOSRePT9qIcNKDxGAGQeVpYW2TVKHFHSMkLcyFk0xow= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241989; c=relaxed/simple; bh=8xM5imf09yB6f+mDPBH2uz1rzWXzjDQlZ9gqMfPbm78=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=ZsgJ9FbcBB1ANGD78hw2z2O972aV//MAxmAjwrOzk1tCjVA40xiip2/gx4mzNRSjdIg7xuGr1i84VYPGuoNxk/vH9HunewoddbmCtfTqznJqbdoY4JeamCrCYNs+RirJiaS20a6TlOSq8FU+BuK5CME6/x/1abPA3Tfv3szxC3A= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B1A7D385800F Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-235e1d710d8so27936015ad.1 for ; Fri, 11 Jul 2025 06:53:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241988; x=1752846788; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YJrfCHsu2uZK4VH9zBouEWAslEMAbx6S51zc9Mh3jHQ=; b=H+X72ZOgej32STD6sR3gDQITC/I8VKJ9EWXpedtX0iDzMBfVgiJ85GrSe02NGdRp2W Tnq6hyjef7RW5V19FuFO6H9OP4+ywgf+0rZhzfG54hlEdXFxoomUmOoCCjR7sFKk2qQg qt0AnmZ7S9bZfj3JLcO6ql/BEwfZIl0jbEOemS7aLo18e4sVMDF/E5ex9QlCirTRHMHO 6rQAc23nHparQJeRKvQFVNsShCKjJ5ou310MQ7K3WHr02788EWub6b1VCGoU5+9pg+Ur ckbsVd8uA59eVbTCj8zWYCkN7+I28UEC/L/BCefYcJWAIT1B0xfnKFT3USbfHTuFZ5l7 duEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241988; x=1752846788; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YJrfCHsu2uZK4VH9zBouEWAslEMAbx6S51zc9Mh3jHQ=; b=memijhCzcEbqXwX1PGyo2hewzstZ9XIl+xl8NrzZMX7n6i9+nR33Sr1ZpMt8ipj11d NrRNSUQ56zW/lmEQ6cUvH2n11sT0b+pdvHoTx8kEbET+uA673pTrsehIm7jhbEdmlbdI MCY4dr18Bo6dOGZOwkwQiLv1C6mBrSct0TspOV3FonV0yWsiRIvtD2z7f0D7eZ+av8om MrdvvGCGI6cmJ7vuJTP0CTCrDoW8bQlhnD50mrNs28c0r3kjDt2GdW1+81Qb7P6rHMtf oCoco/CozPiCshc7GByIU7O1H4CYHDOk2zTMw1M4Xjw4FKJgy8SfosaZ6bmm+w5Lqr3I SGrQ== X-Gm-Message-State: AOJu0YwStdv0Gl8PmtPfCvbZLmy6eJcmWb5CVAb/AbJ7AZaRHt9FbRrX ZibEnOUS4O+KijkFLPVX+94J0nBMtMKhZ9SxiI/YaD9idtdsVcCSAMBYBQqZ1Hz0/Gd3xP0DMLS JrxpZ+T+0AfIuNtzSqvSMrCWBcTF0tqymurwMjt2pVm1tP7G+1iHtlrhh4dQwiYHrz1Bq091LnF lk9RmwWLy3L6IY7OUePP7wKdhVzpPd37UXvIMC/Vcheq7AMlXo6R18dg== X-Gm-Gg: ASbGncvgMOfehQa4hVg2Hwtw4dohSDXOPfj042qUGHDtc1w1YPZh14wKRHukDzFqvb0 DdMgqLvPh6RkqQJmSSWthlzg3R0tcwp3bRC9KLYIVqvG4p3Ert8cnrWyXfF3W4NvK9YB7N4lGiX GPUWHnOJXd13DP9ES4cOYH+VKilb88nXx85HnIzk4dWyr5mAP4XHPW3PsCJ82BP00yE0xmlvvk6 r5IWzHrEI7ngFMKNaQ/3/6sMOeQBARUfMkq5CgnkHaRlzNa8+nGVG8s2CeyQ4tcjOnGyp8CSHJ1 pOiraMHAsksu/8fxCcjIvmX9tyyy0zbrr2ukJhYkCmipUopk1XKRSXRl5rGm3DPAQzmBTZG8a0x i2V7nwFP9Id1f7/w1YKKZMTA+LwBou7qGfS6+Cz4Q X-Google-Smtp-Source: AGHT+IGRRdnGOuVz1jpJ4SxlFiUHws9cm9xDtwwOV/y+dTXyiQ15fNFrxOKA3FrrctCR+mQ7mwF1LA== X-Received: by 2002:a17:903:19cb:b0:23d:da20:1685 with SMTP id d9443c01a7336-23dede2d1fbmr48542355ad.4.1752241988046; Fri, 11 Jul 2025 06:53:08 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:07 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 05/14] riscv: Introduce feature variables for holding RISC-V GNU properties Date: Fri, 11 Jul 2025 06:52:46 -0700 Message-Id: <20250711135255.1732496-6-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Member l_riscv_feature_1_and is added to struct link_map, which stores the feature_1_and property information for each object. New global _dl_riscv_feature_1 will be used to store what features are finally enabled for this process. --- sysdeps/riscv/dl-procruntime.c | 60 ++++++++++++++++++++++++++++++++++ sysdeps/riscv/link_map.h | 22 +++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 sysdeps/riscv/dl-procruntime.c create mode 100644 sysdeps/riscv/link_map.h diff --git a/sysdeps/riscv/dl-procruntime.c b/sysdeps/riscv/dl-procruntime.c new file mode 100644 index 0000000000..b8fbcd87e7 --- /dev/null +++ b/sysdeps/riscv/dl-procruntime.c @@ -0,0 +1,60 @@ +/* Data for processor runtime information. RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This information must be kept in sync with the _DL_HWCAP_COUNT, + HWCAP_PLATFORMS_START and HWCAP_PLATFORMS_COUNT definitions in + dl-hwcap.h. + + If anything should be added here check whether the size of each string + is still ok with the given array size. + + All the #ifdefs in the definitions are quite irritating but + necessary if we want to avoid duplicating the information. There + are three different modes: + + - PROCINFO_DECL is defined. This means we are only interested in + declarations. + + - PROCINFO_DECL is not defined: + + + if SHARED is defined the file is included in an array + initializer. The .element = { ... } syntax is needed. + + + if SHARED is not defined a normal array initialization is + needed. + */ + +#ifndef PROCINFO_CLASS +# define PROCINFO_CLASS +#endif + +#if !IS_IN (ldconfig) +# if !defined PROCINFO_DECL && defined SHARED + ._dl_riscv_feature_1 +# else +PROCINFO_CLASS unsigned int _dl_riscv_feature_1 +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif +#endif diff --git a/sysdeps/riscv/link_map.h b/sysdeps/riscv/link_map.h new file mode 100644 index 0000000000..b8e757adf4 --- /dev/null +++ b/sysdeps/riscv/link_map.h @@ -0,0 +1,22 @@ +/* Additional fields in struct link_map. Linux/RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* GNU_PROPERTY_RISCV_FEATURE_1_AND of this object. */ +unsigned int l_riscv_feature_1_and; + +#include From patchwork Fri Jul 11 13:52:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116137 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2E255385781A for ; Fri, 11 Jul 2025 13:59:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2E255385781A Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=DxlSl9VO X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 3163A3857738 for ; Fri, 11 Jul 2025 13:53:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3163A3857738 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3163A3857738 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241991; cv=none; b=WZEqrSwN3S/nJBrJ+8+6e5KHPILs+iDWLBeNhSOAi2sKqm45KWYsjXSYvJPTlEcjk/2LQdHm/Yx1bK821OsttRgYy9YPWg19lJXFhb7sdDga8LK0WASHPhrG8bpFZ5xTXqFqNl4B1Lzeiqt3VBIi10pNXQfj/Xj7upK1LF7cOYk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241991; c=relaxed/simple; bh=U+UWKjQCjhAD+edCZ7+ORAA/eEP3peO7vuhxeWmsM80=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=TCGPg5cWwVP4Wv0f0W+HLDQjnms+nKoPuma4EQqk8m8hujQrza2MaJhvPbsYQk2d/F3jL+iSgcCgu3STCGsZoQkTob4Tz/ac7tZv9o0USy7kZQPLeaQj1cr5tULyJbD7vPvWAXu5BlvN3H/42xO684p/qPQrFIntoq6XA3GtX6M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3163A3857738 Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-2349f096605so27181135ad.3 for ; Fri, 11 Jul 2025 06:53:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241990; x=1752846790; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FtAPsIJubLs9Rv+ZJ4v0lCr3YjtjUoE/GGtxx22/3CM=; b=DxlSl9VOSf7IcC5UzXboBR25BzjOPfiQ2o3rWtVJ0L9r3KhlllzvuPMtVeRjIKhEM8 oZ1QPTGbcm+SvvK8/K7IbTpqiW1Fi/mJeJ4YNL8FeDFz5MoadFxkIxSefx1LUbS8NPL8 OQijr+yVepmvHUYNpwSzpntJtWvDzMAYyteNMYFWJwBI1xM9UiEl42ySudEZX2sogy5S wnxNxrVf0RBDHbgY7O2vkj6LrQDG/8Qet6cN7ZmyRxmRusnWUWe5Q0mmC2M91nQhQ8rL SJlh+8K84O+pmuIUqmTKmn+Rhi7NrqpAU4EX42T9NMQgH52KR2PHZw1OjydS+RLH1VCa Jm0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241990; x=1752846790; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FtAPsIJubLs9Rv+ZJ4v0lCr3YjtjUoE/GGtxx22/3CM=; b=X/D7S7+M5OyqCsHDljDoH/qwvhV7piSUhCkRh+8jAjiNVSnNIUZ29PnNdOWFnceujt xNYwRCQwLux+kbYhsheFNHqwhb3OOxSwVvJUHEyniDPqegbEm+QtNHdUhpcLZ+Iecwf2 GKUMxifiP/djfhjhTB8C+BKTrPHtPYXFLLmzMb4R+RJ3ImKYPSkOTshzf9jC7eUb403f kLNt5k3SpO30x5hD0jhRKjEsAYQb4k4rg8QaZF3BGjO5SR3eAetoua7xTHvOuDeO1UFS Vjc8WsPQBfCjmkraGnkbHVV5oYuduIHP+IEugQQYgg+3v3jGZ/PZ0I7Tm3joZa0PZ7t6 8vxQ== X-Gm-Message-State: AOJu0Yw7YSJTXINFey0JDhwfFPKlqKO7Lb5fryz8Ix8G/ax7wgVpFTh8 ZBGgFlZaNaA/Y1W+EDcSSPe0bZYsU6KLwDNdkQ/d5U6fjCXN7UboIilXjUjLEZCx8fVzPJt200j X/nO7Locvo/SbNpC45aEhYSCwwzP/nngACSX5FAKa8To/fBEAsm3ac9+NE3ZnhSwG7r43AQkQT4 fHW1PLMsL/R1OaGeSmbiBcq5xdZqE6opJA+Y21cmelL5c3XKkJ6GyG1A== X-Gm-Gg: ASbGnctu0MekrvmWG9Xtkf1Y13t/GPQhu+7b9+vA7qhEd08s8jz04YFLg9ZXdPb7Twq aCZTsh98hImun0fkwI9ctotfYAOy9dGCDEAwWkUE2lCS3rucQG1Xm2Xt9BSM+wB4/+BghiY1vDR iAnfOqLXr39FbafPkxPdCjwI/GldXPGOXtqHkm7iOjkgux+THtljp4TyWTmS9wwN6er/O2v5l0T qyMvQb9Bp7NWK1Bm4XKyO0Qel82FaWE0EdxIdluDrRXKc7Hk1nyWjipn0wyBM7sNVfvnUlAwll4 dOLQbYWFzFwuM1IliD2cJFFYWYH9iWwfAhQpXVTbFUC4z89q5yyDxlb+6HhFt0ry5zEY565rpPe U3ObLoTBhHeJDH4wVpQtR9VxejhDTjv+TTBxwY3IP X-Google-Smtp-Source: AGHT+IEY2A72VQ9nGqvP73ToUiCZG2cYfhzVQ/6PaioyBrHvY7mpKo0vsqgDmMjxGCObKXqo6nP1Nw== X-Received: by 2002:a17:903:1b65:b0:235:1966:93a9 with SMTP id d9443c01a7336-23dee17b746mr49786495ad.3.1752241989552; Fri, 11 Jul 2025 06:53:09 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:08 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 06/14] riscv/cfi: Add prctl definitions for RISC-V CFI Date: Fri, 11 Jul 2025 06:52:47 -0700 Message-Id: <20250711135255.1732496-7-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org These operations are for setting/retrieving/locking the status of the landing pad and the shadow stack extensions. --- .../unix/sysv/linux/riscv/include/asm/prctl.h | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h diff --git a/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h b/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h new file mode 100644 index 0000000000..091a21b70d --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h @@ -0,0 +1,48 @@ +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +/* + * Get the current indirect branch tracking configuration for the current + * thread, this will be the value configured via PR_SET_INDIR_BR_LP_STATUS. + */ +#define PR_GET_INDIR_BR_LP_STATUS 79 + +/* + * Set the indirect branch tracking configuration. PR_INDIR_BR_LP_ENABLE will + * enable cpu feature for user thread, to track all indirect branches and ensure + * they land on arch defined landing pad instruction. + * x86 - If enabled, an indirect branch must land on `ENDBRANCH` instruction. + * arch64 - If enabled, an indirect branch must land on `BTI` instruction. + * riscv - If enabled, an indirect branch must land on `lpad` instruction. + * PR_INDIR_BR_LP_DISABLE will disable feature for user thread and indirect + * branches will no more be tracked by cpu to land on arch defined landing pad + * instruction. + */ +#define PR_SET_INDIR_BR_LP_STATUS 80 +# define PR_INDIR_BR_LP_ENABLE (1UL << 0) + +/* + * Prevent further changes to the specified indirect branch tracking + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_INDIR_BR_LP_STATUS 81 From patchwork Fri Jul 11 13:52:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116140 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8A4B8385C6C9 for ; Fri, 11 Jul 2025 14:01:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8A4B8385C6C9 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=UJUoWvTP X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id BAAAC385781A for ; Fri, 11 Jul 2025 13:53:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BAAAC385781A Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BAAAC385781A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241992; cv=none; b=TukbBh1XkFSsW3qTIx/5qjSklTcsEwpUkU6mrxr8miW2FQNMiLhcC4U8P8yIi22jlBp7BffUhR49/KdcZNm0TiA1e3i9DQ9NIshfgpYYont3i8Lu7F9mKk03V3FX4crTHh1kRbCFvQoD62G99Ss3k6Z+LdbVzyn3s6KbWuc++i0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241992; c=relaxed/simple; bh=IXocCfOk9LHGIAN5q0AuO16SakCK22SIbJA6uYTGM9w=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=BRfQEbAHFG7FBtFZWJ0V2eSCAp3P0Bg3eSZmOz/VcDPyrR1+DPn0xAyhtM0i41jmLJQcMgncRldXVB5lOdkGBGQAgiV5Ez/TFX61JXpECfzLgJtwNxkT3CgTcWw9q5/eLslqFS+CBiltP5aTVd4N9/A8a3XPRfPQgJ9jX9wWOY8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BAAAC385781A Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-23602481460so20832885ad.0 for ; Fri, 11 Jul 2025 06:53:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241991; x=1752846791; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j5QD8z1tOMvXJCuThGZN+JjDNUjyX9Nt5mC8dwnQFxM=; b=UJUoWvTPa0E5fQnMo9odSxL1uZFos99x1NUhFluQQ85HcTsGYg4WMjNUkh6safjOlX JQASjXaRgX7yXJt3Hl4pzTY6zguJRauZzGHa760/nIEWP0EIzqZaW647u0zGea8kOLzc OGZ7a1wzhhUIDC5ppKzNCKcEt6Zst4B2047OqbIm8vJXh9KzANZ7uwDKoYW57XE/275+ +q/0kXJkrZnXtEkjRhW0ZrUDgn4ciIbP7g5fPSZUQaYhbhDePno1YnbCPzmVH4IOf7G9 HigwSJO5VH3wX9Y5M9hWMh7H50ULJOr3Mneh1mHojZvW4+VN5x/7eHp+Gtkf59r14vHJ dWXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241991; x=1752846791; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j5QD8z1tOMvXJCuThGZN+JjDNUjyX9Nt5mC8dwnQFxM=; b=WfyOXjlNm6WGIh1QO9O9itdUL/bVGdN88TB/N0CBnf+HxysFBicCA3ROQm1p5CA+7M 1h9onFjVZFpduxgcPootBLMHx+VpSdYFTFUbAZ7rfdmnkdg5ftLwa3VVOCjd6G7HRfvQ /wekSgTeNGR8Eory6hNPf2eAbCKHI5xvD9R/kmjpY6uQn9FS7Zb8gwZ+DkX8HIlSGlg1 WEZo/DTZfuJNjmt/5aBtMSK0VHVuiJefkECSLGRrhHHXhxOx0qUhqN09ranrDFPrTKFm Thzov7/Xf1Cw5uAwixQekNWo39WEOriZyBkWYAXgRZo/hvSXNooq7zv39vWU/DlX6n9r fkqA== X-Gm-Message-State: AOJu0YyXZu8qjpUK625CwzbKuujCGAX1qk0vHy6ZfPEiLZMxJjfIMAj9 IOaGvsgeVuwMyBcgpdcUBJQcNWlsVjY6lgAXMU8qg07D40CCc4XQ4aaTgi6SUAVJaKWEsBcW6sq 6yGrbFD1gliK7HZq5LhyGLJLdVHDXBmv7yN2h4CTFRKRV57IyGY0zrnmB/y6JSL03+hx2vLMEVV YGfYSALGNVE8uid2mVBcMGoxrCryK0oEdqiYJOlEbtRnhtZtlkCCbjvA== X-Gm-Gg: ASbGncvFR/dCbbq4bpUqBBIv3Ys4hIcKdokkKspxiVRVtv+2p3WKiXiTO1gOB7uR6sP o4WhjjWvl6vHD8Vm91+t4A1B+GCnU6eqSTS9utnRPJt8WAhnFPSvDcce9L/2sftV1agRO7shyES lfqDn4O54RymZUy03NZiyzs/rV9boP54rhyO3ZJt5DImU5Tnx9Die8k4ckO0JfzNQgqGD4Fm+gH XVlwJPTeyI+I5T1gckYzMzg/3R6nN67n0JgAK6b54GCPcu2lmYCLTYz4xfDylXxtqzjrBJR7NMb pFCrcrenEuwYHtSAEdWmu4F8RfFedd9frKuPBB3DFNNTxn6r1VbAmgLniV1GfhZhfRljPIJeT2b eQ6GH1qD75EugV6dWQAIdIu9F9RKBwSAvcRU/3Dn/ X-Google-Smtp-Source: AGHT+IGaSihMUPEdjplzLiLSHBZkpebfeq+UkVUoRA2NVp8y3EoLOhX9L16wn038eltn7vMxNwn3yw== X-Received: by 2002:a17:902:cf0d:b0:234:c8f6:1b03 with SMTP id d9443c01a7336-23df0966cc0mr29886625ad.47.1752241990783; Fri, 11 Jul 2025 06:53:10 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:10 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 07/14] riscv/cfi: Enable CFI on static binaries Date: Fri, 11 Jul 2025 06:52:48 -0700 Message-Id: <20250711135255.1732496-8-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org For static binaries, CFI are enabled inside ARCH_SETUP_TLS, with a macro to enable the shadow stack to prevent underflowing the shadow stack on return, and with a function _dl_cfi_setup_features to enable landing pad. It scans backward of the program header to find the PT_GNU_PROPERTY note first, then enable CFI features corresponding to the feature bits. Co-authored-by: Deepak Gupta --- sysdeps/riscv/Makefile | 1 + sysdeps/riscv/dl-cfi.c | 36 +++++++++++ sysdeps/riscv/dl-machine.h | 6 ++ sysdeps/riscv/dl-prop.h | 65 +++++++++++++++++++ sysdeps/riscv/libc-start.h | 88 ++++++++++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 20 ++++++ 6 files changed, 216 insertions(+) create mode 100644 sysdeps/riscv/dl-cfi.c create mode 100644 sysdeps/riscv/dl-prop.h create mode 100644 sysdeps/riscv/libc-start.h create mode 100644 sysdeps/unix/sysv/linux/riscv/dl-cfi.h diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 99976fddad..4752bdb1a0 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -18,6 +18,7 @@ endif # Enable RISC-V CFI ifeq (yes,$(riscv-enable-cfi)) +sysdep-dl-routines += dl-cfi CFLAGS-.o += -fcf-protection=full CFLAGS-.os += -fcf-protection=full CFLAGS-.op += -fcf-protection=full diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c new file mode 100644 index 0000000000..77bac24a1b --- /dev/null +++ b/sysdeps/riscv/dl-cfi.c @@ -0,0 +1,36 @@ +/* RISC-V CFI extensions (zicfilp/zicfiss) functions. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +attribute_hidden void +_dl_cfi_setup_features (unsigned int feature_1) +{ + /* Since prctl could fail to enable some features + use prctl to get enabled features again and sync it back. */ +#ifdef __riscv_landing_pad + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, + PR_INDIR_BR_LP_ENABLE, 0, 0, 0); +#endif /* __riscv_landing_pad */ + /* FIXME: Read enabled features from kernel and re-sync */ +} diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index 76f43a242b..ff96ae77f2 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -28,6 +28,12 @@ #include #include #include +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) +# include +extern void _dl_cfi_setup_features (unsigned int features); +#else +# define RTLD_START_ENABLE_RISCV_CFI +#endif /* This is a marker to remind us to add real expansion to setup the label for the function signature label scheme in the future */ #ifdef __riscv_landing_pad_unlabeled diff --git a/sysdeps/riscv/dl-prop.h b/sysdeps/riscv/dl-prop.h new file mode 100644 index 0000000000..a832e4aea6 --- /dev/null +++ b/sysdeps/riscv/dl-prop.h @@ -0,0 +1,65 @@ +/* Support for GNU properties. RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_H +#define _DL_PROP_H + +static inline void __attribute__ ((always_inline)) +_rtld_main_check (struct link_map *m, const char *program) +{ +} + +static inline void __attribute__ ((always_inline)) +_dl_open_check (struct link_map *m) +{ +} + +static inline void __attribute__ ((always_inline)) +_dl_process_pt_note (struct link_map *l, int fd, const ElfW(Phdr) *ph) +{ +} + +static inline int +_dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, + uint32_t datasz, void *data) +{ + /* FIXME: Detect cpu features after we have it implemented in glibc */ + + if (type == GNU_PROPERTY_RISCV_FEATURE_1_AND) + { + /* Stop if the property note is ill-formed. */ + if (datasz != 4) + return -1; + +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + unsigned int feature_1 = *(unsigned int *) data; +#endif +#ifdef __riscv_landing_pad + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + l->l_riscv_feature_1_and |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif +#ifdef __riscv_shadow_stack + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + l->l_riscv_feature_1_and |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif + } + /* Continue. */ + return 1; +} + +#endif /* _DL_PROP_H */ diff --git a/sysdeps/riscv/libc-start.h b/sysdeps/riscv/libc-start.h new file mode 100644 index 0000000000..7b898f5308 --- /dev/null +++ b/sysdeps/riscv/libc-start.h @@ -0,0 +1,88 @@ +/* RISC-V libc main startup. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef SHARED +# define ARCH_SETUP_IREL() apply_irel () +# define ARCH_APPLY_IREL() + +# if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) +/* Get shadow stack features enabled in the static executable. */ +# include +# include +extern void _dl_cfi_setup_features (unsigned int); + +static inline unsigned int +get_cfi_feature (void) +{ + unsigned int cfi_feature = 0; + /* FIXME: check if cfi feature is supported by CPU */ + struct link_map *main_map = _dl_get_dl_main_map (); + + /* Scan program headers backward to check PT_GNU_PROPERTY early for + feature bits on static executable. */ + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr + GL(dl_phnum); ph != phdr; ph--) + if (ph[-1].p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, &ph[-1]); + /* Enable landing pad and shstk only if they are enabled on a static + executable. */ + /* FIXME: change to &= to mask off other features after cpu_feature + is implemented */ + cfi_feature = (main_map->l_riscv_feature_1_and + & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); + + GL(dl_riscv_feature_1) = cfi_feature; + return cfi_feature; + } + GL(dl_riscv_feature_1) = 0; + return 0; +} + +/* The function using this macro to enable shadow stack must not return + to avoid shadow stack underflow. */ +# ifdef __riscv_shadow_stack +# define ENABLE_RISCV_SHADOW_STACK \ + do \ + { \ + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) \ + { \ + INTERNAL_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, \ + PR_SHADOW_STACK_ENABLE, 0, 0, 0); \ + } \ + } \ + while (0) +# else +# define ENABLE_RISCV_SHADOW_STACK +# endif + +# define ARCH_SETUP_TLS() \ + { \ + __libc_setup_tls (); \ + \ + unsigned int feature = get_cfi_feature (); \ + ENABLE_RISCV_SHADOW_STACK; \ + /* Landing pad will be enabled in _dl_cfi_setup_features */ \ + _dl_cfi_setup_features(feature); \ + } +# else +# define ARCH_SETUP_TLS() __libc_setup_tls () +# endif /* __riscv_landing_pad || __riscv_shadow_stack */ +#endif /* !SHARED */ diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h new file mode 100644 index 0000000000..cd184bac61 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -0,0 +1,20 @@ +/* Linux/RISC-V CFI initializers function. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* FIXME: Should be remove after they are included in the kernel header */ +#include +#include From patchwork Fri Jul 11 13:52:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116142 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B7606385B519 for ; Fri, 11 Jul 2025 14:05:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B7606385B519 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=MbuxaI5E X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id E7F03385701A for ; Fri, 11 Jul 2025 13:53:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E7F03385701A Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E7F03385701A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241994; cv=none; b=F8pUiOBQeJHA3aD+YljcGFRoPdWytYW57q5ng0qwB4RLrzWHGGHyKRFGYvF+AdHMJeMHNBPwB5kAnwD4YXJrUDMn6a1NqP5LptwCPBXfw9wO9W26s+YShS5+1L/WyN/KA2c7pPcxLWcVCMKo60g3XzqlOA5MtqNIRTzAwex++UM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241994; c=relaxed/simple; bh=0F3Rd38jjQXYQIgq/Rrt3QbcwvYGD/wJ2ZxcZfETZU4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=x1Ny0v/YPLYHJpqq8OOZt57iSxQZlCqiURCp/EI0U2AUydn5OZLtIQM2zxFtUL0juw49JD4FgfmkeAyOqQI6arJAt2qcRgUtF1qq0qmGjx4JN8ahf1sHGkHESBfMHD2KnoyhYR97hq+x5fEOSBENME+yEjjQxN5y/i/rUNiTW/w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E7F03385701A Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-23c703c471dso27918225ad.0 for ; Fri, 11 Jul 2025 06:53:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241992; x=1752846792; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bv6w9sfgMnz7F0ODYA2+eB3G24LLqcrcu8sGOtyPCMU=; b=MbuxaI5EbfPSXfiQAbxOXRdulWhwKI8mCAAioiIi+HmqfNi3IRiGNqDjWKe0U4u1/y KL3qZcyvlEr/ZAoigdt1g+99SdDCgjxxq3z+jOi2SG+nvnYNms1dI26nAzsoZu9/E49K 8nLtQ92o1nYPFxV7/A+WN3lim9JdCVGizmSgrIJWBND94/H6RQiOr5NBhyiOpvNggA/F gOwxp4hessWuNfL3gbUsBxyp7CRxGsxc9r0SkJ/vsAaDBThy/jqQONfFMxurQmJAx7/J hBlzzsH5+lIS/BK+KE5FqZdUyjrfufy8BzsRUf43uFoKCd9ZAoXgeWo+pQzCkhxVV4Nk HuiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241992; x=1752846792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bv6w9sfgMnz7F0ODYA2+eB3G24LLqcrcu8sGOtyPCMU=; b=ikLwfH+PaAw76S6F5UG0G9jaebF/Z4hbwJ5TUQVOANVjXz59vBv+OUzZxkuUcaS0Ox rdNRVpljPPPAg9kvMLonOHs/ZIlIHL4zAmVoSBuWmCZWslwIbOd1bbbdb51dMrXiLtlV lFaPfAJrA3ONljHwa+bdpohL+VNlwZgVmHZE8YPe/5vbOXnSBp7P06Pjcj8BNQEm4vul 4cr9ZfaicptdPSG90jcc2DO+cp+9zgkaUVmB/3m5DleZLTHXZO05R8nBoR15uvtR1WF7 wNmiHogTHL2cS5hiXLGv3R/DqvjZqYu372dKaFU2Y1U8ABBXRvx+wC7Sa2K2I+BpWU38 hZng== X-Gm-Message-State: AOJu0Yxe7lCa2W6N9cnfQS5DLbdxYcTZX6HnB+pndUD/UOSEMIHu2F5Y PZtBG1/e0LuOyjJFq166bUNsm3Klr8cnSaBRRHHueeyRoWFF3Rri2vjE4+PCbOyj/xX/QHkhd0B g7q+rUAKNKHVe5GYUzp4FLq/rgTEtKsT9DGItRi5nTlBf9swmbi2bcOC5TEYI7PGx8AvQMHb+1+ NUIwPHnsHUkqf6hjtlQIVSWKHA7UaqL8T9wY8Vae1f1C6jIGTi4/qiqQ== X-Gm-Gg: ASbGncvUVHp0YA7h2fzFLUX1XkCSES8aPfszRqDSKFUk/NvRA0YAg+qXv/rP23mswqv 0qMX12Ieo9S/rUJUuqftolfYoe7VlSuWWf0mHGEVO1q8Xw3nf3sefhGrUMSPP9V3fFW2pi4KChY 9a/meSZhjL6ygNjoxABiBFNaFWd/u29xSjdpfW3f++gP9wj/uSmVvpyvl828UNJft565a8T1eKR vMQ6R9uA71Gi6u2xmLcx/lq38DXB/KTlMIowELWG87x9x9qGpe9TO8zURc/7tt5sR7mVZls964f ihktuPIPnNhjTJxpRTQkC/oZ4OlaOXFmAGtFHbGhcpp+c19p5JpxAneSsQa3A5H7/e+tAERWSJm TbFwpk9OLj7PwJUjxOLMBbrqNAl6XvmV8e+DEWQlc X-Google-Smtp-Source: AGHT+IFX9TcFnH2bCLGukNhXA4BeVgfK4cewhzGXBOVvoZFrJPUx6IIrtLY1EiJ3ANfLP3rHkP2ATw== X-Received: by 2002:a17:902:d4c3:b0:234:24a8:bee9 with SMTP id d9443c01a7336-23de2f3d70amr101594475ad.4.1752241992309; Fri, 11 Jul 2025 06:53:12 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:11 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 08/14] riscv/cfi: Enable CFI on dynamic binaries Date: Fri, 11 Jul 2025 06:52:49 -0700 Message-Id: <20250711135255.1732496-9-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org For dynamic binaries, CFI features are parsed from GNU properties, store in to GLRO(dl_riscv_feature_1) and later enabled in RTLD_START. Co-authored-by: Deepak Gupta --- sysdeps/riscv/Makefile | 2 +- sysdeps/riscv/dl-cfi.c | 72 ++++++++++++++++++++++++++ sysdeps/riscv/dl-machine.h | 2 + sysdeps/riscv/dl-prop.h | 9 ++++ sysdeps/riscv/features-offsets.sym | 5 ++ sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 30 +++++++++++ 6 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 sysdeps/riscv/features-offsets.sym diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 4752bdb1a0..11e48be02e 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -3,7 +3,7 @@ sysdep_headers += sys/asm.h endif ifeq ($(subdir),elf) -gen-as-const-headers += dl-link.sym +gen-as-const-headers += dl-link.sym features-offsets.sym endif # RISC-V's assembler also needs to know about PIC as it changes the definition diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index 77bac24a1b..d1d57b738b 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -22,6 +22,54 @@ #include #include +static void +dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) +{ + /* Iterate through the dependencies and disable if needed here */ + struct link_map *l = NULL; + unsigned int i; + i = m->l_searchlist.r_nlist; + while (i-- > 0) + { + /* Check each shared object to see if shadow stack and landing pad + are enabled. */ + l = m->l_initfini[i]; + + if (l->l_init_called) + continue; + +#ifdef SHARED + /* Skip check for ld.so since it has the features enabled. The + features will be disabled later if they are not enabled in + executable. */ + if (l == &GL(dl_rtld_map) + || l->l_real == &GL(dl_rtld_map)) + continue; +#endif /* SHARED */ + + *feature_1 &= l->l_riscv_feature_1_and; + } +} + +#ifdef SHARED +static void +dl_cfi_check_startup (struct link_map *m, unsigned int *feature_1) +{ + /* FIXME: Add tunables here */ + if (!*feature_1) + return; + dl_check_legacy_object (m, feature_1); + + /* Update GL(dl_riscv_feature_1) */ + GL(dl_riscv_feature_1) = *feature_1; +} +#endif /* SHARED */ + +static void +dl_cfi_check_dlopen (struct link_map *m) +{ +} + attribute_hidden void _dl_cfi_setup_features (unsigned int feature_1) { @@ -34,3 +82,27 @@ _dl_cfi_setup_features (unsigned int feature_1) #endif /* __riscv_landing_pad */ /* FIXME: Read enabled features from kernel and re-sync */ } + +/* Enable CFI for l and its dependencies. */ +void +_dl_cfi_check (struct link_map *l, const char *program) +{ + /* As this point we have parsed the gnu properties, + for dynamic binary we should verify the dependencies here. */ + /* FIXME: Implement different policy for supporting legacy binaries */ + unsigned int feature_1; +#if defined SHARED && defined RTLD_START_ENABLE_RISCV_CFI + if (program) + { + GL(dl_riscv_feature_1) = l->l_riscv_feature_1_and; + feature_1 = l->l_riscv_feature_1_and; + } +#endif /* SHARED */ + +#ifdef SHARED + if (program) + dl_cfi_check_startup (l, &feature_1); + else +#endif /* SHARED */ + dl_cfi_check_dlopen (l); +} diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index ff96ae77f2..94ca0dcc35 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -120,6 +120,8 @@ elf_machine_dynamic (void) " _RTLD_PROLOGUE (_dl_start_user) "\ # Stash user entry point in s0.\n\ mv s0, a0\n\ + # Setup CFI features\n\ + " RTLD_START_ENABLE_RISCV_CFI "\ # Load the adjusted argument count.\n\ " STRINGXP (REG_L) " a1, 0(sp)\n\ # Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env) \n\ diff --git a/sysdeps/riscv/dl-prop.h b/sysdeps/riscv/dl-prop.h index a832e4aea6..1c9fb6b38b 100644 --- a/sysdeps/riscv/dl-prop.h +++ b/sysdeps/riscv/dl-prop.h @@ -19,14 +19,23 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +extern void _dl_cfi_check (struct link_map *, const char *) + attribute_hidden; + static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + _dl_cfi_check(m, program); +#endif /* __riscv_landing_pad || __riscv_shadow_stack */ } static inline void __attribute__ ((always_inline)) _dl_open_check (struct link_map *m) { +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + _dl_cfi_check(m, NULL); +#endif /* __riscv_landing_pad || __riscv_shadow_stack */ } static inline void __attribute__ ((always_inline)) diff --git a/sysdeps/riscv/features-offsets.sym b/sysdeps/riscv/features-offsets.sym new file mode 100644 index 0000000000..3320cde83f --- /dev/null +++ b/sysdeps/riscv/features-offsets.sym @@ -0,0 +1,5 @@ +#define SHARED 1 + +#include + +RTLD_GLOBAL_DL_RISCV_FEATURE_1_OFFSET offsetof (struct rtld_global, _dl_riscv_feature_1) diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h index cd184bac61..662a45817d 100644 --- a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -18,3 +18,33 @@ /* FIXME: Should be remove after they are included in the kernel header */ #include #include +#include + +#ifdef __riscv_shadow_stack +# define CHECK_AND_ENABLE_SHADOW_STACK \ +"\ + andi a0, s1, " STRINGXP (GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) "\n\ + beqz a0, 1f \n\ + li a0, " STRINGXP (PR_SET_SHADOW_STACK_STATUS) "\n\ + li a1, " STRINGXP (PR_SHADOW_STACK_ENABLE) "\n\ + li a2, 0 \n\ + li a3, 0 \n\ + li a4, 0 \n\ + li a7, " STRINGXP (__NR_prctl) "\n\ + ecall \n\ +1: \n\ +" +#else +# define CHECK_AND_ENABLE_SHADOW_STACK +#endif + +#define RTLD_START_ENABLE_RISCV_CFI \ +"\ + lw s1, _rtld_local + " STRINGXP (RTLD_GLOBAL_DL_RISCV_FEATURE_1_OFFSET) " \n\ + # We need to enable shadow stack in the assembly code to avoid underflow \n\ + # Checking for landing pad is left to _dl_cfi_setup_features \n\ + " CHECK_AND_ENABLE_SHADOW_STACK "\n\ + mv a0, s1 \n\ + jal _dl_cfi_setup_features \n\ + \n\ +" From patchwork Fri Jul 11 13:52:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116133 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0680B3857B8F for ; Fri, 11 Jul 2025 13:56:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0680B3857B8F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=PTgW3Q4L X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id C00A3385735B for ; Fri, 11 Jul 2025 13:53:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C00A3385735B Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C00A3385735B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241996; cv=none; b=WDEl7UVGo1ixxUtm71MYnsdKkV0QGQveHgWaxEDkTcxb6pu0Eq1pKNHIG8QbamIjrd5+u0f7Z7JeN6A+XkWqMWlzeUScQELl00WBAqugMjMVt4FUTCEQeDV8T25XRc+Mq1Vg4Ar1L5a8N2xhiSDN+i9uUlpOt8XhcibhRYpYrvM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241996; c=relaxed/simple; bh=yaoSnVmm/YQxttQo4ekiBy8wlxuEpRVKkCG16pSnjgw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=XTYJYxc/wOr6iYFaPmBYfvDWzXO13gvXbEPMDI5/BZCjfL54u1XHIZHkQCKsWldwL2ui/SFnYeyGQawM4xY91hfLFGk8ngarpJPG52jkbTYcs8ex/U1KzwOeA4ao4hXTmuUW9gNqLXASZuMR4vSN30wWLsb0mpEJVWOz/dLgiYA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C00A3385735B Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-234f17910d8so22256845ad.3 for ; Fri, 11 Jul 2025 06:53:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241994; x=1752846794; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JxJ69tYtlJhFY803PIBfA5dhG1MfDARyip8jebqe5Qs=; b=PTgW3Q4LFRFxzWzcA0UjTgldUG9rXlsZ1JAGLAqh2fzgAj4zmggiFXI3Y+hpU1e1Iy eD1YVlqm4jUYliRnjvzNvj58yKyaq6mE1bUtItCaH0qf9g0paZ4akIdoUhj+5uGN0HPI rpqv6w2d4CWXCg5QiVM5TwqaOgivrUZJ3VREfUZ4ULKkfVwLIe6np8M7kdjFS3j3gmLS fTulqugE5OCjQkXSb+EP1dgyOmqesIxQ+6XBXoZqUyrh3vUX2hiOUh7MCrOPI0U0doZd sYmut68E1mt57UE1ylKKu7V4a34IPdJNjZbUTCSPdnpkaXMRamB7UU4vnMRvsdt2pGvM +LdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241994; x=1752846794; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JxJ69tYtlJhFY803PIBfA5dhG1MfDARyip8jebqe5Qs=; b=TsXaMRwGZacSu1PupcGR3XI1+A9HCiU2XTdzKu5dYK8A1kJMXxbBxDzkm2kUA9MoSA C3amYpPSFLB21UHlcIAPwGUcq7PPSrxtmlVGB2r+9eEauBWB+huvR8WBZL6WF/xPxuE6 bzkGT9RulLxu8LyzSI07uqdK62LRQ7Kk+K907I5pdn+OAN0rzNBmvATh3DaNP6x69Bk+ vs/Uapcuny9sFdL3yyW0YQTyXqkfE2UXD6Ck/HL5VzLIryd5NC2dLM0rhy29eIDPLFGz hGeJavxF6mguOJwuX6wX29iCN16KCQ2s2D4E7O/vs45i4eu1bD+M58KpQziqdYFfVIAo c+3g== X-Gm-Message-State: AOJu0YxgZSO3IKOTCbbpNU99gk+nlggyhFaC/CnGUw4SYE9WSIyGXhZ8 IOK6apoaFLJ2H7vIlZyOZ4a/z9gT7AwHyrCzS+4Ne6W2y/kcXCTaOr6Judb/vpp7O/SspIQY2d+ NzyRawJ8B0mxEYV7bwT0ObbGksf7HSgqWBUqyPQ0XSexQa/1Hi7QTbHr7oUGMifTZSxCjVYWjO3 aARRYOXCejUoptI6MG/vOuTgjmOvWRQSJ0fZuy+vhCFvjF1nji4EYKbA== X-Gm-Gg: ASbGncuAN5Jx8qvwFtG3MKUMvoFwyGEnGFxT19QhJtjZMAQnwVBlHMcODzj72TFN2JC 2aXAXI6bDMLAttWyHBV/aoLsxvOxJ8JvxshRIbMl7qBNwqvJCCsvcsp1RUTobD2nwVheuVo09me JiB7ycMyp78QIg62uSNeCaq9YOTn0T1Dl2+A4MZFDjVh83f1FC+EtQSLQkqV62ApPPVqebn4I+p PuEtYxsoEI0xeWX90ukffCYVsqoNB20dbNzvf1U0FgF9oyMoZin8zLLgQzaiq13zofUPTUHHFr3 jdEGIZfv21bf5GqfYDPJFiOPCzTpwvbZz2x2M1D1MnQ0Q3QGulWnKNlNFRDFO+23Qh5qeWXVmvN ZV4yp7P7t7oS89g7rj9JAto7twZwCmI/+w+uHiBEA X-Google-Smtp-Source: AGHT+IHwxzzzINgvJZW9RxWUG3NdlnG42o5G8fSUMIjiBUVoDwJcOVLf8CBHYk2+uOwj96IOA3l0mQ== X-Received: by 2002:a17:903:1b27:b0:235:7c6:eba2 with SMTP id d9443c01a7336-23dede927cbmr42314425ad.37.1752241993635; Fri, 11 Jul 2025 06:53:13 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:13 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 09/14] riscv/cfi: introduce tunables for CFI features Date: Fri, 11 Jul 2025 06:52:50 -0700 Message-Id: <20250711135255.1732496-10-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org dl_riscv_feature_control is a structure with each member represents a feature configuration. At this time it's only used by CFI features. Each cfi feature is a 2-bit enum, which could be [on|off|permissive], these values decide whether a new legacy object should be blocked while loaded dynamically, and could be controled by glibc tunables. --- manual/tunables.texi | 22 +++ sysdeps/riscv/Makefile | 1 + sysdeps/riscv/cpu-features.c | 46 ++++++ sysdeps/riscv/cpu-tunables.c | 50 +++++++ sysdeps/riscv/dl-cfi.c | 223 ++++++++++++++++++++++++++-- sysdeps/riscv/dl-get-cpu-features.c | 27 ++++ sysdeps/riscv/dl-machine.h | 19 +++ sysdeps/riscv/dl-procruntime.c | 17 +++ sysdeps/riscv/dl-tunables.list | 27 ++++ sysdeps/riscv/feature-control.h | 42 ++++++ sysdeps/riscv/ldsodefs.h | 1 + sysdeps/riscv/libc-start.c | 31 ++++ sysdeps/riscv/libc-start.h | 13 +- 13 files changed, 500 insertions(+), 19 deletions(-) create mode 100644 sysdeps/riscv/cpu-features.c create mode 100644 sysdeps/riscv/cpu-tunables.c create mode 100644 sysdeps/riscv/dl-get-cpu-features.c create mode 100644 sysdeps/riscv/dl-tunables.list create mode 100644 sysdeps/riscv/feature-control.h create mode 100644 sysdeps/riscv/libc-start.c diff --git a/manual/tunables.texi b/manual/tunables.texi index d11ca7ed7c..7c5178e6b4 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -574,6 +574,28 @@ assume that the CPU is @code{xxx} where xxx may have one of these values: This tunable is specific to aarch64. @end deftp +@deftp Tunable glibc.cpu.riscv_cfi_lp +The @code{glibc.cpu.riscv_cfi_lp=[on|off|permissive]} tunable allows the +user to temporarily turn off the branch control flow protection (a.k.a. +landing pad) or set to permissive mode. The default value is @code{on} for +target compiled with Zicfilp extension. Permissive mode allows the protection +to be turned off on program trying to dynamically load a legacy shared library +without landing pad support. + +This tunable is specific to riscv. +@end deftp + +@deftp Tunable glibc.cpu.riscv_cfi_ss +The @code{glibc.cpu.riscv_cfi_ss=[on|off|permissive]} tunable allows the +user to temporarily turn off the return control flow protection (a.k.a. +shadow stack) or set to permissive mode. The default value is @code{on} for +target compiled with Zicfiss extension. Permissive mode allows the protection +to be turned off on program trying to dynamically load a legacy shared library +without shadow stack support. + +This tunable is specific to riscv. +@end deftp + @deftp Tunable glibc.cpu.x86_data_cache_size The @code{glibc.cpu.x86_data_cache_size} tunable allows the user to set data cache size in bytes for use in memory and string routines. diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 11e48be02e..b1f074a3eb 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -1,6 +1,7 @@ ifeq ($(subdir),misc) sysdep_headers += sys/asm.h endif +sysdep-dl-routines += dl-get-cpu-features ifeq ($(subdir),elf) gen-as-const-headers += dl-link.sym features-offsets.sym diff --git a/sysdeps/riscv/cpu-features.c b/sysdeps/riscv/cpu-features.c new file mode 100644 index 0000000000..beca59fe17 --- /dev/null +++ b/sysdeps/riscv/cpu-features.c @@ -0,0 +1,46 @@ +/* Initialize CPU feature data. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _CPU_FEATURES_RISCV_H +#define _CPU_FEATURES_RISCV_H + +# define TUNABLE_NAMESPACE cpu +# include + +# ifdef __riscv_landing_pad +extern void TUNABLE_CALLBACK (set_riscv_cfi_lp) (tunable_val_t *) + attribute_hidden; +# endif +# ifdef __riscv_shadow_stack +extern void TUNABLE_CALLBACK (set_riscv_cfi_ss) (tunable_val_t *) + attribute_hidden; +# endif + +static inline void +init_cpu_features (void) +{ +# ifdef __riscv_landing_pad + TUNABLE_GET (riscv_cfi_lp, tunable_val_t *, + TUNABLE_CALLBACK (set_riscv_cfi_lp)); +# endif +# ifdef __riscv_shadow_stack + TUNABLE_GET (riscv_cfi_ss, tunable_val_t *, + TUNABLE_CALLBACK (set_riscv_cfi_ss)); +# endif +} +#endif /* _CPU_FEATURES_RISCV_H */ diff --git a/sysdeps/riscv/cpu-tunables.c b/sysdeps/riscv/cpu-tunables.c new file mode 100644 index 0000000000..e84dcf2414 --- /dev/null +++ b/sysdeps/riscv/cpu-tunables.c @@ -0,0 +1,50 @@ +/* RISC-V CPU feature tuning. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#define TUNABLE_NAMESPACE cpu +#include +#include +#include + +#ifdef __riscv_landing_pad +attribute_hidden +void +TUNABLE_CALLBACK (set_riscv_cfi_lp) (tunable_val_t *valp) +{ + if (tunable_strcmp_cte (valp, "permissive")) + GL(dl_riscv_feature_control).lp = cfi_permissive; + else if (tunable_strcmp_cte (valp, "off")) + GL(dl_riscv_feature_control).lp = cfi_always_off; + else + GL(dl_riscv_feature_control).lp = cfi_always_on; +} +#endif + +#ifdef __riscv_shadow_stack +attribute_hidden +void +TUNABLE_CALLBACK (set_riscv_cfi_ss) (tunable_val_t *valp) +{ + if (tunable_strcmp_cte (valp, "permissive")) + GL(dl_riscv_feature_control).ss = cfi_permissive; + else if (tunable_strcmp_cte (valp, "off")) + GL(dl_riscv_feature_control).ss = cfi_always_off; + else + GL(dl_riscv_feature_control).ss = cfi_always_on; +} +#endif diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index d1d57b738b..5307a8c4c0 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -15,6 +15,7 @@ License along with the GNU C Library; if not, see . */ +#include "feature-control.h" #include #include #include @@ -22,8 +23,39 @@ #include #include +struct dl_cfi_info +{ + const char *program; + + /* Check how lp and ss should be enabled. */ +#ifdef __riscv_landing_pad + enum dl_riscv_cfi_control enable_lp_type; +#endif +#ifdef __riscv_shadow_stack + enum dl_riscv_cfi_control enable_ss_type; +#endif + + /* Previously enabled features. */ + unsigned int feature_1_enabled; + + /* Features that should be enabled. */ + unsigned int enable_feature_1; + + /* If there are any legacy shared object. */ + unsigned int feature_1_legacy; + + /* Which shared object is the first legacy shared object. */ +#ifdef __riscv_landing_pad + unsigned int feature_1_legacy_lp; +#endif +#ifdef __riscv_shadow_stack + unsigned int feature_1_legacy_ss; +#endif +}; + + static void -dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) +dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) { /* Iterate through the dependencies and disable if needed here */ struct link_map *l = NULL; @@ -42,32 +74,150 @@ dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) /* Skip check for ld.so since it has the features enabled. The features will be disabled later if they are not enabled in executable. */ - if (l == &GL(dl_rtld_map) - || l->l_real == &GL(dl_rtld_map)) + if (is_rtld_link_map (l) + || is_rtld_link_map (l->l_real) + || (info->program != NULL && l == m)) continue; #endif /* SHARED */ - *feature_1 &= l->l_riscv_feature_1_and; + info->enable_feature_1 &= ((l->l_riscv_feature_1_and + & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)) + | ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); + + /* Bookkeeping legacy objects */ +#ifdef __riscv_landing_pad + if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) == 0 + && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + != (info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)) + ) + { + info->feature_1_legacy_lp = i; + info->feature_1_legacy |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif +#ifdef __riscv_shadow_stack + if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) == 0 + && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + != (info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)) + ) + { + info->feature_1_legacy_ss = i; + info->feature_1_legacy |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif } + + /* Keep bits set if cfi_always_on */ +#ifdef __riscv_landing_pad + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0 + && info->enable_lp_type == cfi_always_on) + { + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif +#ifdef __riscv_shadow_stack + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0 + && info->enable_ss_type == cfi_always_on) + { + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif } #ifdef SHARED static void -dl_cfi_check_startup (struct link_map *m, unsigned int *feature_1) +dl_cfi_check_startup (struct link_map *m, struct dl_cfi_info *info) { - /* FIXME: Add tunables here */ - if (!*feature_1) - return; - dl_check_legacy_object (m, feature_1); +# ifdef __riscv_landing_pad + if (info->enable_lp_type == cfi_always_on) + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + else if (info->enable_lp_type == cfi_always_off) + info->enable_feature_1 &= ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + else + info->enable_feature_1 &= ((m->l_riscv_feature_1_and + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + | ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); +# endif +# ifdef __riscv_shadow_stack + if (info->enable_ss_type == cfi_always_on) + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + else if (info->enable_ss_type == cfi_always_off) + info->enable_feature_1 &= ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + else + info->enable_feature_1 &= ((m->l_riscv_feature_1_and + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + | ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); +# endif + + if (info->enable_feature_1 != 0) + dl_check_legacy_object (m, info); /* Update GL(dl_riscv_feature_1) */ - GL(dl_riscv_feature_1) = *feature_1; + if (info->enable_feature_1 ^ info->feature_1_enabled) { + info->feature_1_enabled = info->enable_feature_1; + GL(dl_riscv_feature_1) = info->enable_feature_1; + } } #endif /* SHARED */ static void -dl_cfi_check_dlopen (struct link_map *m) +dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) { + if (info->enable_feature_1 != 0) { + dl_check_legacy_object(m, info); + + if (info->feature_1_legacy == 0) + return; + } + + unsigned int disable_feature_1 = 0; + unsigned int legacy_obj = 0; + const char *msg = NULL; + +#ifdef __riscv_landing_pad + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0 + && (info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0) + { + if (info->enable_lp_type != cfi_permissive || !SINGLE_THREAD_P) + { + legacy_obj = info->feature_1_legacy_lp; + msg = N_("rebuild shared object with landing pad support"); + } + else + disable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif + +#ifdef __riscv_shadow_stack + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0 + && (info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0) + { + if (info->enable_ss_type != cfi_permissive || !SINGLE_THREAD_P) + { + legacy_obj = info->feature_1_legacy_ss; + msg = N_("rebuild shared object with shadow stack support"); + } + else + disable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif + + if (msg != NULL) + _dl_signal_error (0, m->l_initfini[legacy_obj]->l_name, "dlopen", msg); + + if (disable_feature_1 != 0) + // FIXME: Disable CFI here + int res = -1; + if (res) + { + msg = N_("can't disable CFI feature"); + _dl_signal_error (-res, m->l_initfini[legacy_obj]->l_name, + "dlopen", msg); + } + GL(dl_riscv_feature_1) &= ~disable_feature_1; + } } attribute_hidden void @@ -89,20 +239,61 @@ _dl_cfi_check (struct link_map *l, const char *program) { /* As this point we have parsed the gnu properties, for dynamic binary we should verify the dependencies here. */ - /* FIXME: Implement different policy for supporting legacy binaries */ - unsigned int feature_1; + struct dl_cfi_info info; #if defined SHARED && defined RTLD_START_ENABLE_RISCV_CFI if (program) { GL(dl_riscv_feature_1) = l->l_riscv_feature_1_and; - feature_1 = l->l_riscv_feature_1_and; } #endif /* SHARED */ + unsigned int supported_exts = 0; + unsigned int always_on_exts = 0; + +#ifdef __riscv_landing_pad + info.enable_lp_type = GL(dl_riscv_feature_control).lp; + supported_exts += 1; + always_on_exts += (info.enable_lp_type == cfi_always_on); +#endif +#ifdef __riscv_shadow_stack + info.enable_ss_type = GL(dl_riscv_feature_control).ss; + supported_exts += 1; + always_on_exts += (info.enable_ss_type == cfi_always_on); +#endif + + info.feature_1_enabled = GL(dl_riscv_feature_1); + + /* No legacy check needed if all cfi exts are always on in main */ + if (program && (supported_exts == always_on_exts)) + return; + + /* No legacy check needed if all cfi exts are off */ + if (info.feature_1_enabled == 0) + return; + + info.program = program; + + info.enable_feature_1 = 0; +#ifdef __riscv_landing_pad + if (info.enable_lp_type != cfi_always_off) + info.enable_feature_1 |= (info.feature_1_enabled + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); + info.feature_1_legacy_lp = 0; +#endif +#ifdef __riscv_shadow_stack + if (info.enable_ss_type != cfi_always_off) + info.enable_feature_1 |= (info.feature_1_enabled + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); + info.feature_1_legacy_ss = 0; +#endif + + info.feature_1_enabled = GL(dl_riscv_feature_1); + info.feature_1_legacy = 0; + #ifdef SHARED if (program) - dl_cfi_check_startup (l, &feature_1); + dl_cfi_check_startup (l, &info); else #endif /* SHARED */ - dl_cfi_check_dlopen (l); + dl_cfi_check_dlopen (l, &info); } diff --git a/sysdeps/riscv/dl-get-cpu-features.c b/sysdeps/riscv/dl-get-cpu-features.c new file mode 100644 index 0000000000..23da13d52d --- /dev/null +++ b/sysdeps/riscv/dl-get-cpu-features.c @@ -0,0 +1,27 @@ +/* Initialize CPU feature data. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +#ifdef SHARED +# include +void +_dl_riscv_init_cpu_features (void) +{ + init_cpu_features (); +} +#endif diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index 94ca0dcc35..b2a013e78a 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -41,6 +41,7 @@ extern void _dl_cfi_setup_features (unsigned int features); #else # define SET_LPAD #endif +extern void _dl_riscv_init_cpu_features (void); #ifndef _RTLD_PROLOGUE # define _RTLD_PROLOGUE(entry) \ @@ -152,6 +153,24 @@ elf_machine_dynamic (void) #define ARCH_LA_PLTENTER riscv_gnu_pltenter #define ARCH_LA_PLTEXIT riscv_gnu_pltexit +/* We define an initialization function. This is called very early in + _dl_sysdep_start. */ +#define DL_PLATFORM_INIT dl_platform_init () + +static inline void __attribute__ ((unused)) +dl_platform_init (void) +{ + if (GLRO(dl_platform) != NULL && *GLRO(dl_platform) == '\0') + /* Avoid an empty string which would disturb us. */ + GLRO(dl_platform) = NULL; + +#ifdef SHARED + /* init_cpu_features which has been called early from __libc_start_main in + static executable. */ + _dl_riscv_init_cpu_features (); +#endif +} + /* Bias .got.plt entry by the offset requested by the PLT header. */ #define elf_machine_plt_value(map, reloc, value) (value) diff --git a/sysdeps/riscv/dl-procruntime.c b/sysdeps/riscv/dl-procruntime.c index b8fbcd87e7..b1c095cf10 100644 --- a/sysdeps/riscv/dl-procruntime.c +++ b/sysdeps/riscv/dl-procruntime.c @@ -57,4 +57,21 @@ PROCINFO_CLASS unsigned int _dl_riscv_feature_1 # else , # endif + +# if !defined PROCINFO_DECL && defined SHARED + ._dl_riscv_feature_control +# else +PROCINFO_CLASS struct dl_riscv_feature_control _dl_riscv_feature_control +# endif +# ifndef PROCINFO_DECL += { + .lp = cfi_always_on, + .ss = cfi_always_on, + } +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif #endif diff --git a/sysdeps/riscv/dl-tunables.list b/sysdeps/riscv/dl-tunables.list new file mode 100644 index 0000000000..9260cb40ba --- /dev/null +++ b/sysdeps/riscv/dl-tunables.list @@ -0,0 +1,27 @@ +# RISC-V specific tunables. +# Copyright (C) 2025 Free Software Foundation, Inc. +# This file is part of the GNU C Library. + +# The GNU C Library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# The GNU C Library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with the GNU C Library; if not, see +# . + +glibc { + cpu { + riscv_cfi_lp { + type: STRING + } + riscv_cfi_ss { + type: STRING + } +} diff --git a/sysdeps/riscv/feature-control.h b/sysdeps/riscv/feature-control.h new file mode 100644 index 0000000000..a14dfe5519 --- /dev/null +++ b/sysdeps/riscv/feature-control.h @@ -0,0 +1,42 @@ +/* RISC-V feature tuning. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _RISCV_FEATURE_CONTROL_H +#define _RISCV_FEATURE_CONTROL_H + +/* For each CFI feature, LP and SS, valid control values. */ +enum dl_riscv_cfi_control +{ + /* Enable CFI features based on ELF property note. */ + cfi_elf_property = 0, + /* Always enable CFI features. */ + cfi_always_on, + /* Always disable CFI features. */ + cfi_always_off, + /* Enable CFI features permissively. */ + cfi_permissive +}; + +struct dl_riscv_feature_control +{ + enum dl_riscv_cfi_control lp : 2; + enum dl_riscv_cfi_control ss : 2; +}; + +#endif /* feature-control.h */ + diff --git a/sysdeps/riscv/ldsodefs.h b/sysdeps/riscv/ldsodefs.h index 7e22d64102..5aa4acc47d 100644 --- a/sysdeps/riscv/ldsodefs.h +++ b/sysdeps/riscv/ldsodefs.h @@ -20,6 +20,7 @@ #define _RISCV_LDSODEFS_H 1 #include +#include struct La_riscv_regs; struct La_riscv_retval; diff --git a/sysdeps/riscv/libc-start.c b/sysdeps/riscv/libc-start.c new file mode 100644 index 0000000000..0f7ce35c85 --- /dev/null +++ b/sysdeps/riscv/libc-start.c @@ -0,0 +1,31 @@ +/* Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef SHARED + +/* Mark symbols hidden in static PIE for early self relocation to work. */ +# if BUILD_PIE_DEFAULT +# pragma GCC visibility push(hidden) +# endif +# include +# include + +# define ARCH_INIT_CPU_FEATURES() init_cpu_features () + +#endif /* !SHARED */ +#include + diff --git a/sysdeps/riscv/libc-start.h b/sysdeps/riscv/libc-start.h index 7b898f5308..5bb3ecb84d 100644 --- a/sysdeps/riscv/libc-start.h +++ b/sysdeps/riscv/libc-start.h @@ -31,6 +31,15 @@ get_cfi_feature (void) { unsigned int cfi_feature = 0; /* FIXME: check if cfi feature is supported by CPU */ + +#ifdef __riscv_landing_pad + if (GL(dl_riscv_feature_control).lp != cfi_always_off) + cfi_feature |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif +#ifdef __riscv_shadow_stack + if (GL(dl_riscv_feature_control).ss != cfi_always_off) + cfi_feature |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif struct link_map *main_map = _dl_get_dl_main_map (); /* Scan program headers backward to check PT_GNU_PROPERTY early for @@ -43,9 +52,7 @@ get_cfi_feature (void) _dl_process_pt_gnu_property (main_map, -1, &ph[-1]); /* Enable landing pad and shstk only if they are enabled on a static executable. */ - /* FIXME: change to &= to mask off other features after cpu_feature - is implemented */ - cfi_feature = (main_map->l_riscv_feature_1_and + cfi_feature &= (main_map->l_riscv_feature_1_and & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); From patchwork Fri Jul 11 13:52:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116141 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0E9A4385735D for ; Fri, 11 Jul 2025 14:04:53 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0E9A4385735D Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=KdK9TlB1 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id CE60C3858D1E for ; Fri, 11 Jul 2025 13:53:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CE60C3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CE60C3858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::635 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241997; cv=none; b=UQ5QCc/Q7WIsvYewo2kh598g/2Ruq/DTixudY1rYaaWZBC7AHLs+gln3yzIW+kY9mVzyMkufvZy+cjY3dBpnvlMN1p+RZ+PlV87GuxvH5E4ndPPonEhdp67FUQTMR6B0imGXaU1wyInjYmNpyte4a0jgll39MJe9K01RBks4IC4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241997; c=relaxed/simple; bh=63ZCxv/EXyg6HPXJgb47BhpKhrjhQXnjtVcDDWf4elI=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=XkSIVdSPf+MqXfONoh2y1qMqIp7ho6g/FjQk3E7/7STtJRDErSbp8RkzsRPMRwnkCc4kAVmU3COAx6IhIMiYjhL9DSt+Ul8Tk/E2ySoouGqGRWn8CN+m3RdK12c+MSOtF220tMefs4+2D4tTUeqHEHynvtwW1wWyru+Uosg50KY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CE60C3858D1E Received: by mail-pl1-x635.google.com with SMTP id d9443c01a7336-23508d30142so22589455ad.0 for ; Fri, 11 Jul 2025 06:53:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241995; x=1752846795; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lB3/81LPinB9FP/hOhBd9TGQhXcLTSg6KYZChr648P8=; b=KdK9TlB1iFOx10MRCtaShGDBV8w9xgJ3e+/kmjKQfv2uUqPOjH/+xuc1Dvt0379yTn 7K6EOGpJdWWZgJG2U4iFW7psv6m7CkaBWBgx1dB3GAlgLzh54/PJfdCmDMTIS0hsqpUB Cocp8nQhLgg53hqH6G7DEtM2glyEVqBmI68MgNi3HPY3E5yCEgKZD/fG0uIFRGV7kiFQ utAbIL/ETNcq4ms862OwAfKzXAH0b21PWN5hYof9Ry+h+RsmmRmVvV6pcvHoTWpsmtVj ONA2NlGJt6nO7vMkMICCUVVBYyinwVw5ficoHjd5+4tNH90G2s/3nCVM/msQnnFbXoNP kcaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241995; x=1752846795; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lB3/81LPinB9FP/hOhBd9TGQhXcLTSg6KYZChr648P8=; b=Mz2cjVYZblaXy+MC/RViUyjZPIhr9ZVSiClfzbupTqGPigaseGOQS43+qXjQniNOUE cxnGTdlxUxaaZkxgMaPfuBlHMHy7C41tAlnuT2y4eGiCC+GxCz2bHuKvZTfFRBFFxxcd jEB4jlugQUZpEOmOTaCCu0gH7h3Bp0PZMcYOd9ii+DQY6cUyJyHNbJ+dpY9eLo7yhOkZ Z+HH0M+kDkpMolGcgqc6WC20cAj4eLNjsFM8djAouJDXzam1Pa+vt66c7r9ONvtq4vpv y3em+EMP2NcTmEdqCemAA9nozvsp7ikbzbOjEb7dqfyCAVy4rhVCkjHf2XsLRxDy2ImG BFtw== X-Gm-Message-State: AOJu0YwDT7VgrC8iAAZnRTQbLAOifEhOtaib6PV/W0E1LAzqG2uIBhl1 sJWTRQBRcOTmDOtGfkHk0xNUXWSXaAbM0WZryB+aIuzzrJgyCm1FEga4xIlxqQyC5UiCPvKj1IG X7njVxvolHbtyE9Q6ZvK1NTBHCcyioU2iSsMEohwMpf4Ws6IIUWCiq0Ko/BGzj/23Ooo2BnvurB 7PSJiuIHwgkcZAUJ/z+nmjJg9mRlgEDfWJuvscXXqsA9kBtzha/Pg6hQ== X-Gm-Gg: ASbGncsXvV2ZBeVwx05Q3gaisiPi0p4VDExF0QnSIHnrzqBgZAHGL1d0XprzzItv1C7 Hz80k0zbza8UZQ6sn8NKopz/J+BNVzCGaFXJY42n63Fl8aGPNOdwVuwW+w8Zl0g0YNWL8wv0unq tJxq8OkHeEZFpv0jLlSLYrRGDGqTsaAnEcJS7j67qyr40oISVR2HFSKJ4XKtj2GWN4vsxDrhXmu SkOfyBbxFcYkjvZIKoaIbHYXzj7oZjmKpEHe0FrCoC+XGtDJlSgfX3hOBDwdA8bs9zyt8EBB1x1 E++MRgw1Ux6ItGtse3C/09icCLX5jG/ZyVxOBu1brgb2aRQ+D+8UtCWI1Fvbjmb2+BaXyi8kIBY 4/OdqYiGdmOvKAaarGHh88f7A2opssPiqYC1Sxf1b X-Google-Smtp-Source: AGHT+IFehaNcrOaWCAou9i4L7Z6paVLe2Ms/SC6FSKC6Wph1DMHayXUgobeKBM2W+g01iL7uITP0qQ== X-Received: by 2002:a17:903:a8f:b0:22e:5d9b:2ec3 with SMTP id d9443c01a7336-23dede7d432mr48108415ad.30.1752241995341; Fri, 11 Jul 2025 06:53:15 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:14 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 10/14] riscv/cfi: Adjust setjmp/longjmp for shadow stack to work Date: Fri, 11 Jul 2025 06:52:51 -0700 Message-Id: <20250711135255.1732496-11-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Since longjmp to a previous setjmp'ed state could change the stack frame and involves stack frame unwinding, shadow stacks is also required to be unwinded. The unwinding is implemented according to the zicfiss spec by increasing the ssp by a page size (4K) at most, to prevent from accidentally point to another legal shadow stack page after the adjustment. --- sysdeps/riscv/__longjmp.S | 28 ++++++++++++++++++++++++++++ sysdeps/riscv/bits/setjmp.h | 4 ++++ sysdeps/riscv/setjmp.S | 10 ++++++++++ 3 files changed, 42 insertions(+) diff --git a/sysdeps/riscv/__longjmp.S b/sysdeps/riscv/__longjmp.S index 47ff3aa09e..1aa8a235d7 100644 --- a/sysdeps/riscv/__longjmp.S +++ b/sysdeps/riscv/__longjmp.S @@ -51,6 +51,34 @@ ENTRY (__longjmp) FREG_L fs11,14*SZREG+11*SZFREG(a0) #endif +#ifdef __riscv_shadow_stack + /* skip unwinding if ss is not enabled */ + ssrdp t0 + beqz t0, .Lunwind_fin +# ifndef __riscv_float_abi_soft + REG_L t1, 14*SZREG+12*SZFREG(a0) +# else + REG_L t1, 14*SZREG(a0) +# endif +.Lunwind: + bleu t1, t0, .Lunwind_fin + /* Increase ssp by at most a page size to ensure always run into a + guard page before accidentally point to another legal shadow stack + page */ + /* t0 = (t1 - t0 >= 4096) ? t0 + 4096 : t1 */ + lui a0, 1 + add t0, t0, a0 + bleu t0, t1, 1f + mv t0, t1 +1: + csrw ssp, t0 + /* Test if the location pointed by ssp is legal */ + sspush x5 + sspopchk x5 + j .Lunwind +.Lunwind_fin: +#endif + seqz a0, a1 add a0, a0, a1 # a0 = (a1 == 0) ? 1 : a1 ret diff --git a/sysdeps/riscv/bits/setjmp.h b/sysdeps/riscv/bits/setjmp.h index 5ebbec393a..5cbc12fa3d 100644 --- a/sysdeps/riscv/bits/setjmp.h +++ b/sysdeps/riscv/bits/setjmp.h @@ -33,6 +33,10 @@ typedef struct __jmp_buf_internal_tag double __fpregs[12]; #elif !defined __riscv_float_abi_soft # error unsupported FLEN +#endif +#ifdef __riscv_shadow_stack + /* Shadow stack pointer. */ + long int __ssp; #endif } __jmp_buf[1]; diff --git a/sysdeps/riscv/setjmp.S b/sysdeps/riscv/setjmp.S index df048cb544..f547bc0238 100644 --- a/sysdeps/riscv/setjmp.S +++ b/sysdeps/riscv/setjmp.S @@ -61,6 +61,16 @@ ENTRY (__sigsetjmp) FREG_S fs11,14*SZREG+11*SZFREG(a0) #endif +#ifdef __riscv_shadow_stack + /* read ssp into t0 */ + ssrdp t0 +# ifndef __riscv_float_abi_soft + REG_S t0, 14*SZREG+12*SZFREG(a0) +# else + REG_S t0, 14*SZREG(a0) +# endif +#endif + #if !IS_IN (libc) && IS_IN (rtld) /* In ld.so we never save the signal mask. */ li a0, 0 From patchwork Fri Jul 11 13:52:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116143 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 408263858C98 for ; Fri, 11 Jul 2025 14:05:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 408263858C98 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=dBVJrWdO X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) by sourceware.org (Postfix) with ESMTPS id 58C473858C41 for ; Fri, 11 Jul 2025 13:53:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 58C473858C41 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 58C473858C41 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::62f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241998; cv=none; b=YbDBCy0hJPF21iZ1QK6a5CPGkL3GOKBmDkOxUeegVzzag07c5PrvlNHmUDcLnsC2b2+ttI79stS02rCr0+27fXT6S8tTtv6N7lEhCbN+f5+aot9CCxWRLEGa5o/kGM//LXt5A8MyHNY55ChLW9Rm7aEVib/aQNeNKdoiQ8HbXSs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241998; c=relaxed/simple; bh=IDuex62fGRy3qzI0gYznpOvm2ad8r+G2M/FQlcjusDQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=rIfumtWiOiBMTckRQNm1bYi0almVSs5kBKagfKQaTOYARvtVDSkBxJaPhHAACya6GvZRoBVC/JR7fLIT3140VMPNK8FwWqMxVUQwHS+KdWwu7UwRzb071ZbP6lcULvOAsqJIDMmYgbxHyMtveNxMkNq2SGAIiUxexcGTLfNBvZo= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 58C473858C41 Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-2366e5e4dbaso25991905ad.1 for ; Fri, 11 Jul 2025 06:53:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241997; x=1752846797; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Lt9BLu7omtRHKfVr4FqT44XasoCkJLUkemmnDoKbI8s=; b=dBVJrWdO8SoPsIP0dLqyNN3R6iTFd2VVSAI9DC18VXZ4OAlB8heDsvXMOHX6y4aOfG JKS64uvYdO74qyNxTyPG2M1/G96Udo/87lIvycqepjL2anUJ6CyCqBIovXn0c3oRLXMR x11plUJBNEVylXGj4u6V+zjlNgET3FWzwvkvWTvSgwFFVGX4aT606rxmoTtpiLJXRThq 1fRxCKhm5lS1+JrdpgkiQP/Attr8q7S/xVf3ioW6DJYAz/4mZqTLW+SH1OlbQlhVihmM PRCWta76O90ylQ9xpOLlnBWEodx+vK+fh6tWB3Qo/Zri0RXhYmPA+Mro7P/wHPyH9OVT nUmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241997; x=1752846797; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lt9BLu7omtRHKfVr4FqT44XasoCkJLUkemmnDoKbI8s=; b=ILZz3j1RV1AxPIxNRm1294HpzxLp5OnFP7w3DaCCptSay+H8yN6USpJHy5MJgCQGj4 JIxpEphsYNAZXCDMMRRNNVwO/QE2PPcSlXoJ6Dx25dJtN0Sz1IsPWUUg/zVSwKsgIr23 43UZhVPiJD9Ch7AKg6daif32oUpp0ZBNAb0lChSal8AUn0tm9FvUHYJ1xMR99GhETttI fXn7ZlIHj3WkNNqnYIxz0+XbOaSP+wNgUHHRc7LgLBuua/mY8/Qnvw0Ud60JUOW/A6Yu Zl75uk/jN0l6ialj5zzaqYOYYX6hz3bfEyXYwDVx5kqgumqmZFo3o0lbX4yPLvbKNLBR O+5A== X-Gm-Message-State: AOJu0Yz4snVQ90zCGfmS8/42dWTZ2vdH0leTSR0qvkKy6o3cAgp5buAB I5PK3hdOMgKLqmDrO4L03SUZbpoy+EywMiQr8KZZiDGc+x49beUTWis1NO7v5sls+gXNKC/nMCZ 9eUwIfCDnIHDaEmifkrhaKXxdd4pyYDa0eX9RjHhvdr+kvu2tJC8iDT8z0sdUfCHOGFWomcOcvE Xri3pkaZxIwlFiNtJws2s/OroXA5pFSusJiM9+9gQqg+l9RA/hfsqM/w== X-Gm-Gg: ASbGncvWhR+uU6VcGJ7nypILbOvtLffAhCvrb/CttdSZsRa7Pv3q11an7obrI/MEvXX e8rOhV0bu4Q6NJe6WWtmtihAdNTx9BcO2G1Y9/KQSN7G2K+9Z5b4khKXPArhsFnLP3HW37xdRsf cUCUVt0VtSqFJwqRUcK1wPwx2IWR5Oir80GmofxqGOhd9GuzwqjpCGdvLxwq14+PgeFAPnRpmTI vfYYpZcHDtoKpsfDmjlO5YlU8aRgX+MTmfMv8i+n4MV2zVlroiAtrOpLY7UIrZfubg4jC7eBcNF HUNxRg62o1bxq3ogA/FOpLoFWVnw3gD6bo4V/4ut/qz5K5f37shaq07OZbi84V3lixhAru77L64 LXwjllM4rZZzVU8Yb3flYNSjAASzHpmUVunxB8VSX0STZR/tyQqY= X-Google-Smtp-Source: AGHT+IE43AWY4bPRALAtal5iUvl8DeHfiEpjyrfXdzLXLjeQx4eULjwlqU+lwJsX3Ms6fvIhuDUVsw== X-Received: by 2002:a17:903:2286:b0:231:9817:6ec1 with SMTP id d9443c01a7336-23dede5b1camr45855545ad.17.1752241996609; Fri, 11 Jul 2025 06:53:16 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:16 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 11/14] riscv/cfi: Support locking/disabling CFI and move OS depedent code Date: Fri, 11 Jul 2025 06:52:52 -0700 Message-Id: <20250711135255.1732496-12-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- sysdeps/riscv/dl-cfi.c | 40 +++++++++++----- sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 65 ++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 11 deletions(-) diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index 5307a8c4c0..d58d42e75d 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -57,7 +57,7 @@ struct dl_cfi_info static void dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) { - /* Iterate through the dependencies and disable if needed here */ + /* Iterate through the dependencies and record legacy objects */ struct link_map *l = NULL; unsigned int i; i = m->l_searchlist.r_nlist; @@ -86,7 +86,11 @@ dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) | ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); - /* Bookkeeping legacy objects */ + /* Bookkeeping first found mismatch object for both lp/ss. + These information would only be used by dlopen check for now. + A dependency with a feature on will be record as legacy if the task + did not enable the feature, however it is safe because the following + check will only be performed if the task has the feature on. */ #ifdef __riscv_landing_pad if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) == 0 && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) @@ -208,8 +212,8 @@ dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) _dl_signal_error (0, m->l_initfini[legacy_obj]->l_name, "dlopen", msg); if (disable_feature_1 != 0) - // FIXME: Disable CFI here - int res = -1; + { + int res = dl_cfi_disable_cfi (disable_feature_1); if (res) { msg = N_("can't disable CFI feature"); @@ -223,14 +227,29 @@ dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) attribute_hidden void _dl_cfi_setup_features (unsigned int feature_1) { - /* Since prctl could fail to enable some features - use prctl to get enabled features again and sync it back. */ + /* Enable features. Shadow stack is enabled earlier as it should + * be enabled in a function that never returns. */ +#ifdef __riscv_landing_pad + dl_cfi_enable_lp (feature_1); +#endif /* __riscv_landing_pad */ + + /* Since we could failed to enable some features, + get enabled features from system again and sync it back. */ + int status = dl_cfi_get_cfi_status (); + GL(dl_riscv_feature_1) = status | (GL(dl_riscv_feature_1) & + ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)); + + /* Lock features if set to always_on */ #ifdef __riscv_landing_pad - if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) - INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, - PR_INDIR_BR_LP_ENABLE, 0, 0, 0); + if (GL(dl_riscv_feature_control).lp == cfi_always_on) + dl_cfi_lock_cfi (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); #endif /* __riscv_landing_pad */ - /* FIXME: Read enabled features from kernel and re-sync */ +#ifdef __riscv_shadow_stack + if (GL(dl_riscv_feature_control).ss == cfi_always_on) + dl_cfi_lock_cfi (GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); +#endif /* __riscv_shadow_stack */ + /* FIXME: Should we terminate if failed to lock under always on mode? */ } /* Enable CFI for l and its dependencies. */ @@ -287,7 +306,6 @@ _dl_cfi_check (struct link_map *l, const char *program) info.feature_1_legacy_ss = 0; #endif - info.feature_1_enabled = GL(dl_riscv_feature_1); info.feature_1_legacy = 0; #ifdef SHARED diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h index 662a45817d..8bbb379fea 100644 --- a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -48,3 +48,68 @@ jal _dl_cfi_setup_features \n\ \n\ " + +static __always_inline int +dl_cfi_disable_cfi (unsigned int feature) { + int res = 0; +#ifdef __riscv_landing_pad + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + { + res = prctl (PR_SET_INDIR_BR_LP_STATUS, 0, 0, 0, 0); + if (res) + return res; + } +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + { + res |= prctl (PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (res) + return res; + } +#endif /* __riscv_shadow_stack */ + return 0; +} + +static __always_inline int +dl_cfi_lock_cfi (unsigned int feature) +{ + int res = 0; +#ifdef __riscv_landing_pad + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + res |= prctl (PR_LOCK_INDIR_BR_LP_STATUS, 0, 0, 0, 0); +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + res |= prctl (PR_LOCK_SHADOW_STACK_STATUS, 0, 0, 0, 0); +#endif /* __riscv_shadow_stack */ + return res; +} + +static __always_inline int +dl_cfi_get_cfi_status (void) { + int status = 0; + unsigned long buf = 0; + int ret = 0; +#ifdef __riscv_landing_pad + ret = prctl (PR_GET_INDIR_BR_LP_STATUS, &buf, 0, 0, 0); + if (!ret && buf) + status |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + ret = prctl (PR_GET_SHADOW_STACK_STATUS, &buf, 0, 0, 0); + if (!ret && buf) + status |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif /* __riscv_shadow_stack */ + return status; +} + +#ifdef __riscv_landing_pad +static __always_inline int +dl_cfi_enable_lp (unsigned int feature) { + if (!(feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)) + return -1; + return INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, + PR_INDIR_BR_LP_ENABLE, 0, 0, 0); +} +#endif /* __riscv_landing_pad */ From patchwork Fri Jul 11 13:52:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116144 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0063D3858C56 for ; Fri, 11 Jul 2025 14:08:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0063D3858C56 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=iFL5L+FE X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id B86B33857439 for ; Fri, 11 Jul 2025 13:53:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B86B33857439 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B86B33857439 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241999; cv=none; b=uQ4sKZ6QF0vmM4PMyFGjPbDQl2U7bkkQqEyjlIHDC54o0aVxCQdl9XRF4MyUDZxIKXCtY93igRPIOhW5Zfixm1gNrF5NMxjCyhNKpRaUgNlYEbg8k/wSnWLAZMCaOjFPOCJ2/jctN+BrFNuo8T8+Hs0afsyEAG0ZLTKeTRLrezU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752241999; c=relaxed/simple; bh=0a0EW5uAHVaTHniz/HpDo9qVrY3WK3CgYQc7fw147ek=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=eC8tPX7itkvSUTji1Ezu32XUAvSKxYLMOrmdygQgg2zgF/vcYXv6QW5VGVjzVlRM3nSTyoY2e0d5dlDjp1EC+V8zHEFoaaK/JR9SFvIAKoHexGnY4jZxwqavVLoNo8Syl1CgJrYLN+w7H6qoMGv4UfsaWRmaGGji96c3rvisC44= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B86B33857439 Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-23c8f179e1bso23456405ad.1 for ; Fri, 11 Jul 2025 06:53:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752241998; x=1752846798; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2AWOF5b6cHWzxKfpoZCnF8e/G5Nx0qsmCkxFQ4rumGM=; b=iFL5L+FEbrpVBP/NV8SX6qWoCT1CJ3w8TVVBpSrdARuuEN0+X7TlxUi3Y44ALqK7s5 cfOkJoCcvNr/r/pQcXLAZE13UR1xwr3SIL4Ea0/ek8093tnDaZeRjNrrABTs/zCeAWcM Yhb0JakCRQiWL0Ja0uN8on4r0Tq+qIeEpS1bu27ywxlFYiTaHXKiG9KSW/GzIuqoMyDt LpZ05QjBTG7scx/CE7Pt8cTauhwItgI3vPNaF4bPP6IEtU94l8iaLXl2hlQh3jyXSKcU 11uaTI17Fo39GMFRKALXeJil+WYhlp1vc2ILVM2Veu4HpXfvhdhD+Cx1yCUIjC1g1Obq G88Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752241998; x=1752846798; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2AWOF5b6cHWzxKfpoZCnF8e/G5Nx0qsmCkxFQ4rumGM=; b=ebL5fQrQR6aTHq/LLjfScri/UfgPXlEVvgrGiqgS33Xa3Va8juLtPuHc+APheyEvoY WnRumnxx4gM2myhKcaieLHFAPRHURjahG13VdQH9SEuSC3YfxkHpMO662Sw5WMwlyciH JUn2NJ8Rw0vpJjh2vzlAw5xoNp8BBzHONmjety9BO40ZJa3LWCdk4C+qQEsiAr/cwX4n +k4HdqzSSj1BiHdr/GjyWlSe7dpf2+q4quwrlyQh2RqZb1Ljd5RQ2z8HmNv0QE6AUS6z CfHerBBALiSq1kg/4p/Rvbsnzz4De406QmrunHQult359BvIksGWDIwZ/9nVnj0l2f60 8olg== X-Gm-Message-State: AOJu0YxI8U22KFFIQrABHri5UmtAXw3p/8VFi0jdSdyQ2dSbGmixrF1M cBlhGv+XHfAuVP0IDSAvZa3yv9xztFB+2uN9HDncxaX5k/kkgr0tNefaanRHq+79xCyv6JWYGFQ LPit8JbJNLRcVNb3PXWU6ybnTb1RKFQGU8HvC5W+MSufta5BTrcjRWPjhbztrOHSBqovwdFpch0 ulthNTwFbkGkDCsKeQkJp8x+yk6508oBYppyAVH6NKGG1Jg7lF7Eum3Q== X-Gm-Gg: ASbGncsKc9YoFExOch/XLmHJTRpw1eAAvXg9LHxlxjFM8ctRICbAkU9dN03SLLpdxRf kk79A1dNBaKUfoThptp0qOrw9G0QQNljVl8jD3G4POCWZrVDa/xf/tRy2QQLkN44kT5woXvQmIO KfNyn3Iccd9f/xTQgduI5kz636PZHe6THsbKo+302O2GTkeETDy0wcV7ntVJ+1QWl6h9DIng/45 ikgTjlJIgXjnVkSNX59xCXtdfKnl0leiNkPYhMyJcaN+Mxy9Xfh7vLL6TnNMH9f8aa7P9IGKOTG JvqB4CmjcknqwNQlf3EHwUi2+opoEq2mIsdNafPwtyIryPCXU2je5fwpM+64Qp0cKRRu5vrsTFY BgvJuTOl7nLOTaZ7szlxMzFjjIUKgjn4EgQCijaAl/A9d8NMcS0U= X-Google-Smtp-Source: AGHT+IEYCB3PT9T5ZuiY2x7bQBPsN+n0irW7YUz7G4G2ofbMVIjxie5d2YswO2PmZQg8t8Dm8p5olQ== X-Received: by 2002:a17:903:8c5:b0:23c:8f12:3f90 with SMTP id d9443c01a7336-23dee262fc7mr49121415ad.41.1752241998300; Fri, 11 Jul 2025 06:53:18 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:17 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 12/14] riscv/cfi: Store shadow stack information in TLS and ucontext_t Date: Fri, 11 Jul 2025 06:52:53 -0700 Message-Id: <20250711135255.1732496-13-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Switching between different ucontexts involves two cases, one is both sharing a same shadow stack, which requires a unwinding, and the other is both using a different shadow stack, which require a stack switch using shadow stack restore token. By storing shadow stack in ucontext_t and TLS, we can tell the difference and perform the following action. --- sysdeps/riscv/nptl/Makefile | 1 + sysdeps/riscv/nptl/tcb-offsets.sym | 5 +++++ sysdeps/riscv/nptl/tls.h | 2 ++ .../unix/sysv/linux/riscv/bits/types/__sigset_t.h | 13 +++++++++++++ sysdeps/unix/sysv/linux/riscv/sys/ucontext.h | 7 ++++++- sysdeps/unix/sysv/linux/riscv/ucontext_i.sym | 2 ++ 6 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 sysdeps/riscv/nptl/Makefile create mode 100644 sysdeps/riscv/nptl/tcb-offsets.sym create mode 100644 sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h diff --git a/sysdeps/riscv/nptl/Makefile b/sysdeps/riscv/nptl/Makefile new file mode 100644 index 0000000000..2b7bf43403 --- /dev/null +++ b/sysdeps/riscv/nptl/Makefile @@ -0,0 +1 @@ +gen-as-const-headers += tcb-offsets.sym diff --git a/sysdeps/riscv/nptl/tcb-offsets.sym b/sysdeps/riscv/nptl/tcb-offsets.sym new file mode 100644 index 0000000000..04fee5e20e --- /dev/null +++ b/sysdeps/riscv/nptl/tcb-offsets.sym @@ -0,0 +1,5 @@ +#include +#include +#include + +SSP_BASE_OFFSET offsetof (tcbhead_t, ssp_base) diff --git a/sysdeps/riscv/nptl/tls.h b/sysdeps/riscv/nptl/tls.h index 11a1b08972..1e7c26790b 100644 --- a/sysdeps/riscv/nptl/tls.h +++ b/sysdeps/riscv/nptl/tls.h @@ -44,6 +44,8 @@ typedef struct { dtv_t *dtv; void *private; + /* The marker for the current shadow stack. */ + unsigned long long int ssp_base; } tcbhead_t; /* This is the size of the initial TCB. Because our TCB is before the thread diff --git a/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h b/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h new file mode 100644 index 0000000000..308ae99a10 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h @@ -0,0 +1,13 @@ +/* Architecture-specific __sigset_t definition. ARC version. */ +#ifndef ____sigset_t_defined +#define ____sigset_t_defined + +/* We shrink it a bit to make space for storing shadow stack pointer. */ + +#define _SIGSET_NWORDS (896 / (8 * sizeof (unsigned long int))) +typedef struct +{ + unsigned long int __val[_SIGSET_NWORDS]; +} __sigset_t; + +#endif diff --git a/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h b/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h index a572ec62ee..9c157fa0d8 100644 --- a/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h +++ b/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h @@ -95,7 +95,12 @@ typedef struct ucontext_t future. Though this is unlikely, other architectures put uc_sigmask at the end of this structure and explicitly state it can be expanded, so we didn't want to box ourselves in here. */ - char __glibc_reserved[1024 / 8 - sizeof (sigset_t)]; + /* We've taken 16 bytes from uc_sigmask by shrinking sigset_t to store the + shadow stack information. */ + unsigned long long int uc_ssp; + unsigned long long int uc_ssp_base; + char __glibc_reserved[1024 / 8 - sizeof (sigset_t) - \ + 2 * sizeof (unsigned long long int)]; /* We can't put uc_sigmask at the end of this structure because we need to be able to expand sigcontext in the future. For example, the vector ISA extension will almost certainly add ISA state. We want diff --git a/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym b/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym index be55b26310..d9f7957983 100644 --- a/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym +++ b/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym @@ -20,6 +20,8 @@ UCONTEXT_LINK ucontext (uc_link) UCONTEXT_STACK ucontext (uc_stack) UCONTEXT_MCONTEXT ucontext (uc_mcontext) UCONTEXT_SIGMASK ucontext (uc_sigmask) +UCONTEXT_SSP ucontext (uc_ssp) +UCONTEXT_SSP_BASE ucontext (uc_ssp_base) STACK_SP stack (ss_sp) STACK_SIZE stack (ss_size) From patchwork Fri Jul 11 13:52:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116136 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DD5B73858C31 for ; Fri, 11 Jul 2025 13:59:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DD5B73858C31 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=kghAfWyr X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 240863858CDA for ; Fri, 11 Jul 2025 13:53:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 240863858CDA Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 240863858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752242001; cv=none; b=l96Zf7jmV4wp7E6F2T6vieilBjiiuQpXBFYahpjVJTiVHmDzqwyJv3aLmA0CvR9Hw3/xWlyo2OCs98Gz2LLWCZnAIbSMI7jbOxKs9MtHAMwW/9dR/JhROBcx3+1VA5sl7TTLMDu3sTmW3MuFamgqfcOs7IgMcEEhph8XhfFWdJE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752242001; c=relaxed/simple; bh=X/a1V8tSGMl5LIsIQvRpJ1tk6p7NlATqoUL+YakJun4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=N73QsgU87v2lJTAN1xz1+Psbfi5gBVUahNLpEsyzJ6ncENDYPphKv6xgynGN6pCvXIfc8ph1gaS19GkOjMmBPZfZfuQa+rBGyWgybbJVGpRPdSiHZcVZfNh1pY8KBLyiXuHyphH6Nno24urheUHK0ZA0jgVunOvkoQotAtsd0Y0= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 240863858CDA Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-2363616a1a6so17996195ad.3 for ; Fri, 11 Jul 2025 06:53:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752242000; x=1752846800; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NXQyTS7UxIfEamL+ZRVVjuCHqLSmZmc5gjwNY4GpZcE=; b=kghAfWyrXsGnAPKOSfyxUWge5Dwsnvzl6E7Q+uN7x96wCP83jLLr8i5PFkT9Vwl7LI 1hN57K0UvoM1y6OMXY9vtyZuFhOPeOWx5wTgxBOjVrSnk5rdXK+9W+T5k1KSI4FqGssA JNDByUPIFOsNeCgWKjyhaV5lFsurCoow1orbUAStPtHRmkxdImc5Ths3LL6mw5jnFf35 Xmf309vS7dwAIEMlE9KJV8ANjL01gcO17rtg8JVHMpH6giq8naOpzbOW7u/uyj2RL42A Qw4LN6k3edfL8zgC4CAdhpP/JsJBltXbEDkN9j8/erj1rIIapyo6eXkTpuLID410aCtp fDDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752242000; x=1752846800; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NXQyTS7UxIfEamL+ZRVVjuCHqLSmZmc5gjwNY4GpZcE=; b=Swhx6MCYalXVZYATwWCZI1GlIn4EKCvM9CObc4QpCLXKtgCLNSaHf5GRIwXjHAZkUW 2kQr3dyoIYbBWsz/vzFpZyaYPzl+FGjbwdfefXB3RrEX4PRP9WNfuV+UnIdxTfUHU+ki fP9V93DfBiFyEiQVWKT1T0jebd5MOXnhLogzYmZLccp77xWn4bOmfaf9gQ8eIWHWphbV BZ2hSxsPbiW1vIwTGMZ+B4xjhUJ/d5jXmeAjbLx6FxWpAe3HyXRJ2dWwx4eZGSdO6nzS c351x61ehsA+AfCn6+WWGlpEIbf8ToFjB0+Tae2PugECqDf5XlH3JaOJirGQt6j+IaDa VAEw== X-Gm-Message-State: AOJu0Yz6Q0t6y//Br/JE3aOWZqUwICoUrB1/r93ELG9DApzojRODiXSY Yhpjosbcv0RY4LCd4W32cOo93kh6NURn2+yt22wP67Q1rGwDClt8nhXHffRkvpu2wvmdJBiHCS2 nC3z6feB1IuDxjG71qE75YZMId+ZBCykb7PsKFZOyFSWvNlP+lK0iv3ZoX657JazryBXwyzFXfm tinaPKqPj5jX8YuxsiVCEqRqG/eIkIs8KpETE2p2w3Yx/wQUd04w/X5g== X-Gm-Gg: ASbGncuEVNTuMskbCQksg28pdDupBwJa7ZxBJxW2sTZ8/N8obNHQ/9hzQVjL63Bk1zn qP1iYFxqrerSW0ryTKVdoxMQMFZxLYbxbYIvbGleuqTm0N75VbUMNeKLpCyKDoo8chpmBIvDCcK vmA0Ow6efIlYFprQuptnU05+7Z4sQSb+4buSp4yy24uCjI7KT4GDEw3DH2hjquKpqZEauc20P8l qcVEPjzghVzcL1ZW1eiE9F6zWG7JB6HdKJA0TyWutnxw7Bxc4gYjci08Ub/3qR/Do0fN8K2fEiA y3p09PEQvLoVVgQCNO+wQXsJVxBDumqtepllGjTxe1VpDi/AhvKTCitkG96dqwwyae8Vc9z5dzC WHyYVaHPTvX6nRaYeMUR2vq6I6O+zP6pxrVMnR+d5PbYriEc66dc= X-Google-Smtp-Source: AGHT+IFWIAgWimxFJVHPunwfgMq8tsOZhfE3HnwuuLwrTA9DBStN5JAb2PY1WLIrQJox3gO5kc/LoQ== X-Received: by 2002:a17:903:b8e:b0:237:ec18:ead7 with SMTP id d9443c01a7336-23dee27d2f0mr53481575ad.24.1752241999480; Fri, 11 Jul 2025 06:53:19 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:19 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v2 13/14] riscv/cfi: Add __allocate_shadow_stack for mapping new shadow stack Date: Fri, 11 Jul 2025 06:52:54 -0700 Message-Id: <20250711135255.1732496-14-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- sysdeps/unix/sysv/linux/riscv/Makefile | 1 + .../sysv/linux/riscv/allocate-shadow-stack.c | 55 +++++++++++++++++++ .../sysv/linux/riscv/allocate-shadow-stack.h | 24 ++++++++ sysdeps/unix/sysv/linux/riscv/bits/mman.h | 30 ++++++++++ sysdeps/unix/sysv/linux/riscv/sysdep.h | 2 + 5 files changed, 112 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c create mode 100644 sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h create mode 100644 sysdeps/unix/sysv/linux/riscv/bits/mman.h diff --git a/sysdeps/unix/sysv/linux/riscv/Makefile b/sysdeps/unix/sysv/linux/riscv/Makefile index 04abf226ad..7e81cc078a 100644 --- a/sysdeps/unix/sysv/linux/riscv/Makefile +++ b/sysdeps/unix/sysv/linux/riscv/Makefile @@ -7,6 +7,7 @@ sysdep_headers += \ sysdep_routines += \ flush-icache \ hwprobe \ + allocate-shadow-stack \ # sysdep_routines endif diff --git a/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c new file mode 100644 index 0000000000..7e060e1fe3 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c @@ -0,0 +1,55 @@ +/* Helper function to allocate shadow stack. + Copyright (C) 2023-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +/* NB: This can be treated as a syscall by caller. */ + +long int +__allocate_shadow_stack (size_t stack_size, + shadow_stack_size_t *child_stack) +{ +#ifdef __NR_map_shadow_stack + size_t shadow_stack_size + = stack_size >> STACK_SIZE_TO_SHADOW_STACK_SIZE_SHIFT; + /* Align shadow stack to 8 bytes. */ + shadow_stack_size = ALIGN_UP (shadow_stack_size, 8); + /* Since sigaltstack shares shadow stack with the current context in + the thread, add extra 20 stack frames in shadow stack for signal + handlers. */ + shadow_stack_size += 20 * 8; + void *shadow_stack = (void *)INLINE_SYSCALL_CALL + (map_shadow_stack, NULL, shadow_stack_size, SHADOW_STACK_SET_TOKEN); + /* Report the map_shadow_stack error. */ + if (shadow_stack == MAP_FAILED) + return -errno; + + /* Save the shadow stack base and size on child stack. */ + child_stack[0] = (uintptr_t) shadow_stack; + child_stack[1] = shadow_stack_size; + + return 0; +#else + return -ENOSYS; +#endif +} diff --git a/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h new file mode 100644 index 0000000000..af5f0f1dda --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h @@ -0,0 +1,24 @@ +/* Helper function to allocate shadow stack. + Copyright (C) 2023-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +typedef __typeof (((ucontext_t *) 0)->uc_ssp) shadow_stack_size_t; + +extern long int __allocate_shadow_stack (size_t, shadow_stack_size_t *) + attribute_hidden; diff --git a/sysdeps/unix/sysv/linux/riscv/bits/mman.h b/sysdeps/unix/sysv/linux/riscv/bits/mman.h new file mode 100644 index 0000000000..683d45b72e --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/bits/mman.h @@ -0,0 +1,30 @@ +/* Definitions for POSIX memory map interface. Linux/risc-v version. + Copyright (C) 1997-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library. If not, see + . */ + +#ifndef _SYS_MMAN_H +# error "Never use directly; include instead." +#endif + +#ifdef __riscv_shadow_stack +# define SHADOW_STACK_SET_TOKEN 0x1 +#endif + +#include + +/* Include generic Linux declarations. */ +#include diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.h b/sysdeps/unix/sysv/linux/riscv/sysdep.h index 14a1f3a647..da28831655 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.h +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.h @@ -207,6 +207,8 @@ GNU_PROPERTY (FEATURE_1_AND, __VALUE_FOR_FEATURE_1_AND) #else /* !__ASSEMBLER__ */ +# define STACK_SIZE_TO_SHADOW_STACK_SIZE_SHIFT 5 + # if __WORDSIZE == 64 # define VDSO_NAME "LINUX_4.15" # define VDSO_HASH 182943605 From patchwork Fri Jul 11 13:52:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 116145 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 93B7B3858D20 for ; Fri, 11 Jul 2025 14:08:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 93B7B3858D20 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=XTHTp0qM X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by sourceware.org (Postfix) with ESMTPS id 0A1D53857356 for ; Fri, 11 Jul 2025 13:53:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0A1D53857356 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0A1D53857356 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::632 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752242003; cv=none; b=lgbcBeY5cX9jMZx6RSaAzPzjdn8G1qcT4ogX+aohX6ovVkIx2lu8QR8tZQUyhzo4qJ6aGKb11eF5Knx9/YWIU1/8Hk4vU5yZYtRgxddRxUNIMCSRlsBVhuwN5UGAoTlcOeGJJN6UY68A+aPv73rwETxQEnW72C+eyQr24S4gg5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1752242003; c=relaxed/simple; bh=Q1pGWWkHOPHOyRwy7EE96Vm06mDFvnGa7hxLauO/6WU=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=eNqCohq42CBooZIHz3RyznONBscKwVPjXzjSD/W6KShzPiNYxG3KiWMLbR4pgYyhLqCjA1VkIJvnTHdV7Hrihdhqc99BizvKnGWSkjIr6/vIJZoWM3ZlZ0246rPb88+3klA32HS+cIH16ykcikYCkK//eydqvop+lMkjTzuHGxE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0A1D53857356 Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-236192f8770so15041155ad.0 for ; Fri, 11 Jul 2025 06:53:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1752242001; x=1752846801; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PZoXx9/eez6QYffOPzTJbE+AgjN5VDa3gBOk1WPGdDw=; b=XTHTp0qMCvoeYAmyngPKQn8On5RIc71QRvHxFbYYAgeanhs+GPPvauHdKtgZauA3Ph 4J3nvSvSfF6o8i9SCQPZVBYqSU9AGL4xGXktdIcT6raMCzWUqc6j/DEgPoUPLAE8Ro1C kXPdw5ipztL/7bTDOGjiQ7DyeiH5aeGC9snVDo+93HGmCHaZ7WguuRBccX9sGJb6uR8J jpGFAPtjxZDFdcTGHH3hnd7iGOs/L7/LzWlaH/RAE6Cgxwxjs1NCccOV3x5038oXgOXn GJv+CzOtCDdzJNdDEt/25ozvxc/WfyfUa63SJb3LxHrJqQKqfeUB3pEabK94ti5RyQER 5Gaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752242001; x=1752846801; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PZoXx9/eez6QYffOPzTJbE+AgjN5VDa3gBOk1WPGdDw=; b=XUENl6SLubyuriTdNfAlfjVSwEedhi1Q2CqoLOeulpD1MZLCejc8JPRPXzMeNmv53i P50qIbkIegP1oRccMol4SMMzcs90glQDSwXTlYYNtE9AwNDjTuA/t37zRocMCuVbiJb/ WuwfKUjL+pBBUn/L3FaG35TAxRn0JXlYc1CS7rqoA6idjgGMW37RRYjZt/3trz5DbNnp FZ6sh4LgdCxtQGxDYx8HYgDNPWWOdYXYSOkpXYEvvF9cD/TbYGrbKtqhhVUXoO0xWWWl U76C92Y8/eo0IBHiB2eKZwbY6h1IA6HKNIcpdZPQr53X0+X2GOrvotRW1oGpQssDCAMi yLow== X-Gm-Message-State: AOJu0YyZ9NbrSM2ykl2vC6Ih65mqFA+H5K6P5HtJp0KhngFJkgbbSecH 7o0nyQUg9CKuktRR9/0+hClelerzXiUht9dJUekFSg3igjwnRHYlFTUxhYYBJyjHUAjPn+/irk/ Px7wV1LkRdNDyO8qFav4YnTS5zYqGBEM9Jr7nU4aEVb5SzyJzW5c2eZQjJ/m/oCCeNaklpgyUmV rCHnaLFrHTdLcEAT/oBxZfGNWYf13hrm61d+tkS16kCRmKIBG0lvE6aw== X-Gm-Gg: ASbGncttGTNZh3pLwkXxxTI5OCo3W80nmjyGn3v9/g1f9+dWz86dC8sWuUzn0Lk0zjn zm71JH7JCVXTxjTOLx3L+ydTZmGG4htRk/gLHgdtOG1vCFat8mCTioIr3l/Q0dfUmT6YFhNgj9m oGtEaQGi9Gi8b7rW6KvgFyYU/BBkOxU1yXbJ/m9Q047o5dpWC/+rWR0p1OjOqVxXO2CKZpG1gQJ P8umY/7h6BK2WldyMonKlCVVK6nzXwXbC4cgvLE7nL5Aj5RVxYhM4mKLEZuO3yhAHB25/368tNb aErOnRJbc0VACbIF8K7EmjQIQ1v3PyNDIZjPgGWQwU+4f8Ru7fK4loezzurudcTut819/MpjM5v t8odQMRpJZgO79k17Bc/4M1fvMvP83O0BJ0e7Eu7N X-Google-Smtp-Source: AGHT+IE+C2fW2jU/Cb2Zgqra1P2eONQBt/wy42e0Z2ctARlsVwbEz7guuEpLSii5NTAkTvi6idG9+g== X-Received: by 2002:a17:903:2d2:b0:236:4d78:d528 with SMTP id d9443c01a7336-23dedd137f1mr48846735ad.6.1752242001046; Fri, 11 Jul 2025 06:53:21 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23de4283b67sm48058295ad.3.2025.07.11.06.53.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Jul 2025 06:53:20 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Nia Su Subject: [PATCH v2 14/14] riscv/cfi: Support ucontext under CFI Date: Fri, 11 Jul 2025 06:52:55 -0700 Message-Id: <20250711135255.1732496-15-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20250711135255.1732496-1-jesse.huang@sifive.com> References: <20250711135255.1732496-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This patch adds support for shadow stack and landing pad to the ucontext library, shadow stack switches are protected by a shadow stack restore token which will be validated during the switch. Co-authored-by: Nia Su --- sysdeps/unix/sysv/linux/riscv/getcontext.S | 20 ++++++ sysdeps/unix/sysv/linux/riscv/makecontext.c | 18 +++++ sysdeps/unix/sysv/linux/riscv/setcontext.S | 67 ++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/swapcontext.S | 77 ++++++++++++++++++++- 4 files changed, 181 insertions(+), 1 deletion(-) diff --git a/sysdeps/unix/sysv/linux/riscv/getcontext.S b/sysdeps/unix/sysv/linux/riscv/getcontext.S index 86e7a8ff91..e529ad98ef 100644 --- a/sysdeps/unix/sysv/linux/riscv/getcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/getcontext.S @@ -17,11 +17,13 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int getcontext (ucontext_t *ucp) */ .text LEAF (__getcontext) + LPAD SAVE_INT_REG (ra, 0, a0) SAVE_INT_REG (ra, 1, a0) SAVE_INT_REG (sp, 2, a0) @@ -58,6 +60,24 @@ LEAF (__getcontext) sw a1, MCONTEXT_FSR(a0) #endif /* __riscv_float_abi_soft */ +#ifdef __riscv_shadow_stack + ssrdp t0 + beqz t0, .Lskip_ss + /* Read ssp_base from TLS */ + ld t1, SSP_BASE_OFFSET(tp) + + bnez t1, .Lbase_saved + /* if not found, use current ssp as the marker */ + mv t1, t0 + sd t1, SSP_BASE_OFFSET(tp) + +.Lbase_saved: + /* Save caller's ssp and base marker to ucontext */ + REG_S t1, UCONTEXT_SSP_BASE(a0) + REG_S t0, UCONTEXT_SSP(a0) +.Lskip_ss: +#endif + /* rt_sigprocmask (SIG_BLOCK, NULL, &ucp->uc_sigmask, _NSIG8) */ li a3, _NSIG8 add a2, a0, UCONTEXT_SIGMASK diff --git a/sysdeps/unix/sysv/linux/riscv/makecontext.c b/sysdeps/unix/sysv/linux/riscv/makecontext.c index 3da27dd5df..1f9bef6887 100644 --- a/sysdeps/unix/sysv/linux/riscv/makecontext.c +++ b/sysdeps/unix/sysv/linux/riscv/makecontext.c @@ -21,6 +21,9 @@ #include #include #include +#ifdef __riscv_shadow_stack +#include +#endif void __makecontext (ucontext_t *ucp, void (*func) (void), int argc, @@ -73,6 +76,21 @@ __makecontext (ucontext_t *ucp, void (*func) (void), int argc, va_end (vl); } +#ifdef __riscv_shadow_stack + /* Allocate shadow stack for the new context */ + + /* shstk_size[0]: shadow stack base + shstk_size[1]: shadow stack size */ + shadow_stack_size_t shstk_size[2]; + int ret = __allocate_shadow_stack(ucp->uc_stack.ss_size, shstk_size); + if (ret != 0) + { + abort(); + } + + ucp->uc_ssp_base = shstk_size[0]; + ucp->uc_ssp = shstk_size[0] + shstk_size[1] - sizeof (shstk_size[0]); +#endif } weak_alias (__makecontext, makecontext) diff --git a/sysdeps/unix/sysv/linux/riscv/setcontext.S b/sysdeps/unix/sysv/linux/riscv/setcontext.S index a2de57b537..eb7ffc5f3a 100644 --- a/sysdeps/unix/sysv/linux/riscv/setcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/setcontext.S @@ -17,6 +17,7 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int __setcontext (const ucontext_t *ucp) @@ -29,6 +30,7 @@ .text LEAF (__setcontext) + LPAD mv t0, a0 /* Save ucp into t0. */ @@ -45,6 +47,55 @@ LEAF (__setcontext) cfi_def_cfa (t0, 0) +#ifdef __riscv_shadow_stack + /* Skip if shadow stack is not enabled */ + ssrdp ra + beqz ra, .Lfin + /* We are safe to adjust shadow stack after the sanity check */ + REG_L t1, UCONTEXT_SSP_BASE(t0) + REG_L a1, UCONTEXT_SSP(t0) + REG_L a2, SSP_BASE_OFFSET(tp) + bne t1, a2, .Ldifferent_stack + +.Lunwind: + bleu a1, ra, .Lfin + /* increase ssp by at most a page size to ensure always run into + a guard page before accidentally point to another legal shadow + stack page */ + /* ra = (a1 - ra >= 4096) ? ra + 4096 : a1 */ + lui t2, 1 + add ra, ra, t2 + bleu ra, a1, 1f + mv ra, a1 +1: + csrw ssp, ra + /* Test if the location pointed by ssp is legal */ + sspush ra + sspopchk ra + j .Lunwind + +.Ldifferent_stack: + /* Create restore token */ + sspush ra + mv a4, a1 + +.Lfind_rstor_token: + /* Probe and validate target restore token */ + ssamoswap.d a3, x0, (a4) + addi a2, a4, 8 + beq a3, a2, .Lswitch_stack + /* Restore the shadow stack and try the next slot */ + ssamoswap.d x0, a3, (a4) + addi a4, a4, -8 + j .Lfind_rstor_token + +.Lswitch_stack: + /* Switch stack: update ssp and base */ + csrw ssp, a1 + REG_S t1, SSP_BASE_OFFSET(tp) +.Lfin: +#endif + #ifndef __riscv_float_abi_soft lw t1, MCONTEXT_FSR(t0) @@ -66,7 +117,11 @@ LEAF (__setcontext) /* Note the contents of argument registers will be random unless makecontext() has been called. */ +#ifdef __riscv_landing_pad + RESTORE_INT_REG (t2, 0, t0) +#else RESTORE_INT_REG (t1, 0, t0) +#endif RESTORE_INT_REG_CFI (ra, 1, t0) RESTORE_INT_REG (sp, 2, t0) RESTORE_INT_REG_CFI (s0, 8, t0) @@ -90,7 +145,12 @@ LEAF (__setcontext) RESTORE_INT_REG_CFI (s10, 26, t0) RESTORE_INT_REG_CFI (s11, 27, t0) +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + jr t2 +#else jr t1 +#endif 99: tail __syscall_error @@ -99,12 +159,19 @@ libc_hidden_def (__setcontext) weak_alias (__setcontext, setcontext) LEAF (__start_context) + LPAD /* Terminate call stack by noting ra == 0. Happily, s0 == 0 here. */ cfi_register (ra, s0) /* Call the function passed to makecontext. */ +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + mv t2, s1 + jalr t2 +#else jalr s1 +#endif /* Invoke subsequent context if present, else exit(0). */ mv a0, s2 diff --git a/sysdeps/unix/sysv/linux/riscv/swapcontext.S b/sysdeps/unix/sysv/linux/riscv/swapcontext.S index bf5754c8b5..cb76eca9b1 100644 --- a/sysdeps/unix/sysv/linux/riscv/swapcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/swapcontext.S @@ -17,10 +17,12 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int swapcontext (ucontext_t *oucp, const ucontext_t *ucp) */ LEAF (__swapcontext) + LPAD mv t0, a1 /* Save ucp into t0. */ SAVE_INT_REG (ra, 0, a0) @@ -59,6 +61,25 @@ LEAF (__swapcontext) sw a1, MCONTEXT_FSR(a0) #endif /* __riscv_float_abi_soft */ +#ifdef __riscv_shadow_stack + /* Skip if shadow stack is not enabled */ + ssrdp ra + beqz ra, .Lfin + + /* Read ssp_base from TLS */ + ld t2, SSP_BASE_OFFSET(tp) + bnez t2, .Lbase_saved + + /* if not found, use current ssp as the marker */ + mv t2, ra + sd t2, SSP_BASE_OFFSET(tp) + +.Lbase_saved: + /* Save caller's ssp and base marker to oucp */ + REG_S t2, UCONTEXT_SSP_BASE(a0) + REG_S ra, UCONTEXT_SSP(a0) +#endif + /* rt_sigprocmask (SIG_SETMASK, &ucp->uc_sigmask, &oucp->uc_sigmask, _NSIG8) */ li a3, _NSIG8 add a2, a0, UCONTEXT_SIGMASK @@ -70,6 +91,52 @@ LEAF (__swapcontext) bltz a0, 99f +#ifdef __riscv_shadow_stack + /* Load ss information from ucp */ + REG_L a0, UCONTEXT_SSP_BASE(t0) + REG_L a1, UCONTEXT_SSP(t0) + REG_L a2, SSP_BASE_OFFSET(tp) + bne a0, a2, .Ldifferent_stack + +.Lunwind: + bleu a1, ra, .Lfin + /* increase ssp by at most a page size to ensure always run into + a guard page before accidentally point to another legal shadow + stack page */ + /* ra = (a1 - ra >= 4096) ? ra + 4096 : a1 */ + lui t2, 1 + add ra, ra, t2 + bleu ra, a1, 1f + mv ra, a1 +1: + csrw ssp, ra + /* Test if the location pointed by ssp is legal */ + sspush ra + sspopchk ra + j .Lunwind + +.Ldifferent_stack: + /* Create restore token */ + sspush ra + mv a4, a1 + +.Lfind_rstor_token: + /* Probe and validate target restore token */ + ssamoswap.d a3, x0, (a4) + addi a2, a4, 8 + beq a3, a2, .Lswitch_stack + /* Restore the shadow stack and try the next slot */ + ssamoswap.d x0, a3, (a4) + addi a4, a4, -8 + j .Lfind_rstor_token + +.Lswitch_stack: + /* Switch stack: update ssp and base */ + csrw ssp, a1 + REG_S a0, SSP_BASE_OFFSET(tp) +.Lfin: +#endif + #ifndef __riscv_float_abi_soft lw t1, MCONTEXT_FSR(t0) @@ -91,7 +158,11 @@ LEAF (__swapcontext) /* Note the contents of argument registers will be random unless makecontext() has been called. */ +#ifdef __riscv_landing_pad + RESTORE_INT_REG (t2, 0, t0) +#else RESTORE_INT_REG (t1, 0, t0) +#endif RESTORE_INT_REG (ra, 1, t0) RESTORE_INT_REG (sp, 2, t0) RESTORE_INT_REG (s0, 8, t0) @@ -115,8 +186,12 @@ LEAF (__swapcontext) RESTORE_INT_REG (s10, 26, t0) RESTORE_INT_REG (s11, 27, t0) +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + jr t2 +#else jr t1 - +#endif 99: tail __syscall_error