From patchwork Mon Oct 27 04:26:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122659 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2E75E3858C25 for ; Mon, 27 Oct 2025 04:30:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2E75E3858C25 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=AUtphDiQ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id 4AEA73858D29 for ; Mon, 27 Oct 2025 04:26:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4AEA73858D29 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4AEA73858D29 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1031 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539210; cv=none; b=H1XOv/+cobYsReDRX8ud4b8yFj9eB2559dbIyWd5I6tyuMu+tbiEmX4mKYRjLrw5WMxeLMk0+g/mINN38Rc1uxfuUVk6HZDYlbW8vlOmfoyPHrLsTr//I37XhxxgIImMPbxEX2NdOHpd7R9sA1HTgHTdzJApE89424k1sGy+xBw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539210; c=relaxed/simple; bh=AzMpxCdVdRx99adNgp6X0Gukjwb7fcs5+a4UYCHOO6I=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=mptySd+CqERT+xdpK/X6MFwdaajQf9Gr3m3vRlJ/6XD/mHX64TOHNfxxkFYUqUOMOPgPqGG2B9ur19ZYJirhYCaNWnkh1Yz/9E4Un/7U+OAqeqDuozD6iiPyh9xm7at6xXv4BUYmRSU/GdAfFzAeSGVBx7wRKm89qhOAlc2zd/Q= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4AEA73858D29 Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-33b9dc8d517so4079091a91.0 for ; Sun, 26 Oct 2025 21:26:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539209; x=1762144009; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TYIqkSvL6dMejsPs1syz/elcm5s9TMaQpYdIkm4RbH8=; b=AUtphDiQIf6wSlNmDWkByJKPxg2e8ZI1AdkzeKWprmI7riuaaOd1Q6lqldvfl+mdTf H00+umeTzxXYHGJ0Nnhc34bXRek8mMNsz6M/tYkXLr679LSXqcD0q7LiH/pE47Z6Fv4S iaTmdkg0joPg+AN66gSwhhTPbA4VJAPoe4tdbswrLR/z7DesECacYXovnvSuHk51oenT mfmC4zKrioCBtKIAnyGD1J8+bVwS5H2xq1TauvS+zQ8wUOW+cYIPhyX2ziJMku2+t9WP RMme4l68ycSnIyN5tt3OYuxXttEx8b/UXWPB/1PN2f5SarrI/TFjiYHq1KiQZQisQgoQ /p5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539209; x=1762144009; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TYIqkSvL6dMejsPs1syz/elcm5s9TMaQpYdIkm4RbH8=; b=K/CKppsGGz1tDF2QfRImpLx4IBpM2l6QIKA3ygUnx9OIvg90hKir5lln8x8U2+3vob KIgkIE5ftD52W4IMnjEYOttQPs09VOK73A3DqMWgyr+fgLqhbWK0sne4bzxmaM3/0QmN 95EKeonw0QdcbU2jgPuzjk0KdyyDzcTEBuCeYwgZm6OCSZ0++QknhlbNfaMYyWxwJ7Ea gx4ZVOdsJ4XUpWop0g9bQmf9oC7vaUq2cwFfqRI0quk48yrZBgwhgUrp7iNoW29/6lNF g1tls1r1HPVZ6KXQjFzbrJ8Zk8OLX3rVanvcknCq9L/owiS4m2cKFOHhwqoSKCSYdF7I j0fg== X-Gm-Message-State: AOJu0YzLEVMNS9Xzy1cXqB+xS3fdPhGF8OCa6CUf2PHNBrYf5kXTFD4/ 20xnrazAQTZUka/bZsTeFO3lYF/laYi7pFs+Muy4xLTLrHsV12i3KoGL+/rXy7Q7XxV5ZqpL3Bt rLVBJgNlXkjqAlS5r8aiMPCgtGYJoSw3E/tAW1Tj0kw/+pINx4pOwNbWdk4m8Y87qCyV994MWg0 5G+wDzYlQ/TKzK+pAgawBLdnJPjMkiDbQ87Hzd20GKH1xyC9ySv8s= X-Gm-Gg: ASbGncsiuMAg8starzsGUZJS2rfE/a4GSowmqokp1ZKoDuF/iWd22cXrEBrnpKzM/k2 zFDJIExh6c7/Bfr5+zbyOtrtiMC9PTjQfT4Rpuv0fhf86OApxL+re5GaS3Df6FOLDeul5INF5pz vBte7g0hIIiQJ0qA4YbEfL98YxE6YvoYMUmEHHXLNVicJdTDS5DpkgxWQPtW+j/zdP89CyQQv9r /rQ1K1unbJxSfm71FWuQcUDr6Z/3hJVy1Vnv6Sh1xK6Nr+mSx6r4PYN6+H8uKrK0+djE8zDorLd EKbY7JfqThNWoh1rOuey4Zxcm5UXe3KibJuA+cwI4Q4xMqNPJzk/UOodHifGgBpI1fPhjNCno/X Dfkzw23obDjDymgM28zbtH8ST5iwXiODn4/mV/5ZRc/5FD2UiTYQT126o2U7qnGJV7HABjVol3P LCo+cObCKBXK+SipxzX4ltHNs55hYViSlqKKGcmwExf6jnAk8jqP1alvN6uj9wvNtAAVEVpdDJH VeiDFM2LL7UzvFn6YN4 X-Google-Smtp-Source: AGHT+IEdpETuCSwMacwEvX1OZcE3cU+xeaITagmulahYJW47aRFO0KKhqAntSPdC681JxhUacnNC0w== X-Received: by 2002:a17:90b:5386:b0:33b:b308:7655 with SMTP id 98e67ed59e1d1-33bcf861fc3mr47576056a91.8.1761539208671; Sun, 26 Oct 2025 21:26:48 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:47 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 01/16] riscv: Add --enable-cfi option for controlling cfi features Date: Sun, 26 Oct 2025 21:26:19 -0700 Message-Id: <20251027042634.2665717-2-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- INSTALL | 13 +++++++++++++ NEWS | 3 +++ configure | 12 ++++++++++++ configure.ac | 6 ++++++ manual/install.texi | 12 ++++++++++++ 5 files changed, 46 insertions(+) diff --git a/INSTALL b/INSTALL index d3200f271f..476861b521 100644 --- a/INSTALL +++ b/INSTALL @@ -155,6 +155,19 @@ passed to 'configure'. For example: NOTE: '--enable-cet' is only supported on x86_64 and x32. +'--enable-cfi' + Enable RISC-V Control Flow Integrity Extensions (Zicfilp/Zicfiss) + support. When the GNU C Library is built with '--enable-cfi', the + resulting library is protected with landing pad and shadow stack. + This feature is currently supported on RV64 with GCC 15 and + binutils 2.45 or later. With '--enable-cfi', it is an error to + dlopen a non CFI enabled shared library in CFI enabled application. + The restriction can be loosen by setting to permissive mode with + the use of the glibc tunables, see glibc tunables section for more + information. + + NOTE: '--enable-cfi' is only supported on RV64. + '--enable-memory-tagging' Enable memory tagging support if the architecture supports it. When the GNU C Library is built with this option then the resulting diff --git a/NEWS b/NEWS index 521fbd5e07..02a39b05e4 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,9 @@ Major new features: * The ISO C2Y family of unsigned abs functions, i.e. uabs, ulabs, ullabs and uimaxabs, are now supported. +* Added --enable-cfi option to enable the RISC-V CFI extensions + (Zicfilp/Zicfiss) support on RV64 Linux. + Deprecated and removed features, and other changes affecting compatibility: * The glibc.rtld.execstack now supports a compatibility mode to allow diff --git a/configure b/configure index 7cda641fce..5a996c8f25 100755 --- a/configure +++ b/configure @@ -818,6 +818,7 @@ enable_nscd enable_pt_chown enable_mathvec enable_cet +enable_cfi enable_scv enable_fortify_source with_cpu @@ -1499,6 +1500,7 @@ Optional Features: depends on architecture] --enable-cet enable Intel Control-flow Enforcement Technology (CET), x86 only + --enable-cfi enable Control Flow Integrity (CFI), RISC-V only --disable-scv syscalls will not use scv instruction, even if the kernel supports it, powerpc only --enable-fortify-source[=1|2|3] @@ -4853,6 +4855,16 @@ esac fi +# Check whether --enable-cfi was given. +if test ${enable_cfi+y} +then : + enableval=$enable_cfi; enable_cfi=$enableval +else case e in #( + e) enable_cfi=no ;; +esac +fi + + # Check whether --enable-scv was given. if test ${enable_scv+y} then : diff --git a/configure.ac b/configure.ac index 0b0d8875cc..9bda3d1520 100644 --- a/configure.ac +++ b/configure.ac @@ -421,6 +421,12 @@ AC_ARG_ENABLE([cet], [enable_cet=$enableval], [enable_cet=$libc_cv_compiler_default_cet]) +AC_ARG_ENABLE([cfi], + AS_HELP_STRING([--enable-cfi], + [enable Control Flow Integrity (CFI), RISC-V only]), + [enable_cfi=$enableval], + [enable_cfi=no]) + AC_ARG_ENABLE([scv], AS_HELP_STRING([--disable-scv], [syscalls will not use scv instruction, even if the kernel supports it, powerpc only]), diff --git a/manual/install.texi b/manual/install.texi index 7fcdda9146..d3e7153365 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -185,6 +185,18 @@ non CET enabled shared library in CET enabled application. NOTE: @option{--enable-cet} is only supported on x86_64 and x32. +@item --enable-cfi +Enable RISC-V Control Flow Integrity Extensions (Zicfilp/Zicfiss) support. +When @theglibc{} is built with @option{--enable-cfi}, the resulting +library is protected with landing pad and shadow stack@. +This feature is currently supported on RV64 with GCC 15 and binutils 2.45 +or later. With @option{--enable-cfi}, it is an error to dlopen a non CFI +enabled shared library in CFI enabled application. The restriction can be +loosen by setting to permissive mode with the use of the glibc tunables, +see glibc tunables section for more information. + +NOTE: @option{--enable-cfi} is only supported on RV64. + @item --enable-memory-tagging Enable memory tagging support if the architecture supports it. When @theglibc{} is built with this option then the resulting library will From patchwork Mon Oct 27 04:26:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122663 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A73633858C54 for ; Mon, 27 Oct 2025 04:34:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A73633858C54 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=EKmZeil+ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by sourceware.org (Postfix) with ESMTPS id 131813858D2A for ; Mon, 27 Oct 2025 04:26:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 131813858D2A Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 131813858D2A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::632 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539212; cv=none; b=nf+Am+/EMP28JXZngEhcUcs0QnAQ9PhgMTKSgKLXjeya93IpFEI0Oa+OOCNQiKzjf/OEufpvK2xAnSdXRl1PkkHaY+y3YUskKQTrgKZWNtbkCDo4k9a0P760WolSgrezwgzlovCToo15D8dZaCQtOUnc9yOqjMcNVHLC0j6eB5M= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539212; c=relaxed/simple; bh=UA035UjhoMHM71/qlYY5LxkgPr6HLqdsnOHB3HvKTDw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=qLSZwtL2nxib/RaqSTHhqpIGxsBlMsTdDtnVnpJfJP0mLJMfNwj2pPFZ0Nu/z6hqe39kKlP8fbQ8ab3Hg9G/J8zFy4gnHlT0LEgqXhNGCr8ueLamac7U4XxTYoLUKCCiHhtvAImwGWd0P2zDup1sZj46xPlujvnmxWI4hVuL6lc= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 131813858D2A Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-26d0fbe238bso29735715ad.3 for ; Sun, 26 Oct 2025 21:26:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539210; x=1762144010; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5I6cbD39cWPMq9YdX/rJJeTigJPqjk3ke/H26qzNAZ0=; b=EKmZeil+tAOn8BxljRfAOxIgtZlLbU0rWzDrQqpgV03OXnpyUxVPg8d9meyjX8FJOU fT2QAVsE7nn1Yhyjk9osjie8xhlkPeoRxB/QlsgCufP4Wv8jbxtOp23trLyPOAYKGmji dF1Ey0CZxr4b9wR77pzeqYNBdFuB35qKZDk5nlBh4IFWYDa4yOObh2Q9qr2D1LwBG/aV OmTmCqosTuQ60mNkJKFA7BaURvV48SfTt4QPSJ7nyxxNnDrMIidu8n0enF26CI6wX+hB lPgK8jugkwZTN6Q59zVznih9n4tZOk5loeN7Ok5ODPOgY4DmttGo6o24ZJPoHCcZS8xp wLFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539210; x=1762144010; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5I6cbD39cWPMq9YdX/rJJeTigJPqjk3ke/H26qzNAZ0=; b=mlbOvCSAqT6AZPpMy404Nse7tWgXE3mq+ftvcFjWIOsPFRY8M4v3REHh3Ex9EbSq6R Km3cW60RPGbrjZ2BCHjBkIo+SU/KLy0tCkXbAj83hk6fYYyqbCeG9x5XMiJad8Jpl3T+ FBEz8ydElZa6V/1BrgPqgIro62jMosK3sOONmGHzCs61coy4zriig5Q3ftEJfDCgKcFQ 0qO1LM/B7tvWARtGVNyvQrBfanZsa4bJfyn2oShz8/tbbyGQGS2ajd6qxVCA+qk0JLJg bcnF/UbOQMHLwPikOz8sLnr5atca6YlddssxfXP1S2A+E4qWtp3aINdUMNKdgn2/DBDZ LXiQ== X-Gm-Message-State: AOJu0Yy+YNFTvvt3V1GiUrQKRQx2LsCwn4V3jTYNcRf7hy0QMAiaMqws RW6LEUOXUa/E1rTFBJeCJ8MToDyFrgakksp53gj/Qes7QRwn3x+d93qzpkMmJEoI6rQWb58P2n6 lK8lsl64ct5QFZz0b0zsBHdMfIge3P9YkZDaBMwHfyu5/ZQUZH8D45bKDgdm/ZBZL6d9Qsr9QCC kuZZzDKhjzV1HF7wXWGDufj/m8nqemke/pFWiyanWUoFks81ZPgKM= X-Gm-Gg: ASbGnctnCw++WnNT/1xalkOOukBKrWlZinetc8JvQwIiJNjv0KdlH4TRCODrTk1mlj0 xVrL1FVyXYpKJjd1UNRs2VAtTFol00VghfxBfBfubl5xKZPJB8Roa6HBMWXDb59UAnCnLtwO/Gb muHnQXtsJR7QmCw6zwJ4Moon2HXl6qVdTmSpH+DjkaRmsTJKJ6u6cgbTpoqAaUruyN1A85QJPbr 4alnpjCTMjTlTwdswqRGQtHyxzASMVklshzxBYvI1pncPizPiTzW/CplYcxIOvhRAhOKkWfsWgs KPtpRO0BVzMLuNpEtAQ8iVkoLOPUAisehtMzI8tL97xW7XLIcOGrDktdsK7T8E8SlStvLo2mKYD QO+2fTgwGqbJX37Uq8SBECe/VNxBPEvkfdSLPp3pkQNkFH64c0PxP79uLMhDXMF0bmXLwh26YSQ m6wozXtY/vMFXrkcM6IVGe+E0x53z7a/tD6TnwtEJsj/B5A5PBtyjQxbOGm7o7dRzBdJoFVeKDd /MYqsf/S7tuveZe7wx2cCokFR6NuG9d9puBtCyh7Q== X-Google-Smtp-Source: AGHT+IF54/KHD7arp0cePw6ABjgL20f2avjgRQA1qonRVhiQWg+/wEBOqNgTOgrnkDEOqTNHTtFbFg== X-Received: by 2002:a17:903:2f82:b0:24b:1625:5fa5 with SMTP id d9443c01a7336-2948b957615mr113895175ad.11.1761539210120; Sun, 26 Oct 2025 21:26:50 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:49 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Hau Hsu Subject: [PATCH v3 02/16] riscv/cfi: Setup necessary options for enable-cfi option Date: Sun, 26 Oct 2025 21:26:20 -0700 Message-Id: <20251027042634.2665717-3-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Co-authored-by: Hau Hsu --- sysdeps/riscv/Makefile | 9 +++++++++ sysdeps/riscv/preconfigure | 2 ++ sysdeps/riscv/preconfigure.ac | 1 + 3 files changed, 12 insertions(+) diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index c08753ae8a..99976fddad 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -15,3 +15,12 @@ ASFLAGS-.os += -Wa,-mno-relax ASFLAGS-.o += -Wa,-mno-relax sysdep-CFLAGS += -mno-relax endif + +# Enable RISC-V CFI +ifeq (yes,$(riscv-enable-cfi)) +CFLAGS-.o += -fcf-protection=full +CFLAGS-.os += -fcf-protection=full +CFLAGS-.op += -fcf-protection=full +CFLAGS-.oS += -fcf-protection=full +asm-CPPFLAGS += -fcf-protection=full -include sysdep.h +endif diff --git a/sysdeps/riscv/preconfigure b/sysdeps/riscv/preconfigure index a5de5ccb7d..439b526452 100644 --- a/sysdeps/riscv/preconfigure +++ b/sysdeps/riscv/preconfigure @@ -62,6 +62,8 @@ riscv*) printf "%s\n" "#define RISCV_ABI_FLEN $abi_flen" >>confdefs.h + config_vars="$config_vars +riscv-enable-cfi = $enable_cfi" ;; esac diff --git a/sysdeps/riscv/preconfigure.ac b/sysdeps/riscv/preconfigure.ac index a5c30e0dbf..fb75ae427a 100644 --- a/sysdeps/riscv/preconfigure.ac +++ b/sysdeps/riscv/preconfigure.ac @@ -60,5 +60,6 @@ riscv*) AC_DEFINE_UNQUOTED([RISCV_ABI_XLEN], [$xlen]) AC_DEFINE_UNQUOTED([RISCV_ABI_FLEN], [$abi_flen]) + LIBC_CONFIG_VAR([riscv-enable-cfi], [$enable_cfi]) ;; esac From patchwork Mon Oct 27 04:26:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122666 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 019E438582AB for ; Mon, 27 Oct 2025 04:35:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 019E438582AB Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=JZQez9MO X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by sourceware.org (Postfix) with ESMTPS id F37253858D37 for ; Mon, 27 Oct 2025 04:26:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F37253858D37 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F37253858D37 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539213; cv=none; b=Kq99UVmkLpDpoNT6M4QGr4XF2A2wuM72JUyYDBQ0KPt+G5t6ds3PYOE0iRNKZ9OPeSFCupr9/uhZxTpJdwQ/Av+huf6/HjuVCt8GyPxQhq4/FFZBIVxFdenzdBihMyZgInIobfRLoBd/EpSHN7IuddRpyidRwUm4WR9ET/rjVSQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539213; c=relaxed/simple; bh=Aka2c57LnopQnN8zpZ1tI6qTYepXUurKTxqE6jZrJNo=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=FDXEWmlLO0PmC7jFCLy+iNcb3GN/4oiHemBuJ55/Ds+yHX8aXDhd6xODa2zz+dhL7RguKIpRtHaQo14VYou6ePG90SSZc1qZOAtgue1ZCeveet/ZLqP3KUKyhmQi0lV6CAX6gpUo4o2e4+vvSgBrZI4ucgz1hrLm2d/tZZGPf8c= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F37253858D37 Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-33e27a3b153so4062895a91.3 for ; Sun, 26 Oct 2025 21:26:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539211; x=1762144011; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bUkm3kwz42us4ZOrKjp539716DR8GccXTVBm7hcxt+I=; b=JZQez9MOlheSDDcAutRiG3pCzXTRG+rRf2Ej1lOoMbi7W4kvB2JF279JRuyj1pKWTq 30WpcjJU6dsPAYzKjCwmDpaNUL1NuJ3mCAnhJMDZcqDUupouNtlcqUc51l7THUpj1dYM vTLl/ER8RppMS3skwbowHlz7mpQFg/6g6PfFnEeOoA5lFM6LTc9MiFqrT26xElRhDZFg ELB1Wp2AEUt98L4SxDIQADsZITg0rXRuLEzVGJJ+f+3hWCJ4Mdepi+/tKVJFu4kTb3yJ dSY1jW2ho41MnCzX3OrN1WtfnSCsJXfNaJoNiLz7kByvBaBQcdGkWaPpxlQfm/E4T6GG iKBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539211; x=1762144011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bUkm3kwz42us4ZOrKjp539716DR8GccXTVBm7hcxt+I=; b=q/jpxiYsx3aw/wNpHYg4kO/TCnyUrvETsbYF7vLQAUdaIxlQc0t1MXS3UBeg1WEeBm 6ahPCLIePFXwLyAXWl6NFP3/HZ11wSUlIdn3QIzny43ZHtcFYFytLA2DMSpgkucZr2hd Y9i6eZGiytAnUbKnYncdHviz2AFc0Shmho+e3xD42f0bmQ716t6FjjqoUAkzGrTNR1Yy gbn2jGEHvnasEX+r8XnU27Kie1jJvCtMVR50ir7U51dWnt6rJURX3zMqFJTvZfFfXALa 9D5KMsaKRCSndjrxJDw4sBSbgwBkMzVyqejBT186PsjPUVedzwrhX/gvYSESvVsi5Lv6 y2vg== X-Gm-Message-State: AOJu0YxUH5iZZzpm8ralXadMbdhknkYLhHfEHCXI2Y/4yAzfacph9uje 30oWzZEqH3FFak6d9KnrX/qsf8vz9Kg7HtYlw4FbeO333tWaekbViVIAA+Iks3NRH6QUFInidKN dbyLxgmJWtysensJ1pCzq905REFKrBFDSeeXvt5fEoyMFnpJingRcV8nWgBnf/SdYvS9z/DoCZx 7BPwg2h5JqSMn9kCQg3oV470lLJcsKRkzpYR9/TibXQ/KE0cpcoWE= X-Gm-Gg: ASbGncsONCtQ07l6defDL5AOiODNxqY/75cAvtgvx1bbcSumqPkv90NFKakQy2J3bUN ihPuOSevDC3mEu7anY2cItFWkwOE2rOYtJm3lv0YF43T1qAZ9cAr0eBSgizsXUUBg2s0JxQ8pXV SlCqjgmMdZtR5/2Qo1GuHBBKk/Ww2azq9PyMC497hNzZUpfhFJXtnjUW10tCo7zU44xlhGdPVIm 6bj/xkd2QjznGMBHUE+k507kggfRxcCAdCrFn3VmxYKpmsnYE+wO4lGZHOlPxC6VdlrmRGXJxsG +sJ3QNMErEWha69/EAHCMVrIsJdtobvHBxENImvzGyHYhTNQomNS3XKKYivwJ7KBiVyqgIZ4LDt lNUpgoIsdQbeuZn0T5jZ9XCFLvKj7EPJ4HPzeLKQFe6bcRoEsTyh6Kw++WutERPt4QuBCkrK5kz KS6yxsZXlSQMysdx2lE0Kzwo85mym7CMEkY0wFzfufe/7q8zQSKQUvsqzZoDH/KLcSWrRTznajU nClZN/SFODjb5YiPoFK X-Google-Smtp-Source: AGHT+IF96Od6q+5IZ/p/WWwdkRGPfc9Wp7dLi71hyd7rrdDYdDxq0gBsSwN6808Fp2mBC27iU9j6wA== X-Received: by 2002:a17:90b:3d8f:b0:33b:bed8:891e with SMTP id 98e67ed59e1d1-33fafc1cdf1mr18549817a91.19.1761539211193; Sun, 26 Oct 2025 21:26:51 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:50 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 03/16] riscv: Add GNU property definitions for RISC-V CFI Date: Sun, 26 Oct 2025 21:26:21 -0700 Message-Id: <20251027042634.2665717-4-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Add GNU properties used by RISC-V CFI extensions (zicfilp/zicfiss) --- elf/elf.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/elf/elf.h b/elf/elf.h index 1e1a59c14d..575c14f022 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1426,6 +1426,11 @@ typedef struct SHSTK. */ #define GNU_PROPERTY_X86_FEATURE_1_SHSTK (1U << 1) +/* RISC-V specific GNU PROPERTY. */ +#define GNU_PROPERTY_RISCV_FEATURE_1_AND 0xc0000000 +#define GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED (1u << 0) +#define GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS (1u << 1) + /* Move records. */ typedef struct { From patchwork Mon Oct 27 04:26:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122660 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 278B63858D37 for ; Mon, 27 Oct 2025 04:30:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 278B63858D37 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=Df9toBMb X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id CD8FF3858C42 for ; Mon, 27 Oct 2025 04:26:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CD8FF3858C42 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org CD8FF3858C42 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1031 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539214; cv=none; b=sZdKRK4iahMSzaMmeqcjmvbKPWrMbl7qb09Wn9f9268/wsJWJdUxLgcxosak0/QK3iRH40YpApq78oScYqgJ0ryOTUlrbcr8+VOp172Uql2EdXTu3b90n/jYxG9qshgNklx/S9BwvlNH9WHr22T1vm2vWZ+qq3uUCrvjTFa2wNs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539214; c=relaxed/simple; bh=jFgl22qsawMBW+7Z7T3DLVZIVNFZhXnQFGDr3HoT400=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=HPG/mKd9dQB3YCic9SsXNm+cBQJhUnFG7mkbTenvCZjUZW/uwBl1+9ruc78rSycxv+N0UpSSJX9+uQIr3O8nGvFCQmUwvNL7tmm6jgusimbTByIMFXre3onBCc5oEOqpVm3kSFANqctRiZsxzYqHYGs7j6WDo1BC4pZUcwPaBpI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CD8FF3858C42 Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-3401314d845so622747a91.1 for ; Sun, 26 Oct 2025 21:26:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539212; x=1762144012; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pRU38b4t8mxWML6LctMDZ1d5+u297ofA+DChm0WaO28=; b=Df9toBMbKLssDcnWyy24slXMEa0jmXYImZIrC+d6dvoGrsvR+4zHdB61aOLFresaq3 62aybRjSzhA9Ujf++/SYV/shNQIW4Hbd+QQoSNp8pQDMdktAsTQ/G9qyLwGAVQElyRFI XmL6UaoAD5kHN4KMLTNrQ60i6VEgZm9pp+DgwGypOUbD2RXswjZHHaM7TRoVnyvOKeYC pS4N7EOWZj06DV81txnw+KwF/yMarJS7bukbBdhkau8tw9V5RL1rLwRU77qiN3aQMtDy 8oJ7jZtMCfhusUnoUVrgEnqw9ctolkE8xLIXrHJTL3ls4INms3q0DcUatzZy6buiGS2P XH7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539212; x=1762144012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pRU38b4t8mxWML6LctMDZ1d5+u297ofA+DChm0WaO28=; b=Egx9aRWcJ0NYNMfimudwjmpp1CNOiPjomAqHb2atD1FlF3h5S5JobpnEjhqy9iCL6N Gj/ny5288gC1AdDL2925es1KpajDiwhmHemSw7cKvTLK9ezj0XQz+J6x52a9Kc8+H/5s LbCSxfY3hvmN2D5oKi88YLP1xWO+dlZJJrl+ZHmcEWvZ5TQZ5Ybc/hDQY13OiS+avxqU MhvBiOAOBB4G+vJ5h81WM7j6UNrBVf/iZY/2k7HcJuBiJA0jC7qlYALHwQWvwprAV/pj rgczMsJ0Enl4uaAGz9SgTiBkRslkzn/1/VeHWxhS0EvuYNa9fKGoBoZTRi2TY2yRHn2a Mh3w== X-Gm-Message-State: AOJu0YxuQwv3RGZRzfQBmYPy9tprpvB9RgzRDQV+ipHnQUtiO2r+35pf inLdGZCGb7iuHxRRwyxmQJ1xGyIEHrhbavbL9qr7o1FB7nZ1BH71G6FgvoZgoNiWRtyB2dxES2g +o+ScQEy+DBgmUwWoN2aMqWMgaXoXgqWjICXkbLfNr8MZbLLUwGqQG4i8t8A41ca1yW/VViY69n tL/c7rxp6hEnuLpQBsmN6eIr+2ENzN6Df7/Ch7psbO7jnDaTMzuno= X-Gm-Gg: ASbGncsN+U/iovb5Kr9HTzKFWQ5VvxIj05dMuHp2k3QvbSxEPdZVEzaMPcYwR4m5Dq5 xSUL184zJmYGHu45OaVPwWZfYnyLx6izo9ohz51U058mLFabV3VZnnQXhrEAPzJdLDGTm4UlrXO y1re//Ma068mSTNhyzhPLSkwb1ZPJoq/05pSH3lrlDKY7wuGZesQbr/KazfyR66euBYRQ6p7gqW fUTBCEDa+cwUArXp9g/ideJs9K91dcHK/s4vzuVCooF6ny5xAEPK+pGeh8n5GUB5V9c07zNCoJB 5mES1DuH7lkR1Ttwz3eaSCXWILew5dBfwV72/2dT/E8sfD3PTCEfheNpP5ghWOQwWLNS3hlZcX+ +vD8gExgDj3CDXIcBQ5r4pLxpCegM+Fr1Ho2jHAr4hmDsZE59ZTLZCSB5g+Zt42PdmoctDJJbkl E24W4LBpvB/t1HGk8xsJeOL0LG06bn9ZZ4d7Y5bA6W3F5chVc2R9w9sNZV/R1AN+0W3qictvaXt j5ARahSlORmrRRS0AxUX/SmIHC8Uvg= X-Google-Smtp-Source: AGHT+IHdqlNhEz3ceaQJZjT5WQAkFXJ6BdhzZg21RWaIT5ciPPjNUmKXK1MwzD1HlW7RS16H8o4yeA== X-Received: by 2002:a17:90b:5386:b0:32e:749d:fcb6 with SMTP id 98e67ed59e1d1-33bcf86b5c6mr51861516a91.12.1761539212181; Sun, 26 Oct 2025 21:26:52 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:51 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Hau Hsu Subject: [PATCH v3 04/16] riscv: Adjust assembly routines to support landing pad Date: Sun, 26 Oct 2025 21:26:22 -0700 Message-Id: <20251027042634.2665717-5-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, PROLO_LEO3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Landing pads, instructions for setting the label value as well as alignment directives are inserted at where they should be. Frame offsets for floating point registers in _dl_runtime_resolve are also adjusted because now t2 has to be saved onto the stack. Co-authored-by: Hau Hsu Co-authored-by: Kito Cheng --- sysdeps/riscv/__longjmp.S | 1 + sysdeps/riscv/crti.S | 4 ++ sysdeps/riscv/crtn.S | 4 ++ sysdeps/riscv/dl-machine.h | 8 +++ sysdeps/riscv/dl-trampoline.S | 61 +++++++++++------ sysdeps/riscv/multiarch/memcpy_noalignment.S | 4 ++ sysdeps/riscv/setjmp.S | 3 + sysdeps/riscv/start.S | 10 +++ sysdeps/unix/sysv/linux/riscv/clone.S | 2 + sysdeps/unix/sysv/linux/riscv/sysdep.S | 1 + sysdeps/unix/sysv/linux/riscv/sysdep.h | 71 ++++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/vfork.S | 1 + 12 files changed, 150 insertions(+), 20 deletions(-) create mode 100644 sysdeps/riscv/crti.S create mode 100644 sysdeps/riscv/crtn.S diff --git a/sysdeps/riscv/__longjmp.S b/sysdeps/riscv/__longjmp.S index 7228b457a6..47ff3aa09e 100644 --- a/sysdeps/riscv/__longjmp.S +++ b/sysdeps/riscv/__longjmp.S @@ -20,6 +20,7 @@ #include ENTRY (__longjmp) + LPAD REG_L ra, 0*SZREG(a0) REG_L s0, 1*SZREG(a0) REG_L s1, 2*SZREG(a0) diff --git a/sysdeps/riscv/crti.S b/sysdeps/riscv/crti.S new file mode 100644 index 0000000000..fb1097c5ca --- /dev/null +++ b/sysdeps/riscv/crti.S @@ -0,0 +1,4 @@ +/* crti.S is empty because .init_array/.fini_array are used exclusively. + Include sysdep.h to define gnu property if necessary. */ + +#include diff --git a/sysdeps/riscv/crtn.S b/sysdeps/riscv/crtn.S new file mode 100644 index 0000000000..b2e7cb692e --- /dev/null +++ b/sysdeps/riscv/crtn.S @@ -0,0 +1,4 @@ +/* crtn.S is empty because .init_array/.fini_array are used exclusively. + Include sysdep.h to define gnu property if necessary. */ + +#include diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index dcc3e0883b..76f43a242b 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -28,6 +28,13 @@ #include #include #include +/* This is a marker to remind us to add real expansion to setup the label + for the function signature label scheme in the future */ +#ifdef __riscv_landing_pad_unlabeled +# define SET_LPAD +#else +# define SET_LPAD +#endif #ifndef _RTLD_PROLOGUE # define _RTLD_PROLOGUE(entry) \ @@ -126,6 +133,7 @@ elf_machine_dynamic (void) # Pass our finalizer function to _start.\n\ lla a0, _dl_fini\n\ # Jump to the user entry point.\n\ + " STRINGXV (SET_LPAD) "\n\ jr s0\n\ " _RTLD_EPILOGUE (ENTRY_POINT) \ _RTLD_EPILOGUE (_dl_start_user) "\ diff --git a/sysdeps/riscv/dl-trampoline.S b/sysdeps/riscv/dl-trampoline.S index 93d04af326..2b25f64a3b 100644 --- a/sysdeps/riscv/dl-trampoline.S +++ b/sysdeps/riscv/dl-trampoline.S @@ -25,13 +25,27 @@ /* Assembler veneer called from the PLT header code for lazy loading. The PLT header passes its own args in t0-t2. */ -#ifdef __riscv_float_abi_soft -# define FRAME_SIZE (-((-10 * SZREG) & ALMASK)) -#else -# define FRAME_SIZE (-((-10 * SZREG - 8 * SZFREG) & ALMASK)) +#ifdef __riscv_landing_pad + +# ifdef __riscv_float_abi_soft +# define FRAME_SIZE (-((-11 * SZREG) & ALMASK)) +# else +# define FRAME_SIZE (-((-11 * SZREG - 8 * SZFREG) & ALMASK)) +# define FREG_BASE_OFFSET (11*SZREG) +# endif + +# else + +# ifdef __riscv_float_abi_soft +# define FRAME_SIZE (-((-10 * SZREG) & ALMASK)) +# else +# define FRAME_SIZE (-((-10 * SZREG - 8 * SZFREG) & ALMASK)) +# define FREG_BASE_OFFSET (10*SZREG) +# endif #endif ENTRY (_dl_runtime_resolve) + LPAD # Save arguments to stack. addi sp, sp, -FRAME_SIZE REG_S ra, 9*SZREG(sp) @@ -43,16 +57,19 @@ ENTRY (_dl_runtime_resolve) REG_S a5, 6*SZREG(sp) REG_S a6, 7*SZREG(sp) REG_S a7, 8*SZREG(sp) +#ifdef __riscv_landing_pad + REG_S t2, 10*SZREG(sp) +#endif #ifndef __riscv_float_abi_soft - FREG_S fa0, (10*SZREG + 0*SZFREG)(sp) - FREG_S fa1, (10*SZREG + 1*SZFREG)(sp) - FREG_S fa2, (10*SZREG + 2*SZFREG)(sp) - FREG_S fa3, (10*SZREG + 3*SZFREG)(sp) - FREG_S fa4, (10*SZREG + 4*SZFREG)(sp) - FREG_S fa5, (10*SZREG + 5*SZFREG)(sp) - FREG_S fa6, (10*SZREG + 6*SZFREG)(sp) - FREG_S fa7, (10*SZREG + 7*SZFREG)(sp) + FREG_S fa0, (FREG_BASE_OFFSET + 0*SZFREG)(sp) + FREG_S fa1, (FREG_BASE_OFFSET + 1*SZFREG)(sp) + FREG_S fa2, (FREG_BASE_OFFSET + 2*SZFREG)(sp) + FREG_S fa3, (FREG_BASE_OFFSET + 3*SZFREG)(sp) + FREG_S fa4, (FREG_BASE_OFFSET + 4*SZFREG)(sp) + FREG_S fa5, (FREG_BASE_OFFSET + 5*SZFREG)(sp) + FREG_S fa6, (FREG_BASE_OFFSET + 6*SZFREG)(sp) + FREG_S fa7, (FREG_BASE_OFFSET + 7*SZFREG)(sp) #endif # Update .got.plt and obtain runtime address of callee. @@ -60,6 +77,7 @@ ENTRY (_dl_runtime_resolve) mv a0, t0 # link map add a1, a1, t1 # reloc offset (== thrice the .got.plt offset) la a2, _dl_fixup + SET_LPAD jalr a2 mv t1, a0 @@ -73,16 +91,19 @@ ENTRY (_dl_runtime_resolve) REG_L a5, 6*SZREG(sp) REG_L a6, 7*SZREG(sp) REG_L a7, 8*SZREG(sp) +#ifdef __riscv_landing_pad + REG_L t2, 10*SZREG(sp) +#endif #ifndef __riscv_float_abi_soft - FREG_L fa0, (10*SZREG + 0*SZFREG)(sp) - FREG_L fa1, (10*SZREG + 1*SZFREG)(sp) - FREG_L fa2, (10*SZREG + 2*SZFREG)(sp) - FREG_L fa3, (10*SZREG + 3*SZFREG)(sp) - FREG_L fa4, (10*SZREG + 4*SZFREG)(sp) - FREG_L fa5, (10*SZREG + 5*SZFREG)(sp) - FREG_L fa6, (10*SZREG + 6*SZFREG)(sp) - FREG_L fa7, (10*SZREG + 7*SZFREG)(sp) + FREG_L fa0, (FREG_BASE_OFFSET + 0*SZFREG)(sp) + FREG_L fa1, (FREG_BASE_OFFSET + 1*SZFREG)(sp) + FREG_L fa2, (FREG_BASE_OFFSET + 2*SZFREG)(sp) + FREG_L fa3, (FREG_BASE_OFFSET + 3*SZFREG)(sp) + FREG_L fa4, (FREG_BASE_OFFSET + 4*SZFREG)(sp) + FREG_L fa5, (FREG_BASE_OFFSET + 5*SZFREG)(sp) + FREG_L fa6, (FREG_BASE_OFFSET + 6*SZFREG)(sp) + FREG_L fa7, (FREG_BASE_OFFSET + 7*SZFREG)(sp) #endif addi sp, sp, FRAME_SIZE diff --git a/sysdeps/riscv/multiarch/memcpy_noalignment.S b/sysdeps/riscv/multiarch/memcpy_noalignment.S index dd135f4a4d..e97748e82b 100644 --- a/sysdeps/riscv/multiarch/memcpy_noalignment.S +++ b/sysdeps/riscv/multiarch/memcpy_noalignment.S @@ -34,7 +34,11 @@ #define BLOCK_SIZE (16 * SZREG) .attribute unaligned_access, 1 +#ifdef __riscv_landing_pad + .align 2 +#endif ENTRY (__memcpy_noalignment) + LPAD beq a2, zero, L(ret) /* if LEN < SZREG jump to tail handling. */ diff --git a/sysdeps/riscv/setjmp.S b/sysdeps/riscv/setjmp.S index 600ea84db6..df048cb544 100644 --- a/sysdeps/riscv/setjmp.S +++ b/sysdeps/riscv/setjmp.S @@ -20,14 +20,17 @@ #include ENTRY (_setjmp) + LPAD li a1, 0 j HIDDEN_JUMPTARGET (__sigsetjmp) END (_setjmp) ENTRY (setjmp) + LPAD li a1, 1 /* Fallthrough */ END (setjmp) ENTRY (__sigsetjmp) + LPAD REG_S ra, 0*SZREG(a0) REG_S s0, 1*SZREG(a0) REG_S s1, 2*SZREG(a0) diff --git a/sysdeps/riscv/start.S b/sysdeps/riscv/start.S index 2db79c0ae6..ff083b13a4 100644 --- a/sysdeps/riscv/start.S +++ b/sysdeps/riscv/start.S @@ -47,12 +47,14 @@ ENTRY (ENTRY_POINT) .cfi_label to force starting the FDE. */ .cfi_label .Ldummy cfi_undefined (ra) + LPAD call load_gp mv a5, a0 /* rtld_fini. */ /* main may be in a shared library. */ #if defined PIC && !defined SHARED /* Avoid relocation in static PIE since _start is called before it is relocated. */ + SET_LPAD lla a0, __wrap_main #else la a0, main @@ -69,7 +71,11 @@ ENTRY (ENTRY_POINT) END (ENTRY_POINT) #if defined PIC && !defined SHARED +#ifdef __riscv_landing_pad + .align 2 +#endif /* __riscv_landing_pad */ __wrap_main: + LPAD tail main@plt #endif @@ -79,9 +85,13 @@ __wrap_main: needs to be initialized before calling __libc_start_main in that case. So we redundantly initialize it at the beginning of _start. */ +#ifdef __riscv_landing_pad + .align 2 +#endif /* __riscv_landing_pad */ load_gp: .option push .option norelax + LPAD lla gp, __global_pointer$ .option pop ret diff --git a/sysdeps/unix/sysv/linux/riscv/clone.S b/sysdeps/unix/sysv/linux/riscv/clone.S index 1362dd9c22..d6a0996ec8 100644 --- a/sysdeps/unix/sysv/linux/riscv/clone.S +++ b/sysdeps/unix/sysv/linux/riscv/clone.S @@ -31,6 +31,7 @@ .text LEAF (__clone) + LPAD /* Align stack to a 128-bit boundary as per RISC-V ABI. */ andi a1,a1,ALMASK @@ -82,6 +83,7 @@ L (thread_start): REG_L a0,SZREG(sp) /* Argument pointer. */ /* Call the user's function. */ + SET_LPAD jalr a1 /* Call exit with the function's return value. */ diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.S b/sysdeps/unix/sysv/linux/riscv/sysdep.S index b50671b9b7..e7ea424e45 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.S +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.S @@ -23,6 +23,7 @@ #endif ENTRY (__syscall_error) + LPAD mv t0, ra /* Fall through to __syscall_set_errno. */ END (__syscall_error) diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.h b/sysdeps/unix/sysv/linux/riscv/sysdep.h index ee015dfeb6..14a1f3a647 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.h +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.h @@ -53,6 +53,75 @@ # include +/* GNU_PROPERTY_RISCV_* macros from elf.h for use in asm code. */ +#define FEATURE_1_AND 0xc0000000 + +/* Add a NT_GNU_PROPERTY_TYPE_0 note. */ +#if __riscv_xlen == 32 +# define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 2; \ + .word 4; \ + .word 12; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .text +#else +# define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 3; \ + .word 4; \ + .word 16; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .word 0; \ + .text +#endif + +/* Add GNU property note with the supported features to all asm code + where sysdep.h is included. */ +#undef __VALUE_FOR_FEATURE_1_AND +#if defined (__riscv_landing_pad) || defined (__riscv_shadow_stack) +# if defined (__riscv_landing_pad_unlabeled) +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x3 +# else +# define __VALUE_FOR_FEATURE_1_AND 0x1 +# endif +# elif defined (__riscv_landing_pad_func_sig) +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x6 +# else +# define __VALUE_FOR_FEATURE_1_AND 0x4 +# endif +# else +# if defined (__riscv_shadow_stack) +# define __VALUE_FOR_FEATURE_1_AND 0x2 +# else +# error "What?" +# endif +# endif +#endif + +#if defined (__VALUE_FOR_FEATURE_1_AND) +GNU_PROPERTY (FEATURE_1_AND, __VALUE_FOR_FEATURE_1_AND) +#endif +#undef __VALUE_FOR_FEATURE_1_AND + +#ifdef __riscv_landing_pad_unlabeled +# define SET_LPAD +# define LPAD lpad 0 +#else +# define SET_LPAD +# define LPAD +#endif + # define ENTRY(name) LEAF(name) # define L(label) .L ## label @@ -64,6 +133,7 @@ .text; \ .align 2; \ ENTRY (name); \ + LPAD; \ li a7, SYS_ify (syscall_name); \ scall; \ li a7, -4096; \ @@ -111,6 +181,7 @@ # define PSEUDO_NOERRNO(name, syscall_name, args) \ .align 2; \ ENTRY (name); \ + LPAD; \ li a7, SYS_ify (syscall_name); \ scall; diff --git a/sysdeps/unix/sysv/linux/riscv/vfork.S b/sysdeps/unix/sysv/linux/riscv/vfork.S index 1e39b7a057..4cf7b5a9d8 100644 --- a/sysdeps/unix/sysv/linux/riscv/vfork.S +++ b/sysdeps/unix/sysv/linux/riscv/vfork.S @@ -29,6 +29,7 @@ .text LEAF (__libc_vfork) + LPAD li a0, (CLONE_VFORK | CLONE_VM | SIGCHLD) mv a1, sp From patchwork Mon Oct 27 04:26:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122669 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 60AC13858D2A for ; Mon, 27 Oct 2025 04:40:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 60AC13858D2A Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=HwsMGQ7S X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by sourceware.org (Postfix) with ESMTPS id 12DD73858CD1 for ; Mon, 27 Oct 2025 04:26:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 12DD73858CD1 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 12DD73858CD1 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1035 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539215; cv=none; b=Z3lIL4i7kfw2YW2+2qn3cjokmqkFn+HzGC4E7HtuzdaH+BLldPHM0z5kNOXYUhwknAL65V/ipaySqvpXCnS6a6TBXUBtbaHXZq95j3gn7jdI6V9Mcw05LsEE0VJmsERjfOBSEGvUskag22idPmpRpqrkLvbsudXxwEMzuGvaTQA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539215; c=relaxed/simple; bh=8xM5imf09yB6f+mDPBH2uz1rzWXzjDQlZ9gqMfPbm78=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=WS3x4c+U0DJj5zWOvoJ6ExfWvYEhRSyOKTmPDCgSKQ9fGobSAHA3RYpWN28dEogmUwxFo9ugTYtnBLb+fmimBTMGoZD6C7i1CEhWtZeIS+2NOnRmxHgX76KuOf7sLMznNVN2Kyb/ewQTzyKfuB27kwmDkZzPavNq3cFv1h6OUPI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 12DD73858CD1 Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-3307de086d8so3805930a91.2 for ; Sun, 26 Oct 2025 21:26:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539214; x=1762144014; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YJrfCHsu2uZK4VH9zBouEWAslEMAbx6S51zc9Mh3jHQ=; b=HwsMGQ7SqEKBErQHm2KUqm9aNMAJtQ7WAtyxHl1JkWm32A7OzKK0IbZcboK+eSMYuh T/axe4UiQ5wSsAdM/UjoRKulJyxuvSLyc2HIEQATj7fXmHF750wmXkN3MWZZ+P78VYzs WGplxeYW0IP1vKkt7hUm6a7jZxPSYKlFdE0k5m0XqoOaTWFXtFnTQAZrPKEbY+DQnEQp VQO19n0nXwVN/b3nAF+eS2gzOgBKTnFHJQVaynOclBxcldN9z3Ij0RhbjUmoE57BYPHU rLX4Gd28xJ78IEuhw9w1VHXwWJyhGPDDZLff4nnHC7/klOuyGI5AImlUqM4p33iYyvxe 3tcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539214; x=1762144014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YJrfCHsu2uZK4VH9zBouEWAslEMAbx6S51zc9Mh3jHQ=; b=PBfUc0pKNuN6N4K43v415My5FkDjiV7XGKdjxx+aT4krAiPbNLOLUyBD/uRNKfTDd5 DWkEE9dK9fHz15BX5L5musZY/pOhKLaej35c9es8GtdQXhg7XlGIz0rMQBDDVUK8oxDi I8lQqNhUeuJ9234AnPaDjAor90XkFbdt3NkoJnCgLA0vvW4nLKPfXRlf83ovFUM4mZ8V Zfs9rb6eKbyYknneUCUqaFGxWnx/gKjVstyhs36RyX5A0iwrsmBjtrh3nCcMchV1QPa2 aI7ygiXapy5Lhbr0xlxhGOq5mRa1v9t1AbviSmrtzo9sA8Vl9iW5CZry3RSDsXH0u3mP fNdA== X-Gm-Message-State: AOJu0YzqFVrKIHnYwg961La9LcffU1igUQd8QcKrkQC1Jm8WFlco/JbR 4moCX11ZN4hACD4Y5Qg1NagwSIj6H9Zcy7ubMeS4Ms31pXTsAueAj9vRV1DEkveoz6LQk4bsWvG 8eawAV80ISyus756fvrj6za1UsTKkNm09k2xg/nvqAAjoj16xU9vQvNlHn1z4b52AtNYxnOCt2f lQCAUeSne9BGC7bbynyv7tUcUbaP7IgbFvVXRwiunYkQq94JKXM9E= X-Gm-Gg: ASbGncv9Z4uniucemrfeBP7zrwNhJ7iQW3bQPiKj8TDi/PzRSaZgjeeWvhtrvRON+oL koD96+MvuFIOU685mLR/BgaeGbflXaHLpQD66fwzndRvvv9FWMbgOst714XplPB9dAPNo7BCNMd sTG9BB4ymTfjcQx5D4OJ+5iA8c0gjYl+1q7z27AF6b45D9Zv+A0KrSUmLUKActyxJoe8Wir4zcb g/4D/TrhZ2o/0ZzOHzb8PVZR0Cq51ak0qb379OT40m4sJXLIUw5XO3CRSwOwQNKM21COmgF8ODz Zr7PByqPBpckUKsJWXcm2vHtIWSdxvWD9xsGsCvCLU5oj+mWQzYxzj/46wAsm+aX7yuB/pp0Ng1 Cr88Xyrz5uhVzXePSaHza9ki8y9ZeDjyX/cJgAwoMzwuFD2lR2IReZJiGkouJRubcZwIFaLaliV Ojt3pbdzIFT8clLSD7iKTQSiN2z2ym+zZCUNfYBIOE+/GAIv3r+YL2y5knm7bSkrdvXQlkV1lR3 wW2svvW0CSuO8kDzUrI X-Google-Smtp-Source: AGHT+IHTpNZpompMmswQtRjImqNplcqDT3EbLTKFZDfGyt6vfDtSmismZQvLQUGxU3J3hNrM9BgKdg== X-Received: by 2002:a17:90b:33d2:b0:334:18f9:8008 with SMTP id 98e67ed59e1d1-33bcf85ac53mr47275927a91.8.1761539213437; Sun, 26 Oct 2025 21:26:53 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:52 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 05/16] riscv: Introduce feature variables for holding RISC-V GNU properties Date: Sun, 26 Oct 2025 21:26:23 -0700 Message-Id: <20251027042634.2665717-6-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Member l_riscv_feature_1_and is added to struct link_map, which stores the feature_1_and property information for each object. New global _dl_riscv_feature_1 will be used to store what features are finally enabled for this process. --- sysdeps/riscv/dl-procruntime.c | 60 ++++++++++++++++++++++++++++++++++ sysdeps/riscv/link_map.h | 22 +++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 sysdeps/riscv/dl-procruntime.c create mode 100644 sysdeps/riscv/link_map.h diff --git a/sysdeps/riscv/dl-procruntime.c b/sysdeps/riscv/dl-procruntime.c new file mode 100644 index 0000000000..b8fbcd87e7 --- /dev/null +++ b/sysdeps/riscv/dl-procruntime.c @@ -0,0 +1,60 @@ +/* Data for processor runtime information. RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This information must be kept in sync with the _DL_HWCAP_COUNT, + HWCAP_PLATFORMS_START and HWCAP_PLATFORMS_COUNT definitions in + dl-hwcap.h. + + If anything should be added here check whether the size of each string + is still ok with the given array size. + + All the #ifdefs in the definitions are quite irritating but + necessary if we want to avoid duplicating the information. There + are three different modes: + + - PROCINFO_DECL is defined. This means we are only interested in + declarations. + + - PROCINFO_DECL is not defined: + + + if SHARED is defined the file is included in an array + initializer. The .element = { ... } syntax is needed. + + + if SHARED is not defined a normal array initialization is + needed. + */ + +#ifndef PROCINFO_CLASS +# define PROCINFO_CLASS +#endif + +#if !IS_IN (ldconfig) +# if !defined PROCINFO_DECL && defined SHARED + ._dl_riscv_feature_1 +# else +PROCINFO_CLASS unsigned int _dl_riscv_feature_1 +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif +#endif diff --git a/sysdeps/riscv/link_map.h b/sysdeps/riscv/link_map.h new file mode 100644 index 0000000000..b8e757adf4 --- /dev/null +++ b/sysdeps/riscv/link_map.h @@ -0,0 +1,22 @@ +/* Additional fields in struct link_map. Linux/RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* GNU_PROPERTY_RISCV_FEATURE_1_AND of this object. */ +unsigned int l_riscv_feature_1_and; + +#include From patchwork Mon Oct 27 04:26:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122664 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 043B53858C2F for ; Mon, 27 Oct 2025 04:35:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 043B53858C2F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=FQORToY5 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by sourceware.org (Postfix) with ESMTPS id 624503858C54 for ; Mon, 27 Oct 2025 04:26:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 624503858C54 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 624503858C54 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1036 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539216; cv=none; b=hJC0QWtaeb6+x5HbV+f7w9pUxpfSsBegseakGZiUPdtmZvIEKJEGrez532ApbPfPeWJW0LEqyFV2IcZ/SWeJUIflS1H2Wf2drNo5+rRxW+2TLqj+fWHta+kuNDJYgzkeHnYmVYoRIE1T+/s+2Ryl/tToKopZ8crejoBLKnOKCIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539216; c=relaxed/simple; bh=U+UWKjQCjhAD+edCZ7+ORAA/eEP3peO7vuhxeWmsM80=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=KD67gPvi0PZbieCRiUMcjbZqaVBHYdeVirEThIMXgXTswi3anWi4Ob2Fpa4yCEDowZOJFm6t6pLWnQLqdfFsKcbPUMe2FWzMCJ4fZhgA4j6L/42UYUMy8P9MO/Gt/dv5LQT+k3IlvY1oDHcFpxYxhlbNnGpViAphAjIO9w6zoO8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 624503858C54 Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-33bbc4e81dfso4585377a91.1 for ; Sun, 26 Oct 2025 21:26:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539215; x=1762144015; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FtAPsIJubLs9Rv+ZJ4v0lCr3YjtjUoE/GGtxx22/3CM=; b=FQORToY5KJyhMb74zvYC+cvteEbBHl+9NIMBSf678dnZusItjaYso9xTRh6oEULjUX AR/36CR08hfPAOaDbdEr1v76I4rYrZGwXcHaab9EgTY8DAe77ftOIlsM99tr8jsOC3Vb 6KcRXSitqLubBZQTZDBxSX10MUYg8FRVLV90EQVm7WhRwL30V4Y4YFzyED1ZkpDzH7Fx 9VIauGtOSGjPSPqqKHP/3wjnQ+5PCAy0EsXf5J7R/ZIbGeYcIDfSozTo6U2CD+kesDxI 1Q9UxDV6MVayx6EqfEWSSPgSQQ8Pn5+EiH7bZwokXhFID1nP1hN+LapKvEMY2r2+z1EQ l6IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539215; x=1762144015; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FtAPsIJubLs9Rv+ZJ4v0lCr3YjtjUoE/GGtxx22/3CM=; b=XaSyqjrR6YsIKjFUjk3Sc/kTHLz2M6w6TQZ4EkO7Tggkr6TtNIqQy3lxM3TRvjmdnd fE7MHIFKXWjhFKzmlmpZE9mT5NbLuUFDVPSgnamCHFW/aySvSwEmRZKhTz8TEQzGqFtt fXUpl+CP2329epmjA0tsKd8wa5p016reBIT3wnJjmI01lbN/P4IzvEyJD37uNmAk73LC JHBqTSzxc1uCPpxQnu0dD2Yd4mzXkh6rURz2epyn1SPm2/ebzdxh/6oE3sqNITwggVpT +bqQDg7HYkiZAAPzxcLgj8vhIpaj0Zfj4Mr8qwbCMv9nYaql7EnFs2Iksww23muQNIBG M2rw== X-Gm-Message-State: AOJu0Yxw53GlkmsvEN8uBHVJ05G2P4unbzAT2BuJPk/f2w3DTV7BG5GH l6vLtSucwSKHdIT3FkWLWJuasPNqRm+tGCTSSbJyonVQLT9B/Xgfdi1sZiG9cSGVEN1yKn/1owz ZIxoKFJwxX5Z36crGwRqRl6K+eTX6u/8gtGgFlai4/P3M8x/bzJdq8axfGxjsHYuYupWtObjJZF hRHi6N3scxWgSCOdsuwIo39ibhRZ4SIiRp2CjDk3N2udgDAfw/Qyg= X-Gm-Gg: ASbGncup44hqZf9PPKivX4dBB5OX9Uiyyf9QwVS3xh7Ug1RMro4x9NcX1Y1gfFnLDiJ jFfrbJ2jhIfFolpPRbB1OtImzDweOSZJmPC/a1HUzL4fdRZVGzjeEtGelhyi9TX4yasGlGtY02X mTg7dbaF0RcG/LZTZDO2epw8EMWd0Sl81aiUQST9j109zbnJUdIvzVF3GeDvbRlvz6EX3juwfJm L24EkNOoF8i023C2uwBjrPDFtQ2SQmSgHwCsDCM72DhdAuY8/e8/4WmwLi0Kqw2k/TyaLP+uSft 574QxB8YnVOLPgdwoh6F5gOXSRCvCGxK7nA8c4nzxaeqMyndDzX3eyBXpOheaDB1SpgNr0J5Dl/ Gs9wcvQrC+KPGY+QgMH1YvzEm2PlMnrJY8XOFI7eJGKiexwGlpXswMbRr6vo5bSqK+JoQqGMDFm nZzDh5veL6z7tPE7As7A/v4oPoHiRH9Lb3k+OLi3qzYXjyvDlu2XV8wIWJnqg+O5KN2HhEvR1fW 6gdt4uXLzXp2lmia1Dl X-Google-Smtp-Source: AGHT+IETTGYMf0XTQ9hl2LKphxRuUhuCO3W4L/g0+tTFMA689tK78IO/KIqROhV7OwwTAWBsuDxB/A== X-Received: by 2002:a17:90b:3b84:b0:330:793a:4240 with SMTP id 98e67ed59e1d1-33fd66192camr10436377a91.31.1761539214690; Sun, 26 Oct 2025 21:26:54 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:54 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 06/16] riscv/cfi: Add prctl definitions for RISC-V CFI Date: Sun, 26 Oct 2025 21:26:24 -0700 Message-Id: <20251027042634.2665717-7-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org These operations are for setting/retrieving/locking the status of the landing pad and the shadow stack extensions. --- .../unix/sysv/linux/riscv/include/asm/prctl.h | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h diff --git a/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h b/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h new file mode 100644 index 0000000000..091a21b70d --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/include/asm/prctl.h @@ -0,0 +1,48 @@ +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +/* + * Get the current indirect branch tracking configuration for the current + * thread, this will be the value configured via PR_SET_INDIR_BR_LP_STATUS. + */ +#define PR_GET_INDIR_BR_LP_STATUS 79 + +/* + * Set the indirect branch tracking configuration. PR_INDIR_BR_LP_ENABLE will + * enable cpu feature for user thread, to track all indirect branches and ensure + * they land on arch defined landing pad instruction. + * x86 - If enabled, an indirect branch must land on `ENDBRANCH` instruction. + * arch64 - If enabled, an indirect branch must land on `BTI` instruction. + * riscv - If enabled, an indirect branch must land on `lpad` instruction. + * PR_INDIR_BR_LP_DISABLE will disable feature for user thread and indirect + * branches will no more be tracked by cpu to land on arch defined landing pad + * instruction. + */ +#define PR_SET_INDIR_BR_LP_STATUS 80 +# define PR_INDIR_BR_LP_ENABLE (1UL << 0) + +/* + * Prevent further changes to the specified indirect branch tracking + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_INDIR_BR_LP_STATUS 81 From patchwork Mon Oct 27 04:26:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122672 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DBBF83858C41 for ; Mon, 27 Oct 2025 04:43:54 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DBBF83858C41 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=A68aJHom X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id B6DE83858401 for ; Mon, 27 Oct 2025 04:26:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B6DE83858401 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B6DE83858401 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539217; cv=none; b=WiV280svAyH1Z+s1VdHm57kJWtz2QbeT1flQxaax9CARrayHxYZXp/u/VKyyxXwbk2Iq15r0g82uDtS/J3p7gDps5i8gAcBGbIECABmfsJOImox2wICZz9wvZ4Jwa0ZRDHkdCijF8SKEq+KekmO21a/HqeTBKqTctntdjPnPoBg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539217; c=relaxed/simple; bh=IXocCfOk9LHGIAN5q0AuO16SakCK22SIbJA6uYTGM9w=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=TxswN24hz9KjaxbCO5e/27zd8kPys83AsVlbb9tAAAEk2TY+WtKMB/i7F7TdjYizJ1b0UMaD9aqcas0c1rXLqg+lwFqoNlaV84QEftMvIdl4cv+R08jeEp2fhnNHSaqYNJg/77JOmjRflo84Wu/OYJiZZGPD0IUnTJkmokxEhR8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B6DE83858401 Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-27d4d6b7ab5so62397125ad.2 for ; Sun, 26 Oct 2025 21:26:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539216; x=1762144016; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j5QD8z1tOMvXJCuThGZN+JjDNUjyX9Nt5mC8dwnQFxM=; b=A68aJHomx2CEdi8RwaAcQ305xZOv/p25zzsiWvKdRmqXsSXgmYTJm1kdxTDKV9BfA1 QzPLoBG8qylhF8SC98V+ez3mEFx+ZXrfyhLpn1ADo/nyoLF8zmODHZhsiVahUcWEYz5w SrmCP+32sPoIEbWT9ksxyugzzqaIUbLakzW36EL5X+1M6ZsmMhSrMOIp0kIRSZCAgY2t 6UCiLVBwjURAgq+n8rfSVWhrKM6n80ISm87126QJtY9rd0AJHy9Kj247lj3ycbmLq4lv iJBfx0MaAkII6HuKqNGpVspllAaVuCo5RPewvUsyraa2mvLRxo3IsZXDBKoz2NNMhgPc Y1vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539216; x=1762144016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j5QD8z1tOMvXJCuThGZN+JjDNUjyX9Nt5mC8dwnQFxM=; b=OhslR9StN9XEPzRw8tygs7PHybS58mAMDRwI4yB/fhFY4SOoT0IazuTyuSLQxQLhIQ IX9yqdVxMcZmOuQewVROyC3kBDAnFjdaA62M+afWwdsk7s8nsdN1TieGFEwBomirpZXo wWVjWK/jCP95/MGOOgL5qBDYNkGFQcnawe5M6j3GLc/t9492NtugmruQhW56jpmY9pjS meMovPX+5g7qyU/Ry6ogboUJAvBAR5LqTr9QYY3D/hB4yaxcs0OAuwgFtag3v4DnOcPo x7fTlPTfy3+CqdC8umQkTqx2oWJj5iRFJo4Dz8kCrVkoQAV6FQ71WTu17i5L3k+61vNb znbQ== X-Gm-Message-State: AOJu0YxMMfWiWHN1H52mh7dckgGm7RkuYZ4mqpbk29tc5OdejcYEOg5S xdefMDlfZH7t1dXsawDGSkIIZ/d81jJBoyO6sYMK3epF8BE1FsASE+cgcBlHcv6sQKUfx/k566l HtW+vVW7ET8eJljYnugLBcNqB6U8AVoH6tgfK8Bswv0NKyIjP9JjyoXW4zdw60SEdZWbbpCzkt4 ovuYc+WaK8KN2UD0znTaCPUnGEGY91CSuwBvM3bbqTV7l9M+bd6ig= X-Gm-Gg: ASbGncu4gGi+TsAxqRr8KKHPvn42aIqi34juWjHj3wdsSjdoSUHXmvBF3oqSSLMOAc6 oPSYH92AHxXxmdQ0lnpiPvZVnuUtCkfHrzO7hBjZLh/7tUtXgZZqNssoBV/VSXQVejWZWz+1VK7 r/w81BXpElTCvm7QMyYjZsXucDlQyvbdXO6O3OVWvzxGCnubGDEVx4S5/PtwhVmJvjnBQF4DAEJ PxdVgQWXE+Mhhd+TpWEUqJeAa7gyL6c9Msk7yr/JqOUVJtrX4IlNMUVcqLC29Gcszax2E1pCYXy +KprkuK8NytYBYEU+imN1K4lsza6NlSz4melJ+zt2seTtrLV5NZrQzGtqD4bMBzsvJIcHY5V4hl /Vs0Sdy2go8lG0NVlY3AXIe42wKgNiQ0anVIOYfYsJIjeEXQWWEGKkCy9+tNjQpRqqTmUaHDAwx ZD0UmQ6/MyKPMPtbfzYkEMH+iUcv+V5wqfz/O/E9jahDje4B5Y6dfwQFm0S9YAvhVB+T1G0nBTb 8jT+Nl+D7XiKlioeQNciQ8K6t2g8ug= X-Google-Smtp-Source: AGHT+IHHk5SCxu7gUvFTEhIykZO8CGIdGdT9rrI7bz51BkiGu9RVNgN3WYiud7LAlds1ZojhYmhq7g== X-Received: by 2002:a17:903:1a4c:b0:27e:ed58:25e5 with SMTP id d9443c01a7336-290c9ce5b85mr388784965ad.24.1761539216202; Sun, 26 Oct 2025 21:26:56 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:55 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 07/16] riscv/cfi: Enable CFI on static binaries Date: Sun, 26 Oct 2025 21:26:25 -0700 Message-Id: <20251027042634.2665717-8-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org For static binaries, CFI are enabled inside ARCH_SETUP_TLS, with a macro to enable the shadow stack to prevent underflowing the shadow stack on return, and with a function _dl_cfi_setup_features to enable landing pad. It scans backward of the program header to find the PT_GNU_PROPERTY note first, then enable CFI features corresponding to the feature bits. Co-authored-by: Deepak Gupta --- sysdeps/riscv/Makefile | 1 + sysdeps/riscv/dl-cfi.c | 36 +++++++++++ sysdeps/riscv/dl-machine.h | 6 ++ sysdeps/riscv/dl-prop.h | 65 +++++++++++++++++++ sysdeps/riscv/libc-start.h | 88 ++++++++++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 20 ++++++ 6 files changed, 216 insertions(+) create mode 100644 sysdeps/riscv/dl-cfi.c create mode 100644 sysdeps/riscv/dl-prop.h create mode 100644 sysdeps/riscv/libc-start.h create mode 100644 sysdeps/unix/sysv/linux/riscv/dl-cfi.h diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 99976fddad..4752bdb1a0 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -18,6 +18,7 @@ endif # Enable RISC-V CFI ifeq (yes,$(riscv-enable-cfi)) +sysdep-dl-routines += dl-cfi CFLAGS-.o += -fcf-protection=full CFLAGS-.os += -fcf-protection=full CFLAGS-.op += -fcf-protection=full diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c new file mode 100644 index 0000000000..77bac24a1b --- /dev/null +++ b/sysdeps/riscv/dl-cfi.c @@ -0,0 +1,36 @@ +/* RISC-V CFI extensions (zicfilp/zicfiss) functions. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +attribute_hidden void +_dl_cfi_setup_features (unsigned int feature_1) +{ + /* Since prctl could fail to enable some features + use prctl to get enabled features again and sync it back. */ +#ifdef __riscv_landing_pad + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, + PR_INDIR_BR_LP_ENABLE, 0, 0, 0); +#endif /* __riscv_landing_pad */ + /* FIXME: Read enabled features from kernel and re-sync */ +} diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index 76f43a242b..ff96ae77f2 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -28,6 +28,12 @@ #include #include #include +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) +# include +extern void _dl_cfi_setup_features (unsigned int features); +#else +# define RTLD_START_ENABLE_RISCV_CFI +#endif /* This is a marker to remind us to add real expansion to setup the label for the function signature label scheme in the future */ #ifdef __riscv_landing_pad_unlabeled diff --git a/sysdeps/riscv/dl-prop.h b/sysdeps/riscv/dl-prop.h new file mode 100644 index 0000000000..a832e4aea6 --- /dev/null +++ b/sysdeps/riscv/dl-prop.h @@ -0,0 +1,65 @@ +/* Support for GNU properties. RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_PROP_H +#define _DL_PROP_H + +static inline void __attribute__ ((always_inline)) +_rtld_main_check (struct link_map *m, const char *program) +{ +} + +static inline void __attribute__ ((always_inline)) +_dl_open_check (struct link_map *m) +{ +} + +static inline void __attribute__ ((always_inline)) +_dl_process_pt_note (struct link_map *l, int fd, const ElfW(Phdr) *ph) +{ +} + +static inline int +_dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, + uint32_t datasz, void *data) +{ + /* FIXME: Detect cpu features after we have it implemented in glibc */ + + if (type == GNU_PROPERTY_RISCV_FEATURE_1_AND) + { + /* Stop if the property note is ill-formed. */ + if (datasz != 4) + return -1; + +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + unsigned int feature_1 = *(unsigned int *) data; +#endif +#ifdef __riscv_landing_pad + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + l->l_riscv_feature_1_and |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif +#ifdef __riscv_shadow_stack + if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + l->l_riscv_feature_1_and |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif + } + /* Continue. */ + return 1; +} + +#endif /* _DL_PROP_H */ diff --git a/sysdeps/riscv/libc-start.h b/sysdeps/riscv/libc-start.h new file mode 100644 index 0000000000..7b898f5308 --- /dev/null +++ b/sysdeps/riscv/libc-start.h @@ -0,0 +1,88 @@ +/* RISC-V libc main startup. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef SHARED +# define ARCH_SETUP_IREL() apply_irel () +# define ARCH_APPLY_IREL() + +# if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) +/* Get shadow stack features enabled in the static executable. */ +# include +# include +extern void _dl_cfi_setup_features (unsigned int); + +static inline unsigned int +get_cfi_feature (void) +{ + unsigned int cfi_feature = 0; + /* FIXME: check if cfi feature is supported by CPU */ + struct link_map *main_map = _dl_get_dl_main_map (); + + /* Scan program headers backward to check PT_GNU_PROPERTY early for + feature bits on static executable. */ + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr + GL(dl_phnum); ph != phdr; ph--) + if (ph[-1].p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, &ph[-1]); + /* Enable landing pad and shstk only if they are enabled on a static + executable. */ + /* FIXME: change to &= to mask off other features after cpu_feature + is implemented */ + cfi_feature = (main_map->l_riscv_feature_1_and + & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); + + GL(dl_riscv_feature_1) = cfi_feature; + return cfi_feature; + } + GL(dl_riscv_feature_1) = 0; + return 0; +} + +/* The function using this macro to enable shadow stack must not return + to avoid shadow stack underflow. */ +# ifdef __riscv_shadow_stack +# define ENABLE_RISCV_SHADOW_STACK \ + do \ + { \ + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) \ + { \ + INTERNAL_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, \ + PR_SHADOW_STACK_ENABLE, 0, 0, 0); \ + } \ + } \ + while (0) +# else +# define ENABLE_RISCV_SHADOW_STACK +# endif + +# define ARCH_SETUP_TLS() \ + { \ + __libc_setup_tls (); \ + \ + unsigned int feature = get_cfi_feature (); \ + ENABLE_RISCV_SHADOW_STACK; \ + /* Landing pad will be enabled in _dl_cfi_setup_features */ \ + _dl_cfi_setup_features(feature); \ + } +# else +# define ARCH_SETUP_TLS() __libc_setup_tls () +# endif /* __riscv_landing_pad || __riscv_shadow_stack */ +#endif /* !SHARED */ diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h new file mode 100644 index 0000000000..cd184bac61 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -0,0 +1,20 @@ +/* Linux/RISC-V CFI initializers function. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* FIXME: Should be remove after they are included in the kernel header */ +#include +#include From patchwork Mon Oct 27 04:26:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122668 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id BC5EA3858415 for ; Mon, 27 Oct 2025 04:39:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BC5EA3858415 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=lnd7xZUu X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by sourceware.org (Postfix) with ESMTPS id D75B93858D26 for ; Mon, 27 Oct 2025 04:26:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D75B93858D26 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D75B93858D26 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1030 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539219; cv=none; b=DBNdgvetj7ULtsOlr+XqteECBOK45IfC/DZaFatv/ldoiB1I9FbEqmf5yPYmI148/CykB4P1Z+w69jQD/AVljs5PFPoiIATiuTUzpIfxynqh+FgoWYVhR80qMuHos4h7NNHg9F+aD9XzN0urp0K0XMg+wOKt21hbxFQmyNuW6hA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539219; c=relaxed/simple; bh=0F3Rd38jjQXYQIgq/Rrt3QbcwvYGD/wJ2ZxcZfETZU4=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=CSqIw8wxc6NoRbJGkqiugx7aVL01syLoF+qpn1VYg6X+HlUoxlf9+zP6l6I6t+gs7XJJmSSQSgrIcBE3O0i2S2d1gcOYHRTx3gYjipmCZMon8+3PAZICOcXtOUSpKx36gEFh760ODPONfpwNQLItNI/Fjl0dLHcKbQ/bCl4A/fM= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D75B93858D26 Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-33d28dbced5so5229621a91.2 for ; Sun, 26 Oct 2025 21:26:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539217; x=1762144017; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bv6w9sfgMnz7F0ODYA2+eB3G24LLqcrcu8sGOtyPCMU=; b=lnd7xZUu+dzSlKv9S4ndmrPbxfamt/QzKzDjZ6o+ZGbIG8kLLmLLSeg+mbm8aLvkqw clJuiuy5hhT2mIByXT/uYT7G4wC3KHMZIyVOZVlLf7pXPHK4O5X8sK5FkG3Pj7pwGvBj zA22nkHBHV0bn5Ai3P/70EWY9XLdFqmanHF/ZmOg3virYBbTynvV8iIXKTS4dSthw7/s bnMtvUIW6xN23OoLiX3JrcDUaFg+4dh9QW3uK2rrwtD4rxErg0VrTT2RjF873a+pRAr5 5BdsSICf12tMpa3kUGAJ2oe3SJFTIru/4ckLtZulE9dm91UPwAcSjjuLkCRSM8nrHCTq AViA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539217; x=1762144017; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bv6w9sfgMnz7F0ODYA2+eB3G24LLqcrcu8sGOtyPCMU=; b=e91DYeulQ8jsIXeMR947UDl6tFcUcSVHPNPNZEwsLNrZGqUYaijUT85/xYOyMaOhZX khKWefENbCxND0a7TNHzHsinkY/7xoBSnr58PE7LaqVPvn/34nlIUeO3t0mGBfCnlOR+ eo0EjCs3lTe570V1JcyBzgkzeHRSb6WRNNShU8CpwnTTYs9+tGGSQWguTCGiGyDIKSxS Zq6E1CcYciKzchrrIgKZbIDX6iceHO8WMQJtdKpzHdcMzaGoW81ffpblq4cumj6TR3Kg 07WjfjhSIL13ktRLhal0IyFpgssnUmrpeqCgMp8Wj3931c4ibpfskkY968u6PgFqFerM 9dTQ== X-Gm-Message-State: AOJu0YzJ5LK8yukPyzBB4fUqYrskq8l8un9xNvpiA2V7bjFoJkSNzFWC hB/KpKqPGswS2u2RwppARtZXOlVZUoEFQl7qzM2JcQOT8P1EU4hseWUmCwIoikoRsuZd83k3+V0 2QFSC9zJRvAfaTyTM+JY6j648rQ9yRmVPnRePlQfsOyyIS26Opym0Q4mrkrYKvNIOtOa4jRN38D 39lx7SP3NIRSKvypcweprIq+jiVIwrYEgGwUBgz1kbaeVwJ47PdGg= X-Gm-Gg: ASbGncvRCdgg3JgEUmOk4k6txaWwRO1JGtvefWhW/WsJ1VfERObZ4OUJiKv6yOC0V5o ry1We+z++s2RdA0QwNuY81sIF3GVjjRXgR7xDEhH1aWKpafSR4tOemu/IHDvNowISWYxTKUbg9R cOUPbaYU/txcCmBD13OrRpD0sojMZ+wzyNOoHiQh8IjaogXJ5bxhIqfJsGJ/tUo4j5XqxAwHU+L 4CHdrsvcMUC+l8ZbPSmosQ3VNct30nLk/kpiNRuIf9Nq80PquL5cg1D0rS4Id5MoSCoWeqUuTbJ 8hX0KdSBzWj261rnEgb1ALfHY3jgW0NC5+PGqnQ6uQm1qYhWV6PVwQzgyHqCh5LAPgFCdtVUIda gmC3r1vhU35fc0krg4hn+XBck/+l2tTrJ524HLiITngO2O14B1pY9C9/Lg92MpG6F6IQmEQHRq7 0dppvzSLh/62mBqMSIr+O2qrpAXARyEROrwo4ICv//ZyozAAg9lYaoD4y/cvr6WPiYNDKwqrfaP 9Zich/c+1F3jRPRnjXe X-Google-Smtp-Source: AGHT+IGomUgan0z9v/15P43AYcyTRSQwhPwDClCxANPIDOZst4SRorhXWCYKYlYsGiPNDh/FgIs9qQ== X-Received: by 2002:a17:90b:2fcc:b0:33b:b308:7659 with SMTP id 98e67ed59e1d1-33bcf920925mr44507794a91.36.1761539217355; Sun, 26 Oct 2025 21:26:57 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:56 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 08/16] riscv/cfi: Enable CFI on dynamic binaries Date: Sun, 26 Oct 2025 21:26:26 -0700 Message-Id: <20251027042634.2665717-9-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org For dynamic binaries, CFI features are parsed from GNU properties, store in to GLRO(dl_riscv_feature_1) and later enabled in RTLD_START. Co-authored-by: Deepak Gupta --- sysdeps/riscv/Makefile | 2 +- sysdeps/riscv/dl-cfi.c | 72 ++++++++++++++++++++++++++ sysdeps/riscv/dl-machine.h | 2 + sysdeps/riscv/dl-prop.h | 9 ++++ sysdeps/riscv/features-offsets.sym | 5 ++ sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 30 +++++++++++ 6 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 sysdeps/riscv/features-offsets.sym diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 4752bdb1a0..11e48be02e 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -3,7 +3,7 @@ sysdep_headers += sys/asm.h endif ifeq ($(subdir),elf) -gen-as-const-headers += dl-link.sym +gen-as-const-headers += dl-link.sym features-offsets.sym endif # RISC-V's assembler also needs to know about PIC as it changes the definition diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index 77bac24a1b..d1d57b738b 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -22,6 +22,54 @@ #include #include +static void +dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) +{ + /* Iterate through the dependencies and disable if needed here */ + struct link_map *l = NULL; + unsigned int i; + i = m->l_searchlist.r_nlist; + while (i-- > 0) + { + /* Check each shared object to see if shadow stack and landing pad + are enabled. */ + l = m->l_initfini[i]; + + if (l->l_init_called) + continue; + +#ifdef SHARED + /* Skip check for ld.so since it has the features enabled. The + features will be disabled later if they are not enabled in + executable. */ + if (l == &GL(dl_rtld_map) + || l->l_real == &GL(dl_rtld_map)) + continue; +#endif /* SHARED */ + + *feature_1 &= l->l_riscv_feature_1_and; + } +} + +#ifdef SHARED +static void +dl_cfi_check_startup (struct link_map *m, unsigned int *feature_1) +{ + /* FIXME: Add tunables here */ + if (!*feature_1) + return; + dl_check_legacy_object (m, feature_1); + + /* Update GL(dl_riscv_feature_1) */ + GL(dl_riscv_feature_1) = *feature_1; +} +#endif /* SHARED */ + +static void +dl_cfi_check_dlopen (struct link_map *m) +{ +} + attribute_hidden void _dl_cfi_setup_features (unsigned int feature_1) { @@ -34,3 +82,27 @@ _dl_cfi_setup_features (unsigned int feature_1) #endif /* __riscv_landing_pad */ /* FIXME: Read enabled features from kernel and re-sync */ } + +/* Enable CFI for l and its dependencies. */ +void +_dl_cfi_check (struct link_map *l, const char *program) +{ + /* As this point we have parsed the gnu properties, + for dynamic binary we should verify the dependencies here. */ + /* FIXME: Implement different policy for supporting legacy binaries */ + unsigned int feature_1; +#if defined SHARED && defined RTLD_START_ENABLE_RISCV_CFI + if (program) + { + GL(dl_riscv_feature_1) = l->l_riscv_feature_1_and; + feature_1 = l->l_riscv_feature_1_and; + } +#endif /* SHARED */ + +#ifdef SHARED + if (program) + dl_cfi_check_startup (l, &feature_1); + else +#endif /* SHARED */ + dl_cfi_check_dlopen (l); +} diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index ff96ae77f2..94ca0dcc35 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -120,6 +120,8 @@ elf_machine_dynamic (void) " _RTLD_PROLOGUE (_dl_start_user) "\ # Stash user entry point in s0.\n\ mv s0, a0\n\ + # Setup CFI features\n\ + " RTLD_START_ENABLE_RISCV_CFI "\ # Load the adjusted argument count.\n\ " STRINGXP (REG_L) " a1, 0(sp)\n\ # Call _dl_init (struct link_map *main_map, int argc, char **argv, char **env) \n\ diff --git a/sysdeps/riscv/dl-prop.h b/sysdeps/riscv/dl-prop.h index a832e4aea6..1c9fb6b38b 100644 --- a/sysdeps/riscv/dl-prop.h +++ b/sysdeps/riscv/dl-prop.h @@ -19,14 +19,23 @@ #ifndef _DL_PROP_H #define _DL_PROP_H +extern void _dl_cfi_check (struct link_map *, const char *) + attribute_hidden; + static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + _dl_cfi_check(m, program); +#endif /* __riscv_landing_pad || __riscv_shadow_stack */ } static inline void __attribute__ ((always_inline)) _dl_open_check (struct link_map *m) { +#if defined(__riscv_landing_pad) || defined(__riscv_shadow_stack) + _dl_cfi_check(m, NULL); +#endif /* __riscv_landing_pad || __riscv_shadow_stack */ } static inline void __attribute__ ((always_inline)) diff --git a/sysdeps/riscv/features-offsets.sym b/sysdeps/riscv/features-offsets.sym new file mode 100644 index 0000000000..3320cde83f --- /dev/null +++ b/sysdeps/riscv/features-offsets.sym @@ -0,0 +1,5 @@ +#define SHARED 1 + +#include + +RTLD_GLOBAL_DL_RISCV_FEATURE_1_OFFSET offsetof (struct rtld_global, _dl_riscv_feature_1) diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h index cd184bac61..662a45817d 100644 --- a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -18,3 +18,33 @@ /* FIXME: Should be remove after they are included in the kernel header */ #include #include +#include + +#ifdef __riscv_shadow_stack +# define CHECK_AND_ENABLE_SHADOW_STACK \ +"\ + andi a0, s1, " STRINGXP (GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) "\n\ + beqz a0, 1f \n\ + li a0, " STRINGXP (PR_SET_SHADOW_STACK_STATUS) "\n\ + li a1, " STRINGXP (PR_SHADOW_STACK_ENABLE) "\n\ + li a2, 0 \n\ + li a3, 0 \n\ + li a4, 0 \n\ + li a7, " STRINGXP (__NR_prctl) "\n\ + ecall \n\ +1: \n\ +" +#else +# define CHECK_AND_ENABLE_SHADOW_STACK +#endif + +#define RTLD_START_ENABLE_RISCV_CFI \ +"\ + lw s1, _rtld_local + " STRINGXP (RTLD_GLOBAL_DL_RISCV_FEATURE_1_OFFSET) " \n\ + # We need to enable shadow stack in the assembly code to avoid underflow \n\ + # Checking for landing pad is left to _dl_cfi_setup_features \n\ + " CHECK_AND_ENABLE_SHADOW_STACK "\n\ + mv a0, s1 \n\ + jal _dl_cfi_setup_features \n\ + \n\ +" From patchwork Mon Oct 27 04:26:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122674 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CC7573857C6C for ; Mon, 27 Oct 2025 04:47:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CC7573857C6C Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=LC51I87u X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by sourceware.org (Postfix) with ESMTPS id 7D1043858C40 for ; Mon, 27 Oct 2025 04:27:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7D1043858C40 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7D1043858C40 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539220; cv=none; b=JbfqH2JR3mxuugSOX6Etr1rrd58QUtCAWU00M2eUgB+tDqD7DofQdYSWH8rLGN0ASG8yo/qdmCzB3wFZiRAiYLPSSZJMdL3WI2Ay3fUhg/oKvw99N8oKGtfCXvVJdlOxB9kH4hIq8Szmh10ZWJmu4jlIt/MBS6xSLlDy3oBwEAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539220; c=relaxed/simple; bh=yaoSnVmm/YQxttQo4ekiBy8wlxuEpRVKkCG16pSnjgw=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=dU2IvVM+MINMvfh/ffuEa9pWRxHmOObhFYYv7LxE0JnZEK2/kk8qoPugkp+SSt7ohL5Ii21mleaccqmrwnBgHnC9PpClOLIFTVIaFz8woi/D9w/DFwxd700udOhyXPmF0byJrCJ3hVqSW4Lq2xIljdMbjcYELalOGIBqynJnduA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7D1043858C40 Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-32ec291a325so3221386a91.1 for ; Sun, 26 Oct 2025 21:27:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539219; x=1762144019; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JxJ69tYtlJhFY803PIBfA5dhG1MfDARyip8jebqe5Qs=; b=LC51I87u+7Gf6rRbjF7WRjfjwVocioXfJsiYREjTHM1zOIzninW6V6H+9Qkp5nDb/Q IACnjnhW5r2mDgilCUukNHyMG65BhELikMIPBlxAKJ7vVdw9RUfsiPCsXvnLXdfsDItP zXn58NhEMNGA3N+hnShr+BJ7PkT8CGviSz5rsFCDW5G3W0p8uZoTkJN+P9V762n2qL9R qcYxdjluix5axxkuO0kczGIwGPr7HIsOY2CXSW6US0Ra9N6vSZUb34iCc1gRbJySy3vV ZY1zjMNBC7L7hq2jx6bzPaLZJxSCfOORzlpNsQUxmxXSyldJhsn/jbKRRgrs7fmmTr5d bnwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539219; x=1762144019; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JxJ69tYtlJhFY803PIBfA5dhG1MfDARyip8jebqe5Qs=; b=iZgnuGbRk+pjQPSUNav5I/+mCJ1fJXw7at501ecWpNyGucCe+gs21x7xZGEC5EJAgv 51YLtlPnTeC0jcbjLETfNtnaOloxeWg5D8aSMDdwGMHVZ+EVxs2zIyAipFAjjNK4fS6g xeCpOLZD27Rbck7kMBs40ACg1QQphWV+xbYX9RuURiUz/gMDWL1vtui0/+r+EaJzzlHd NaMN5gSmC2vkEUDOXRXNfoXwuAP5VJ3IIER5bDIXxotVIIKWtC+U47tFbYGWyXNjtEpz jX/tEdg0Pff95FDsn70FBJ3qfmxtDLL6p1p/omLiRiF9Ie0P0I8i5IMBHyvCFt0wbHoP LYhg== X-Gm-Message-State: AOJu0YxgKYa2u1wxXGGYskIIpczoBNOesDt49Bjwnyn+n6KAAzFpfUjj oQcTZ4wn8yDG/mlcBhomhNyw7iFj75Kn3KovGBWKj03ZNBW0EJOmp2tQWkn4vLa1FTUJ551arsj oJmKsvWfETftuHguT3hf/B++rwgrut+8ykYEmJtC7c4475wVMYyZbG/uMx4cAPchp292jb1GgFC O/ValRVkycfWpZSRmAFXiHzPfDMES74yVPaa/xsUcOBh/k3K5gNmg= X-Gm-Gg: ASbGncusAbQ+ZldPprVDNf20Y6IuIosdcsKLi73+IuN6juw3iEgYqBOKGeg+7gHNpXx WMdUn0+Nx0q1qlKb66aAdGSLaaYHZ3oRgAcLkZLTZb2iMZz/izlLNEkeBW/s0fgSuaOwMBJXKRy V8bVKvmpUPqPfM37xAfd2KX8inzJiehalMpQWgc3k3LXDXlT3nH8dlbpwvGGeQV7BBxZS1h4In/ eU0V7wtC7mr+CYAV6QJ7qxaTNiBlviMQMzN+K1brsvsZbq3Doe/5hnxV/XKIbBOw9nNLczEJuvy JFwBKocn2ztWGFU/mnmrYy5ELe3phFbpJRAKeIkkaFAMNwWnDJQdQKi82ovyb+5B62PDelNSnoN ZXhDUERFve+GD/PaHoigHoUA1Kn0RIRdediN0AW3d02IGoYUjLMJYsaBknIpViyJycLLO31+ppk HLYlGUOOBzyo5sJ2cN0GiCA6ROmtOiBcQYJ7S4pwL99a6U/geP4+tv0oRh0te9DHY6G2hiKDVqQ +SERPg6qyC8y8gmbbXC+/hMi16VhGE= X-Google-Smtp-Source: AGHT+IHDim9dLBa7XO0F7s8bGlUJ6BgmbMIQwwlxkx0v0E+EtambAzvQqlyeU6raWyNYDH+uYlQt1w== X-Received: by 2002:a17:90a:ec8b:b0:335:2934:e217 with SMTP id 98e67ed59e1d1-33bcf86c0a9mr45642834a91.10.1761539218582; Sun, 26 Oct 2025 21:26:58 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:57 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 09/16] riscv/cfi: introduce tunables for CFI features Date: Sun, 26 Oct 2025 21:26:27 -0700 Message-Id: <20251027042634.2665717-10-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org dl_riscv_feature_control is a structure with each member represents a feature configuration. At this time it's only used by CFI features. Each cfi feature is a 2-bit enum, which could be [on|off|permissive], these values decide whether a new legacy object should be blocked while loaded dynamically, and could be controled by glibc tunables. --- manual/tunables.texi | 22 +++ sysdeps/riscv/Makefile | 1 + sysdeps/riscv/cpu-features.c | 46 ++++++ sysdeps/riscv/cpu-tunables.c | 50 +++++++ sysdeps/riscv/dl-cfi.c | 223 ++++++++++++++++++++++++++-- sysdeps/riscv/dl-get-cpu-features.c | 27 ++++ sysdeps/riscv/dl-machine.h | 19 +++ sysdeps/riscv/dl-procruntime.c | 17 +++ sysdeps/riscv/dl-tunables.list | 27 ++++ sysdeps/riscv/feature-control.h | 42 ++++++ sysdeps/riscv/ldsodefs.h | 1 + sysdeps/riscv/libc-start.c | 31 ++++ sysdeps/riscv/libc-start.h | 13 +- 13 files changed, 500 insertions(+), 19 deletions(-) create mode 100644 sysdeps/riscv/cpu-features.c create mode 100644 sysdeps/riscv/cpu-tunables.c create mode 100644 sysdeps/riscv/dl-get-cpu-features.c create mode 100644 sysdeps/riscv/dl-tunables.list create mode 100644 sysdeps/riscv/feature-control.h create mode 100644 sysdeps/riscv/libc-start.c diff --git a/manual/tunables.texi b/manual/tunables.texi index d11ca7ed7c..7c5178e6b4 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -574,6 +574,28 @@ assume that the CPU is @code{xxx} where xxx may have one of these values: This tunable is specific to aarch64. @end deftp +@deftp Tunable glibc.cpu.riscv_cfi_lp +The @code{glibc.cpu.riscv_cfi_lp=[on|off|permissive]} tunable allows the +user to temporarily turn off the branch control flow protection (a.k.a. +landing pad) or set to permissive mode. The default value is @code{on} for +target compiled with Zicfilp extension. Permissive mode allows the protection +to be turned off on program trying to dynamically load a legacy shared library +without landing pad support. + +This tunable is specific to riscv. +@end deftp + +@deftp Tunable glibc.cpu.riscv_cfi_ss +The @code{glibc.cpu.riscv_cfi_ss=[on|off|permissive]} tunable allows the +user to temporarily turn off the return control flow protection (a.k.a. +shadow stack) or set to permissive mode. The default value is @code{on} for +target compiled with Zicfiss extension. Permissive mode allows the protection +to be turned off on program trying to dynamically load a legacy shared library +without shadow stack support. + +This tunable is specific to riscv. +@end deftp + @deftp Tunable glibc.cpu.x86_data_cache_size The @code{glibc.cpu.x86_data_cache_size} tunable allows the user to set data cache size in bytes for use in memory and string routines. diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index 11e48be02e..b1f074a3eb 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -1,6 +1,7 @@ ifeq ($(subdir),misc) sysdep_headers += sys/asm.h endif +sysdep-dl-routines += dl-get-cpu-features ifeq ($(subdir),elf) gen-as-const-headers += dl-link.sym features-offsets.sym diff --git a/sysdeps/riscv/cpu-features.c b/sysdeps/riscv/cpu-features.c new file mode 100644 index 0000000000..beca59fe17 --- /dev/null +++ b/sysdeps/riscv/cpu-features.c @@ -0,0 +1,46 @@ +/* Initialize CPU feature data. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _CPU_FEATURES_RISCV_H +#define _CPU_FEATURES_RISCV_H + +# define TUNABLE_NAMESPACE cpu +# include + +# ifdef __riscv_landing_pad +extern void TUNABLE_CALLBACK (set_riscv_cfi_lp) (tunable_val_t *) + attribute_hidden; +# endif +# ifdef __riscv_shadow_stack +extern void TUNABLE_CALLBACK (set_riscv_cfi_ss) (tunable_val_t *) + attribute_hidden; +# endif + +static inline void +init_cpu_features (void) +{ +# ifdef __riscv_landing_pad + TUNABLE_GET (riscv_cfi_lp, tunable_val_t *, + TUNABLE_CALLBACK (set_riscv_cfi_lp)); +# endif +# ifdef __riscv_shadow_stack + TUNABLE_GET (riscv_cfi_ss, tunable_val_t *, + TUNABLE_CALLBACK (set_riscv_cfi_ss)); +# endif +} +#endif /* _CPU_FEATURES_RISCV_H */ diff --git a/sysdeps/riscv/cpu-tunables.c b/sysdeps/riscv/cpu-tunables.c new file mode 100644 index 0000000000..e84dcf2414 --- /dev/null +++ b/sysdeps/riscv/cpu-tunables.c @@ -0,0 +1,50 @@ +/* RISC-V CPU feature tuning. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#define TUNABLE_NAMESPACE cpu +#include +#include +#include + +#ifdef __riscv_landing_pad +attribute_hidden +void +TUNABLE_CALLBACK (set_riscv_cfi_lp) (tunable_val_t *valp) +{ + if (tunable_strcmp_cte (valp, "permissive")) + GL(dl_riscv_feature_control).lp = cfi_permissive; + else if (tunable_strcmp_cte (valp, "off")) + GL(dl_riscv_feature_control).lp = cfi_always_off; + else + GL(dl_riscv_feature_control).lp = cfi_always_on; +} +#endif + +#ifdef __riscv_shadow_stack +attribute_hidden +void +TUNABLE_CALLBACK (set_riscv_cfi_ss) (tunable_val_t *valp) +{ + if (tunable_strcmp_cte (valp, "permissive")) + GL(dl_riscv_feature_control).ss = cfi_permissive; + else if (tunable_strcmp_cte (valp, "off")) + GL(dl_riscv_feature_control).ss = cfi_always_off; + else + GL(dl_riscv_feature_control).ss = cfi_always_on; +} +#endif diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index d1d57b738b..5307a8c4c0 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -15,6 +15,7 @@ License along with the GNU C Library; if not, see . */ +#include "feature-control.h" #include #include #include @@ -22,8 +23,39 @@ #include #include +struct dl_cfi_info +{ + const char *program; + + /* Check how lp and ss should be enabled. */ +#ifdef __riscv_landing_pad + enum dl_riscv_cfi_control enable_lp_type; +#endif +#ifdef __riscv_shadow_stack + enum dl_riscv_cfi_control enable_ss_type; +#endif + + /* Previously enabled features. */ + unsigned int feature_1_enabled; + + /* Features that should be enabled. */ + unsigned int enable_feature_1; + + /* If there are any legacy shared object. */ + unsigned int feature_1_legacy; + + /* Which shared object is the first legacy shared object. */ +#ifdef __riscv_landing_pad + unsigned int feature_1_legacy_lp; +#endif +#ifdef __riscv_shadow_stack + unsigned int feature_1_legacy_ss; +#endif +}; + + static void -dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) +dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) { /* Iterate through the dependencies and disable if needed here */ struct link_map *l = NULL; @@ -42,32 +74,150 @@ dl_check_legacy_object (struct link_map *m, unsigned int *feature_1) /* Skip check for ld.so since it has the features enabled. The features will be disabled later if they are not enabled in executable. */ - if (l == &GL(dl_rtld_map) - || l->l_real == &GL(dl_rtld_map)) + if (is_rtld_link_map (l) + || is_rtld_link_map (l->l_real) + || (info->program != NULL && l == m)) continue; #endif /* SHARED */ - *feature_1 &= l->l_riscv_feature_1_and; + info->enable_feature_1 &= ((l->l_riscv_feature_1_and + & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)) + | ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); + + /* Bookkeeping legacy objects */ +#ifdef __riscv_landing_pad + if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) == 0 + && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + != (info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)) + ) + { + info->feature_1_legacy_lp = i; + info->feature_1_legacy |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif +#ifdef __riscv_shadow_stack + if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) == 0 + && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + != (info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)) + ) + { + info->feature_1_legacy_ss = i; + info->feature_1_legacy |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif } + + /* Keep bits set if cfi_always_on */ +#ifdef __riscv_landing_pad + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0 + && info->enable_lp_type == cfi_always_on) + { + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif +#ifdef __riscv_shadow_stack + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0 + && info->enable_ss_type == cfi_always_on) + { + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif } #ifdef SHARED static void -dl_cfi_check_startup (struct link_map *m, unsigned int *feature_1) +dl_cfi_check_startup (struct link_map *m, struct dl_cfi_info *info) { - /* FIXME: Add tunables here */ - if (!*feature_1) - return; - dl_check_legacy_object (m, feature_1); +# ifdef __riscv_landing_pad + if (info->enable_lp_type == cfi_always_on) + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + else if (info->enable_lp_type == cfi_always_off) + info->enable_feature_1 &= ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + else + info->enable_feature_1 &= ((m->l_riscv_feature_1_and + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + | ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); +# endif +# ifdef __riscv_shadow_stack + if (info->enable_ss_type == cfi_always_on) + info->enable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + else if (info->enable_ss_type == cfi_always_off) + info->enable_feature_1 &= ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + else + info->enable_feature_1 &= ((m->l_riscv_feature_1_and + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + | ~GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); +# endif + + if (info->enable_feature_1 != 0) + dl_check_legacy_object (m, info); /* Update GL(dl_riscv_feature_1) */ - GL(dl_riscv_feature_1) = *feature_1; + if (info->enable_feature_1 ^ info->feature_1_enabled) { + info->feature_1_enabled = info->enable_feature_1; + GL(dl_riscv_feature_1) = info->enable_feature_1; + } } #endif /* SHARED */ static void -dl_cfi_check_dlopen (struct link_map *m) +dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) { + if (info->enable_feature_1 != 0) { + dl_check_legacy_object(m, info); + + if (info->feature_1_legacy == 0) + return; + } + + unsigned int disable_feature_1 = 0; + unsigned int legacy_obj = 0; + const char *msg = NULL; + +#ifdef __riscv_landing_pad + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0 + && (info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) != 0) + { + if (info->enable_lp_type != cfi_permissive || !SINGLE_THREAD_P) + { + legacy_obj = info->feature_1_legacy_lp; + msg = N_("rebuild shared object with landing pad support"); + } + else + disable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; + } +#endif + +#ifdef __riscv_shadow_stack + if ((info->feature_1_enabled & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0 + && (info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) != 0) + { + if (info->enable_ss_type != cfi_permissive || !SINGLE_THREAD_P) + { + legacy_obj = info->feature_1_legacy_ss; + msg = N_("rebuild shared object with shadow stack support"); + } + else + disable_feature_1 |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; + } +#endif + + if (msg != NULL) + _dl_signal_error (0, m->l_initfini[legacy_obj]->l_name, "dlopen", msg); + + if (disable_feature_1 != 0) + // FIXME: Disable CFI here + int res = -1; + if (res) + { + msg = N_("can't disable CFI feature"); + _dl_signal_error (-res, m->l_initfini[legacy_obj]->l_name, + "dlopen", msg); + } + GL(dl_riscv_feature_1) &= ~disable_feature_1; + } } attribute_hidden void @@ -89,20 +239,61 @@ _dl_cfi_check (struct link_map *l, const char *program) { /* As this point we have parsed the gnu properties, for dynamic binary we should verify the dependencies here. */ - /* FIXME: Implement different policy for supporting legacy binaries */ - unsigned int feature_1; + struct dl_cfi_info info; #if defined SHARED && defined RTLD_START_ENABLE_RISCV_CFI if (program) { GL(dl_riscv_feature_1) = l->l_riscv_feature_1_and; - feature_1 = l->l_riscv_feature_1_and; } #endif /* SHARED */ + unsigned int supported_exts = 0; + unsigned int always_on_exts = 0; + +#ifdef __riscv_landing_pad + info.enable_lp_type = GL(dl_riscv_feature_control).lp; + supported_exts += 1; + always_on_exts += (info.enable_lp_type == cfi_always_on); +#endif +#ifdef __riscv_shadow_stack + info.enable_ss_type = GL(dl_riscv_feature_control).ss; + supported_exts += 1; + always_on_exts += (info.enable_ss_type == cfi_always_on); +#endif + + info.feature_1_enabled = GL(dl_riscv_feature_1); + + /* No legacy check needed if all cfi exts are always on in main */ + if (program && (supported_exts == always_on_exts)) + return; + + /* No legacy check needed if all cfi exts are off */ + if (info.feature_1_enabled == 0) + return; + + info.program = program; + + info.enable_feature_1 = 0; +#ifdef __riscv_landing_pad + if (info.enable_lp_type != cfi_always_off) + info.enable_feature_1 |= (info.feature_1_enabled + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); + info.feature_1_legacy_lp = 0; +#endif +#ifdef __riscv_shadow_stack + if (info.enable_ss_type != cfi_always_off) + info.enable_feature_1 |= (info.feature_1_enabled + & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); + info.feature_1_legacy_ss = 0; +#endif + + info.feature_1_enabled = GL(dl_riscv_feature_1); + info.feature_1_legacy = 0; + #ifdef SHARED if (program) - dl_cfi_check_startup (l, &feature_1); + dl_cfi_check_startup (l, &info); else #endif /* SHARED */ - dl_cfi_check_dlopen (l); + dl_cfi_check_dlopen (l, &info); } diff --git a/sysdeps/riscv/dl-get-cpu-features.c b/sysdeps/riscv/dl-get-cpu-features.c new file mode 100644 index 0000000000..23da13d52d --- /dev/null +++ b/sysdeps/riscv/dl-get-cpu-features.c @@ -0,0 +1,27 @@ +/* Initialize CPU feature data. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +#ifdef SHARED +# include +void +_dl_riscv_init_cpu_features (void) +{ + init_cpu_features (); +} +#endif diff --git a/sysdeps/riscv/dl-machine.h b/sysdeps/riscv/dl-machine.h index 94ca0dcc35..b2a013e78a 100644 --- a/sysdeps/riscv/dl-machine.h +++ b/sysdeps/riscv/dl-machine.h @@ -41,6 +41,7 @@ extern void _dl_cfi_setup_features (unsigned int features); #else # define SET_LPAD #endif +extern void _dl_riscv_init_cpu_features (void); #ifndef _RTLD_PROLOGUE # define _RTLD_PROLOGUE(entry) \ @@ -152,6 +153,24 @@ elf_machine_dynamic (void) #define ARCH_LA_PLTENTER riscv_gnu_pltenter #define ARCH_LA_PLTEXIT riscv_gnu_pltexit +/* We define an initialization function. This is called very early in + _dl_sysdep_start. */ +#define DL_PLATFORM_INIT dl_platform_init () + +static inline void __attribute__ ((unused)) +dl_platform_init (void) +{ + if (GLRO(dl_platform) != NULL && *GLRO(dl_platform) == '\0') + /* Avoid an empty string which would disturb us. */ + GLRO(dl_platform) = NULL; + +#ifdef SHARED + /* init_cpu_features which has been called early from __libc_start_main in + static executable. */ + _dl_riscv_init_cpu_features (); +#endif +} + /* Bias .got.plt entry by the offset requested by the PLT header. */ #define elf_machine_plt_value(map, reloc, value) (value) diff --git a/sysdeps/riscv/dl-procruntime.c b/sysdeps/riscv/dl-procruntime.c index b8fbcd87e7..b1c095cf10 100644 --- a/sysdeps/riscv/dl-procruntime.c +++ b/sysdeps/riscv/dl-procruntime.c @@ -57,4 +57,21 @@ PROCINFO_CLASS unsigned int _dl_riscv_feature_1 # else , # endif + +# if !defined PROCINFO_DECL && defined SHARED + ._dl_riscv_feature_control +# else +PROCINFO_CLASS struct dl_riscv_feature_control _dl_riscv_feature_control +# endif +# ifndef PROCINFO_DECL += { + .lp = cfi_always_on, + .ss = cfi_always_on, + } +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif #endif diff --git a/sysdeps/riscv/dl-tunables.list b/sysdeps/riscv/dl-tunables.list new file mode 100644 index 0000000000..9260cb40ba --- /dev/null +++ b/sysdeps/riscv/dl-tunables.list @@ -0,0 +1,27 @@ +# RISC-V specific tunables. +# Copyright (C) 2025 Free Software Foundation, Inc. +# This file is part of the GNU C Library. + +# The GNU C Library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# The GNU C Library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with the GNU C Library; if not, see +# . + +glibc { + cpu { + riscv_cfi_lp { + type: STRING + } + riscv_cfi_ss { + type: STRING + } +} diff --git a/sysdeps/riscv/feature-control.h b/sysdeps/riscv/feature-control.h new file mode 100644 index 0000000000..a14dfe5519 --- /dev/null +++ b/sysdeps/riscv/feature-control.h @@ -0,0 +1,42 @@ +/* RISC-V feature tuning. + This file is part of the GNU C Library. + Copyright (C) 2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _RISCV_FEATURE_CONTROL_H +#define _RISCV_FEATURE_CONTROL_H + +/* For each CFI feature, LP and SS, valid control values. */ +enum dl_riscv_cfi_control +{ + /* Enable CFI features based on ELF property note. */ + cfi_elf_property = 0, + /* Always enable CFI features. */ + cfi_always_on, + /* Always disable CFI features. */ + cfi_always_off, + /* Enable CFI features permissively. */ + cfi_permissive +}; + +struct dl_riscv_feature_control +{ + enum dl_riscv_cfi_control lp : 2; + enum dl_riscv_cfi_control ss : 2; +}; + +#endif /* feature-control.h */ + diff --git a/sysdeps/riscv/ldsodefs.h b/sysdeps/riscv/ldsodefs.h index 7e22d64102..5aa4acc47d 100644 --- a/sysdeps/riscv/ldsodefs.h +++ b/sysdeps/riscv/ldsodefs.h @@ -20,6 +20,7 @@ #define _RISCV_LDSODEFS_H 1 #include +#include struct La_riscv_regs; struct La_riscv_retval; diff --git a/sysdeps/riscv/libc-start.c b/sysdeps/riscv/libc-start.c new file mode 100644 index 0000000000..0f7ce35c85 --- /dev/null +++ b/sysdeps/riscv/libc-start.c @@ -0,0 +1,31 @@ +/* Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef SHARED + +/* Mark symbols hidden in static PIE for early self relocation to work. */ +# if BUILD_PIE_DEFAULT +# pragma GCC visibility push(hidden) +# endif +# include +# include + +# define ARCH_INIT_CPU_FEATURES() init_cpu_features () + +#endif /* !SHARED */ +#include + diff --git a/sysdeps/riscv/libc-start.h b/sysdeps/riscv/libc-start.h index 7b898f5308..5bb3ecb84d 100644 --- a/sysdeps/riscv/libc-start.h +++ b/sysdeps/riscv/libc-start.h @@ -31,6 +31,15 @@ get_cfi_feature (void) { unsigned int cfi_feature = 0; /* FIXME: check if cfi feature is supported by CPU */ + +#ifdef __riscv_landing_pad + if (GL(dl_riscv_feature_control).lp != cfi_always_off) + cfi_feature |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif +#ifdef __riscv_shadow_stack + if (GL(dl_riscv_feature_control).ss != cfi_always_off) + cfi_feature |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif struct link_map *main_map = _dl_get_dl_main_map (); /* Scan program headers backward to check PT_GNU_PROPERTY early for @@ -43,9 +52,7 @@ get_cfi_feature (void) _dl_process_pt_gnu_property (main_map, -1, &ph[-1]); /* Enable landing pad and shstk only if they are enabled on a static executable. */ - /* FIXME: change to &= to mask off other features after cpu_feature - is implemented */ - cfi_feature = (main_map->l_riscv_feature_1_and + cfi_feature &= (main_map->l_riscv_feature_1_and & (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); From patchwork Mon Oct 27 04:26:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122671 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 69EFA385B511 for ; Mon, 27 Oct 2025 04:43:15 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by sourceware.org (Postfix) with ESMTPS id 3D15B3858C41 for ; Mon, 27 Oct 2025 04:27:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3D15B3858C41 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3D15B3858C41 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::531 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539221; cv=none; b=QoCLa6IkrpY2e88XibU4VZJkxK6Ac6spz1TdCOvRO8xmkvRVKyjkQJWddr5EjmMYhAHe0PDoGSBFVuIdCAzIKk7qWVuJjYSmuEemBGL5AewKhQ34zMmhiIQMXsPWzIh6ZQubm3Eagv/Qn0/VOvWww9DEaZRk+ipoUXKdbGEI1Aw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539221; c=relaxed/simple; bh=m9PPpXUMEne9Ke2XtsfF++zxyoOMz3DQDomBj0aFETI=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=kLJiw417cFnpudpewR91Qkg+FU4Fk1b1pxRvlvUZlP6zW8/rPO5rwtdvKmcsaxwPNRAkgjUSSll72J0nkgw2GGgUAr5kuViute4K5Zi+vTSKn3t/7tLFK3NpvEAv3YpeBtEusFc6RBr8TZeS6UhPdTk3ZDNaD4mpmQ6f1EPt9S8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3D15B3858C41 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=MtT0rSpp Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-b6cea7c527bso4094161a12.3 for ; Sun, 26 Oct 2025 21:27:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539220; x=1762144020; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wPJEtQqKPUIqIVS7N75bmCC9X5GxDg0kQauzfavcFfc=; b=MtT0rSppRB+3jJj8nX9xSizs8dARJW4Eax9puNtzSusSRB164rbfj1teEbIbg2WztW 8tJZyZwWk3d54MnnI6yLMiMqZtgoIcV2+h9uQFyBJnPEpCyC1diQiN1juaWfNFUoyJL7 kWahDjbHy/piZCnVP3XFZ8pPPg9VOXOw4gE3m5/ceogcg5AF6wup3IiP1dJk9nZgNhWP WJmTcCkIlAatqYVmswlcVcHWavbPT4QJ0ytTC7/DI0BUk6FjPKW0hCzq4GccbRKKEi/w kWLTJ73f7x86FdRhCDw9/Y/FIOAhDzb3XuH58I/zmHWvNxiiA/YLcSdSKQkFayeVsBnf LPmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539220; x=1762144020; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wPJEtQqKPUIqIVS7N75bmCC9X5GxDg0kQauzfavcFfc=; b=wsRwisPBz/GMfl6BhwZsW5PNHVOBs6zELbMMt6Cg1XPoMCBEvPMSbQYK6HfKlixhZh 4T0q8jo9mGkej0lu4Z7diCIzA5GkqsZ8+2jeLyYkTqlyjqwcK8nIYTgk9mCGqhgmIZxR TBixoQctQOi10+qyF/BI8IZ1ovofawfJaHVs2Js+rmszufh2De2SI7Ak2Uk+CuqBhgEH ATtE6gcky+UaEAuJSTPYSR7o3qAuf5wLRMuWUzaPNKIOhkVz2qExxz3K3NW+npmO+uil wgzNPGKZhDisEd+4ywSLe582S5k11pOLF6G9u0g0DjjRcOoy+hFt9j1vPE8hM6o0H8/E pJBg== X-Gm-Message-State: AOJu0YwEciApSN8YuedvPBuYQiCg1k/VoDV27kGjwMm2YwQOXsukrEDk Ie4xcBNOmViI61DgIBuYT51NtMiIH9/okN5+hb/EISu5vdi7yw1kOtcINcxCLomtlawgfpSunoo /ZNaGXw7iOQE2W9EntOSQ9fzcw16Ybl5/EoKOMRE1oSoH6CcNY1A8Q7FoSkYsyEE/e9DBixp9/Y IMLIVQLWshK1R8bRNfMnzYVnlqcbOZvmcuQ1dGuzOCtwrVOFFTgGA= X-Gm-Gg: ASbGncvSD4kKDtjHaBatiwGoGm96kSX7nIlIGP+MhCkRSrQqtHQYlGqpbF/11cxOL2l 9xDgj1NgtJ3R+te9JGvd/zE8bYrYysROhINFZgXVY2veq7GVb9yfggIrqy7x7kZKSiIsD9ZD0bL /Sdb4tnmWJsSB+VV8TqCMVIqUaCkg+KLtGEsPuzvqCRlr5YwVR7RhwzDVX41s4aRADxXFxC3+PZ Z3DqXY+MuvcejvwU++qXYCfJwwc1j7eepz+VTXqjlUKwcPFLgkRN0TKFZDnQ/ZakXljPB1y6uo9 nsX6fTUq21SW3xC4QneE5/C5YbSlG3XbIztF6oVaC7MogGOwazKTNKNkijGRhtIE/lY9V/FLTLI x7mNwrpc3R0kULFiAq+Wup1/d+dbih8waUT1X9YVVIA0uCG9qVKrFdotZFRSB9/2Y4vykaqZEau lzpxk0kPdHF9E/HtfOpCiwW8SXpS7OdP0eEGPF5rwWOyV/+BsTWwuqOhsdf1pxBUG8AbgThGL1E hvNwJw1Kns2wWkDp7ws X-Google-Smtp-Source: AGHT+IHiB4yPILOUj62vvDj8jvSlT8jiSgTa0f1pBJQaukQqjirW5d1WkOHtohRllKitN0aMY1v6/A== X-Received: by 2002:a17:90b:2690:b0:33b:b453:c900 with SMTP id 98e67ed59e1d1-33bcf8e3d67mr49152425a91.19.1761539219698; Sun, 26 Oct 2025 21:26:59 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:26:59 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 10/16] riscv/cfi: Adjust setjmp/longjmp for shadow stack to work Date: Sun, 26 Oct 2025 21:26:28 -0700 Message-Id: <20251027042634.2665717-11-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Since longjmp to a previous setjmp'ed state could change the stack frame and involves stack frame unwinding, shadow stacks is also required to be unwinded. The unwinding is implemented according to the zicfiss spec by increasing the ssp by a page size (4K) at most, to prevent from accidentally point to another legal shadow stack page after the adjustment. Shadow stack pointer is stored in to a wrapped sigset_t, by defining within an union, we can avoid changing the size of sigset_t hence jmp_buf. --- sysdeps/riscv/Makefile | 4 + sysdeps/riscv/__longjmp.S | 30 +++++++ sysdeps/riscv/setjmp.S | 7 ++ sysdeps/unix/sysv/linux/riscv/jmp_buf-ssp.sym | 7 ++ sysdeps/unix/sysv/linux/riscv/setjmpP.h | 78 +++++++++++++++++++ 5 files changed, 126 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/riscv/jmp_buf-ssp.sym create mode 100644 sysdeps/unix/sysv/linux/riscv/setjmpP.h diff --git a/sysdeps/riscv/Makefile b/sysdeps/riscv/Makefile index b1f074a3eb..94e224615c 100644 --- a/sysdeps/riscv/Makefile +++ b/sysdeps/riscv/Makefile @@ -11,6 +11,10 @@ endif # of some assembler macros. ASFLAGS-.os += $(pic-ccflag) +ifeq ($(subdir),setjmp) +gen-as-const-headers += jmp_buf-ssp.sym +endif + ifeq (no,$(riscv-r-align)) ASFLAGS-.os += -Wa,-mno-relax ASFLAGS-.o += -Wa,-mno-relax diff --git a/sysdeps/riscv/__longjmp.S b/sysdeps/riscv/__longjmp.S index 47ff3aa09e..1c284cf57d 100644 --- a/sysdeps/riscv/__longjmp.S +++ b/sysdeps/riscv/__longjmp.S @@ -18,6 +18,7 @@ #include #include +#include ENTRY (__longjmp) LPAD @@ -51,6 +52,35 @@ ENTRY (__longjmp) FREG_L fs11,14*SZREG+11*SZFREG(a0) #endif +#ifdef __riscv_shadow_stack + /* skip unwinding if ss is not enabled */ + ssrdp t0 + beqz t0, .Lunwind_fin + REG_L t1, SSP_OFFSET(a0) +.Lunwind: + bleu t1, t0, .Lunwind_fin + /* Increase ssp by at most a page size to ensure always run into a + guard page before accidentally point to another legal shadow stack + page */ + /* t0 = (t1 - t0 >= 4096) ? t0 + 4096 : t1 */ + lui a0, 1 + add t0, t0, a0 + bleu t0, t1, 1f + mv t0, t1 +1: + csrw ssp, t0 + /* Test if the location pointed by ssp is legal */ + sspush x5 + sspopchk x5 + j .Lunwind +.Lunwind_fin: + seqz a0, a1 + add a0, a0, a1 # a0 = (a1 == 0) ? 1 : a1 + /* Use indirect branch if CFI is enabled */ + mv t1, ra + jr t1 +#endif + seqz a0, a1 add a0, a0, a1 # a0 = (a1 == 0) ? 1 : a1 ret diff --git a/sysdeps/riscv/setjmp.S b/sysdeps/riscv/setjmp.S index df048cb544..858829d819 100644 --- a/sysdeps/riscv/setjmp.S +++ b/sysdeps/riscv/setjmp.S @@ -18,6 +18,7 @@ #include #include +#include ENTRY (_setjmp) LPAD @@ -61,6 +62,12 @@ ENTRY (__sigsetjmp) FREG_S fs11,14*SZREG+11*SZFREG(a0) #endif +#ifdef __riscv_shadow_stack + /* read ssp into t0 */ + ssrdp t0 + REG_S t0, SSP_OFFSET(a0) +#endif + #if !IS_IN (libc) && IS_IN (rtld) /* In ld.so we never save the signal mask. */ li a0, 0 diff --git a/sysdeps/unix/sysv/linux/riscv/jmp_buf-ssp.sym b/sysdeps/unix/sysv/linux/riscv/jmp_buf-ssp.sym new file mode 100644 index 0000000000..bf944969f7 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/jmp_buf-ssp.sym @@ -0,0 +1,7 @@ +#include +#include +#undef __saved_mask + +-- +SSP_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__ssp) +SSP_BASE_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__ssp_base) diff --git a/sysdeps/unix/sysv/linux/riscv/setjmpP.h b/sysdeps/unix/sysv/linux/riscv/setjmpP.h new file mode 100644 index 0000000000..3c3d1d4c03 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/setjmpP.h @@ -0,0 +1,78 @@ +/* Internal header file for . Linux/risc-v version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _SETJMPP_H +#define _SETJMPP_H 1 + +#include +#include +#include + +/* Number of bits per long. */ +#define _JUMP_BUF_SIGSET_BITS_PER_WORD (8 * sizeof (unsigned long int)) +/* This holds the number of signals, 512 should be sufficient for future. + expansion */ +#define _JUMP_BUF_SIGSET_NSIG 512 +/* Number of longs to hold all signals. */ +#define _JUMP_BUF_SIGSET_NWORDS \ + (ALIGN_UP (_JUMP_BUF_SIGSET_NSIG, _JUMP_BUF_SIGSET_BITS_PER_WORD) \ + / _JUMP_BUF_SIGSET_BITS_PER_WORD) + +typedef struct + { + unsigned long int __val[_JUMP_BUF_SIGSET_NWORDS]; + } __jmp_buf_sigset_t; + +typedef union + { + __sigset_t __saved_mask_compat; + struct + { + __jmp_buf_sigset_t __saved_mask; + /* Used for shadow stack pointer. NB: Shadow stack pointer + must have the same alignment as __saved_mask. Otherwise + offset of __saved_mask will be changed. */ + unsigned long int __ssp; + unsigned long int __ssp_base; + } __saved; + } __jmpbuf_arch_t; + +/* has + + NB: We use setjmp in thread cancellation and this saves the shadow + stack register, but __libc_unwind_longjmp doesn't restore the shadow + stack register since cancellation never returns after longjmp. */ +#undef __sigset_t +#define __sigset_t __jmpbuf_arch_t +#include +#undef __saved_mask +#define __saved_mask __saved_mask.__saved.__saved_mask + +#include + +typedef struct + { + unsigned long int __val[__NSIG_WORDS]; + } __sigprocmask_sigset_t; + +extern jmp_buf ___buf; +extern __typeof (___buf[0].__saved_mask) ___saved_mask; +_Static_assert (sizeof (___saved_mask) >= sizeof (__sigprocmask_sigset_t), + "size of ___saved_mask < size of __sigprocmask_sigset_t"); + +#endif /* setjmpP.h */ From patchwork Mon Oct 27 04:26:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122662 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 27CA43858419 for ; Mon, 27 Oct 2025 04:31:55 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 27CA43858419 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=O7B4W+1s X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by sourceware.org (Postfix) with ESMTPS id 62E4B3858C51 for ; Mon, 27 Oct 2025 04:27:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 62E4B3858C51 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 62E4B3858C51 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102e ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539222; cv=none; b=qlia7pvguEymy2THob3W9/tM2u6GzoncbMBKnS8CAoMEZJhUhDFyxvyhNRLuDbZNv/VfrYulIa+3Suy+tXvfapmIW+sMs9HMqA31kr3kwaM2EnWRCkZdX8imSfAZvKK2W3RPp/poIskbwQE9qaBLAN5UBYAVgqI+idu6KRgz5kU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539222; c=relaxed/simple; bh=IDuex62fGRy3qzI0gYznpOvm2ad8r+G2M/FQlcjusDQ=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=XCBvdwbrKMNJW5qSRJyvs8novwBwXNaW6ZgqGQZEhNOqQ82Fdqitdfu9wyMY5g0lSRrPBnc4z9eTyrkrSrx4W8nFiT3MtzhAlYg9Hvo3RC3Di/iV0PUvtC1ftjAOIIGCi9naQeu8Re6wO0bYjOyZaw+MggGFDN9Rw00YzUms9b0= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 62E4B3858C51 Received: by mail-pj1-x102e.google.com with SMTP id 98e67ed59e1d1-33292adb180so4284009a91.3 for ; Sun, 26 Oct 2025 21:27:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539221; x=1762144021; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Lt9BLu7omtRHKfVr4FqT44XasoCkJLUkemmnDoKbI8s=; b=O7B4W+1s9dkwZwbZ54/tvVSOAp16rIOIJXks0rLph0dpp9ZMFHxnBzDkx4hdTsDPbX wv9d23nZigNM6oD4hUg6PryVif48OVcmcMqKdZPFsh7edz+XHpiN2SVQcN2RWTAy3ORg bxC5UrCtJhRX/RG8KOWG6+OdsEWGxMO3enTbbMoNAm3dqswR10HJuarGk6azJOIJht2r C7amKSWx7wbVY7f212TMIF7uMioEt6BQYvijPIyYNcLCF8GLGvKIA+Ou1veGc4z7/FzU 8S3+gkceAOE+Ll+Iq7/Z0VhnRoQ5J1sQJs6QqPRlxPEasG8TgqLJQl6x7Qt0ufFM2bAx YY/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539221; x=1762144021; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lt9BLu7omtRHKfVr4FqT44XasoCkJLUkemmnDoKbI8s=; b=GtD2Y7UmJceFGR8XTOzjXf/51gAX/CNhWIm2eNtp/199Q50NuEeUqRiJOkMLMViJeh bKfDFdRgHNJ72CltaFuSpyDganZIFpJaSOnEO3z1tFsoTeZtwDY2nt/9BLWOuBzB9z2l gZJRntMOUInMWxlgqKUbhV1d5wLcVUNp6khQrM4/GHEq3IqpFTei9J8/rrMd1D13zC3U E7pHY5jPqxqyQHWQ2HwuuLcX0Q+dYoAVzW/5LlzGkjBBiAVYlLMyutQB6M34BftbdI7+ kXW3aSVc4bLUtKbHwsIn7Xm2eIyQWioPJsEMPQhA9CMl9JorwPD1DJBgAaW2Q45ZlC5l TRrA== X-Gm-Message-State: AOJu0Yzw2vohG4bcpsOxILE4CfwyPAdxMySArqYNsazN7Hi/5PypCKUC ZqymJryOlggrbjelMJZfQRkCsCQDvrOa5CB+eUcVXqRhxGyaynT++JIGhrzEu0/lqyuVFLcJYWB Wxy3QLauowTDhLxr1HYLZomB9eGrTQwS7JZxH4eSpAji4AW4+Az7s7fGNRsE5Xx/s3zIEB/Sw6E zOV5r2mn8rlL6Fb7bnfVb8DKMHnQIQ5hQAzhTv5tqhFanJm4aQck8= X-Gm-Gg: ASbGncvd0+X+YxngovQ+o7qvqnQQMwCsP7Ns3vCkWePS4xG32lCR3BpwVD8nG2ffELO V3j2TUdHrKD9AuddYsrJNNQdYEEv+T8d1GbFuqxFm8hRXa7K63eaaVVaiynwS2/kfraplaLfX4n o67bw6c5tqqCQ0BJX/QchXIIXKMcShG66VIwVH+T0rFiTZ0ghltoC5su5qGetGCwCmXxMWi/PLT xKrOwp6ezuYoEI9jdgP8A3nHa96UbLclZBO1SsjKyPZt9aASvUCrRQqzS4aglYQ8S0gu68AxYUc ft+6vlE97qFPf6O7yuULBFsF7aL8ieFdQoWW2HaLm/E7KCEAcnOkgM+FVE+/KUHmZxQZOZh1ILo zopbgxRbz7DD+cKhwnTStduZ99ncqjlyfoggEsSK9WJch6SPH5lGmxkbYEREN5P6ddgwp9e3CDp e4HGZPmGSJ70l0XKu7Ycqs43P2ta0rPpSDpk3LYhQEWTUuqLE9zN5mQIoR2TqIhIOC3CCB/23BS DqGEyprtN5K0PuAyK3moVlRQ+l2Uso= X-Google-Smtp-Source: AGHT+IHGeN7t8hx36Afo2sfXtC2YCW56Dj3AgiyKENefRh4ZT25k8WavRXSh8/o7w5KHHrgKV2KX6Q== X-Received: by 2002:a17:90b:4c05:b0:339:ec9c:b275 with SMTP id 98e67ed59e1d1-33bcf84e181mr50328430a91.6.1761539220847; Sun, 26 Oct 2025 21:27:00 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.26.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:00 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 11/16] riscv/cfi: Support locking/disabling CFI and move OS depedent code Date: Sun, 26 Oct 2025 21:26:29 -0700 Message-Id: <20251027042634.2665717-12-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- sysdeps/riscv/dl-cfi.c | 40 +++++++++++----- sysdeps/unix/sysv/linux/riscv/dl-cfi.h | 65 ++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 11 deletions(-) diff --git a/sysdeps/riscv/dl-cfi.c b/sysdeps/riscv/dl-cfi.c index 5307a8c4c0..d58d42e75d 100644 --- a/sysdeps/riscv/dl-cfi.c +++ b/sysdeps/riscv/dl-cfi.c @@ -57,7 +57,7 @@ struct dl_cfi_info static void dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) { - /* Iterate through the dependencies and disable if needed here */ + /* Iterate through the dependencies and record legacy objects */ struct link_map *l = NULL; unsigned int i; i = m->l_searchlist.r_nlist; @@ -86,7 +86,11 @@ dl_check_legacy_object (struct link_map *m, struct dl_cfi_info *info) | ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS)); - /* Bookkeeping legacy objects */ + /* Bookkeeping first found mismatch object for both lp/ss. + These information would only be used by dlopen check for now. + A dependency with a feature on will be record as legacy if the task + did not enable the feature, however it is safe because the following + check will only be performed if the task has the feature on. */ #ifdef __riscv_landing_pad if ((info->feature_1_legacy & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) == 0 && ((info->enable_feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) @@ -208,8 +212,8 @@ dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) _dl_signal_error (0, m->l_initfini[legacy_obj]->l_name, "dlopen", msg); if (disable_feature_1 != 0) - // FIXME: Disable CFI here - int res = -1; + { + int res = dl_cfi_disable_cfi (disable_feature_1); if (res) { msg = N_("can't disable CFI feature"); @@ -223,14 +227,29 @@ dl_cfi_check_dlopen (struct link_map *m, struct dl_cfi_info *info) attribute_hidden void _dl_cfi_setup_features (unsigned int feature_1) { - /* Since prctl could fail to enable some features - use prctl to get enabled features again and sync it back. */ + /* Enable features. Shadow stack is enabled earlier as it should + * be enabled in a function that never returns. */ +#ifdef __riscv_landing_pad + dl_cfi_enable_lp (feature_1); +#endif /* __riscv_landing_pad */ + + /* Since we could failed to enable some features, + get enabled features from system again and sync it back. */ + int status = dl_cfi_get_cfi_status (); + GL(dl_riscv_feature_1) = status | (GL(dl_riscv_feature_1) & + ~(GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS + | GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)); + + /* Lock features if set to always_on */ #ifdef __riscv_landing_pad - if (feature_1 & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) - INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, - PR_INDIR_BR_LP_ENABLE, 0, 0, 0); + if (GL(dl_riscv_feature_control).lp == cfi_always_on) + dl_cfi_lock_cfi (GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED); #endif /* __riscv_landing_pad */ - /* FIXME: Read enabled features from kernel and re-sync */ +#ifdef __riscv_shadow_stack + if (GL(dl_riscv_feature_control).ss == cfi_always_on) + dl_cfi_lock_cfi (GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS); +#endif /* __riscv_shadow_stack */ + /* FIXME: Should we terminate if failed to lock under always on mode? */ } /* Enable CFI for l and its dependencies. */ @@ -287,7 +306,6 @@ _dl_cfi_check (struct link_map *l, const char *program) info.feature_1_legacy_ss = 0; #endif - info.feature_1_enabled = GL(dl_riscv_feature_1); info.feature_1_legacy = 0; #ifdef SHARED diff --git a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h index 662a45817d..8bbb379fea 100644 --- a/sysdeps/unix/sysv/linux/riscv/dl-cfi.h +++ b/sysdeps/unix/sysv/linux/riscv/dl-cfi.h @@ -48,3 +48,68 @@ jal _dl_cfi_setup_features \n\ \n\ " + +static __always_inline int +dl_cfi_disable_cfi (unsigned int feature) { + int res = 0; +#ifdef __riscv_landing_pad + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + { + res = prctl (PR_SET_INDIR_BR_LP_STATUS, 0, 0, 0, 0); + if (res) + return res; + } +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + { + res |= prctl (PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (res) + return res; + } +#endif /* __riscv_shadow_stack */ + return 0; +} + +static __always_inline int +dl_cfi_lock_cfi (unsigned int feature) +{ + int res = 0; +#ifdef __riscv_landing_pad + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED) + res |= prctl (PR_LOCK_INDIR_BR_LP_STATUS, 0, 0, 0, 0); +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + if (feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS) + res |= prctl (PR_LOCK_SHADOW_STACK_STATUS, 0, 0, 0, 0); +#endif /* __riscv_shadow_stack */ + return res; +} + +static __always_inline int +dl_cfi_get_cfi_status (void) { + int status = 0; + unsigned long buf = 0; + int ret = 0; +#ifdef __riscv_landing_pad + ret = prctl (PR_GET_INDIR_BR_LP_STATUS, &buf, 0, 0, 0); + if (!ret && buf) + status |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED; +#endif /* __riscv_landing_pad */ +#ifdef __riscv_shadow_stack + ret = prctl (PR_GET_SHADOW_STACK_STATUS, &buf, 0, 0, 0); + if (!ret && buf) + status |= GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS; +#endif /* __riscv_shadow_stack */ + return status; +} + +#ifdef __riscv_landing_pad +static __always_inline int +dl_cfi_enable_lp (unsigned int feature) { + if (!(feature & GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED)) + return -1; + return INTERNAL_SYSCALL_CALL (prctl, PR_SET_INDIR_BR_LP_STATUS, + PR_INDIR_BR_LP_ENABLE, 0, 0, 0); +} +#endif /* __riscv_landing_pad */ From patchwork Mon Oct 27 04:26:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122661 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 919E73858D26 for ; Mon, 27 Oct 2025 04:30:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 919E73858D26 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=HwsDHn7/ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by sourceware.org (Postfix) with ESMTPS id AA71A3858287 for ; Mon, 27 Oct 2025 04:27:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AA71A3858287 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AA71A3858287 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539223; cv=none; b=L+/+E/4dGcWEnmFh/AxJ5xIyxkBGoVzKdPXut+IsdLCf/G5FXmTSWWvQwSlPWQngAjbmsxeeEVHlhWMVInw9FT3CHS1Q3GpDdt7xydRWecd401gGjfNe69eU9/x+gru5JljIrxyC/2YQKoXVA1rTSaWj9lucTsX3BWFT7e5ShLo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539223; c=relaxed/simple; bh=Mx2ZjKEyytDOvb2666gfPSvwO5SG/29gKVW7bEt5RoA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=iDbOMYeeNeNtZCPzT4wdAuDAaghvfl65BYeqipZhgfbIHOuK/CtgHfq6xVU3CkXscv9FBdGDv3EwrUN2pwMeO8nLDOezNN1MCV5yTBArwiMkS3L1H7WEbWIyBirlHzl9g0ltqFkoc6Kg3iIB/Te1yMx3rVV9qQwKNwdABVDvkvo= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AA71A3858287 Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-33d28dbced5so5229687a91.2 for ; Sun, 26 Oct 2025 21:27:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539222; x=1762144022; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+1mrk5gYUi+z/m1TaiyStJz6F4rJuo1CfMnmK2M9jAM=; b=HwsDHn7/WTGTUea+giy6izLMzIAC+1qcGFptBKoDzmwq8E0nDh9/9peHpxFrgQokbq 9XP6hz5E8RJk7wEkTlslKr8Khm+J+eBrr6W92oxsUtx6DMTAd6WWoD4elDYJViL4U/iG WGXt5XKY+VxfjGct1+sD0yelAzngvt2eSohjDauifvD94ml2XSHjNBdmLrlb25NZZSY0 9Ef5K1KHXCtRFcTtl+NcW8tuJKQ+ex8PibG+CUujSXAY8rOa9Tv9OX77EmDCuFgIgRGE KAYo2NoCLeY9yXimoQeXiTSkhd3R9vA6osNXvz5NR4my6dufu+SSC+FS2tO53XJgHsqL PUNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539222; x=1762144022; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+1mrk5gYUi+z/m1TaiyStJz6F4rJuo1CfMnmK2M9jAM=; b=lN5yLqLe0YNCXBu7mGsGV1P0k6zvOIrEWq/MbOl1M9y4tiAllyeQkHaYR7enGtgFys kQoNvR/RkMz2UVS77aQeUzKpHrGLT4VEa6JUTfs9IVzO88FBSTD41uHCpbzTBfuIDDex alDRC8D8UzOCJmltnslwFF19Z6vHiifgM6F195UmyMv2EqNh42xRPLTTnPAfxEQIhwhg n2vSck9oTQnPJD7hTRPBkf8UziijRS48lLscFaTNy4wr2RToHCQ4V4cUsx2CeZYoRajD aD68sEQF6SGwiPDoVCAHQ2+3qMg7nzHGo7xZ1Qlgu38Swlfcq5ocFZq8vgXs7pJlJqtc qVHA== X-Gm-Message-State: AOJu0Yypy5KF+bUjEUJGyqtWIzRFve640+zocZFt84bmtshULDpl1sq9 JtthwMeuGJxx2JqSymuPZPsdcmbvsXPiieuKBkS1ZQVyppiCFWgyjqkaqWY4pIEKA5++zkjFT+r GTZy+iFbPE2D2z5n4sSpv+v/A8ejMz+xYW0wRRLe5YQ/c9kwU1ZTCkUUJhqPi4hG0WtY98uM8P1 vT62GfGJEkuFG8KFQT3og+lQsjdKaSllGDlEPqMgkw2Gd3o98co/w= X-Gm-Gg: ASbGnctJuZGOlNvI4rsG5lLnscgOmgV0iBcfvkjLu5rCDcjvoBUQfpxQwchlEYUsWLl vr/O2gnlsIWsRZjrOqQuabdKgaloUyQwnCi62Jng6kWKGcTDeBQkRA92TWo47X78HhRObjoA2vN 3uWP52CF7qaOGukUvkO3Jp4Zzx1JiOCLuykI6mDmWRd6AQ5+T/a+Ao3cPWunOlw52F6rj8U3eqv DwwJLHI624qe5ce3RoLMWpvXZxMPS1v14+W0aUsGW5BRC+orCYvdMrYqVNTE/AbUQ/NuUYslhvP ITyFyjlySNODfrpOOW3L8iJLZP/R1Tl4Li5ZCQctzZL6W7AuRfBUmg9ilB+sUbIqdLXlfGdjKNr 6MmeVP12uQWANk4wF/idKVSV9xJx4i8b4Uw+hyN16PTPxDclu3ajCJjgrdPt71gaZG9s03i/v6R QQ6oceFUSTXSngRJbZaAbFm7fyujr27TGWMmo4X/TxatB2duCgvU0F3yTPBHpsY/LT5K1BI2ZYP XQacTrj6Bp/xUdXgZa9 X-Google-Smtp-Source: AGHT+IEsL+hMTMZGxaM9bbLwykUAqoBgGwlNQiS+F8sJEJ1CGZbtBjYIXHUfTUKfX8OLaRVNUkE4qA== X-Received: by 2002:a17:90b:2690:b0:33b:b453:c900 with SMTP id 98e67ed59e1d1-33bcf8e3d67mr49152573a91.19.1761539222218; Sun, 26 Oct 2025 21:27:02 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.27.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:01 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 12/16] riscv/cfi: Store shadow stack information in TLS Date: Sun, 26 Oct 2025 21:26:30 -0700 Message-Id: <20251027042634.2665717-13-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Switching between different ucontexts involves two cases, one is both sharing a same shadow stack, which requires a unwinding, and the other is both using a different shadow stack, which require a stack switch using shadow stack restore token. By storing shadow stack base in TLS and compare to the one stored in the context, we can tell the difference and perform the right action. --- sysdeps/riscv/nptl/Makefile | 1 + sysdeps/riscv/nptl/tcb-offsets.sym | 5 +++++ sysdeps/riscv/nptl/tls.h | 2 ++ 3 files changed, 8 insertions(+) create mode 100644 sysdeps/riscv/nptl/Makefile create mode 100644 sysdeps/riscv/nptl/tcb-offsets.sym diff --git a/sysdeps/riscv/nptl/Makefile b/sysdeps/riscv/nptl/Makefile new file mode 100644 index 0000000000..2b7bf43403 --- /dev/null +++ b/sysdeps/riscv/nptl/Makefile @@ -0,0 +1 @@ +gen-as-const-headers += tcb-offsets.sym diff --git a/sysdeps/riscv/nptl/tcb-offsets.sym b/sysdeps/riscv/nptl/tcb-offsets.sym new file mode 100644 index 0000000000..04a402acb5 --- /dev/null +++ b/sysdeps/riscv/nptl/tcb-offsets.sym @@ -0,0 +1,5 @@ +#include +#include +#include + +TLS_SSP_BASE_OFFSET offsetof (tcbhead_t, ssp_base) diff --git a/sysdeps/riscv/nptl/tls.h b/sysdeps/riscv/nptl/tls.h index 11a1b08972..1e7c26790b 100644 --- a/sysdeps/riscv/nptl/tls.h +++ b/sysdeps/riscv/nptl/tls.h @@ -44,6 +44,8 @@ typedef struct { dtv_t *dtv; void *private; + /* The marker for the current shadow stack. */ + unsigned long long int ssp_base; } tcbhead_t; /* This is the size of the initial TCB. Because our TCB is before the thread From patchwork Mon Oct 27 04:26:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122667 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A41423858287 for ; Mon, 27 Oct 2025 04:36:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A41423858287 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=lbpcMTcK X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id 537E33858D29 for ; Mon, 27 Oct 2025 04:27:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 537E33858D29 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 537E33858D29 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1031 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539225; cv=none; b=vWq2UohH4XemwDl4Gu8V533waCFFZKL9nI33Rl9GfBUFkhA73Lk4v/URu3rYtkKUE2OUwxQnyCvzy6/QWjMrRZCFszev9y15L8iaVJdXkyUJ2hYcPksEQ6ysXde8UUxNzeUxIlTwTEAmyhwyhBe5wwtGOttKGDu8hL2Qf6VEoO8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539225; c=relaxed/simple; bh=4HpJWWBzCXawIS3wBkqLXeG2YRbw2czAmjHejWF9i5s=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Frt0tWsHY0YpxKPnixifp1jkTPeuTiZ5dhjo0nRmltOQ3xy8Kfw6bgaT2RIgiNrBM9n0cBOmj6V35SDfFPLYBcHCozwhUp60yYOTRro8L080R8okO1NgtLPDqMhHqSs3fbpfTPBB7tLnC7//ru4KBIO6qXfZU3EmtZboNgCbSOE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 537E33858D29 Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-33bc2178d6aso3176561a91.0 for ; Sun, 26 Oct 2025 21:27:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539224; x=1762144024; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RbsiiuJRR9S/FtGM171wY+XcyFUnLo4B1WyrcJO3Sis=; b=lbpcMTcKD/+ii+2yIvjNhPcXu/0HfNudjL+V98gJuK1/HC3OzFZODvOGWxtG0vtvGn uJTek3Sh4KE8uUkt0r117vIfu6jERuj926njjXCDDozbI0XyZgrp1J2xF/nClwCc6rpD NSc4O1r8LLI2GMzrYi256A3oVRrkEFfJZGGoepnKQi/1ylrOjxK8oRq1q7JpAtdcp+c9 sQFipnERZPh79/Bm66zwvd2aO0N+pCtM0hToEeV9wWnnFuhCs8g75Xdqw6ypbBTfPqEZ bhuXUazHFOGkPjW/6EPtVyGH2eP7qa+ObUkef0gDcpFTDbWCR8RyIFCu3YKM8vVoTGiY 3kXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539224; x=1762144024; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RbsiiuJRR9S/FtGM171wY+XcyFUnLo4B1WyrcJO3Sis=; b=Ip4ErzL40ZiX4T/nRqEt/I+TiYuViAoqjHL8lhJpTAiGywlvGOZrF9BmKUrz+sMyQY uaz1mxo4oBfM9WGsF98UGbO6VsCF3TmbQP/lhmymJm0KsmUi9RXbAwQOlwbWTcK+lsBl NAv1e64O3YUbgkICdD30Ke0STCvEcUOifgpjMFTsJLw2OQDblh4cCy6EkhwrY5zKpO3j GZpOzGMZnQmLFS/IS5+iqdWlnb0B2qWQF4aIXkEWHWo3J3BlodopUhO0WOtvrA1lIB0W MxX9+QbcAQ01tKhqrzWGqzKuUP/ivixuOyIZF4WTA7vxXh7jYzY52bbVcWE6lxp1I8Dm FUkA== X-Gm-Message-State: AOJu0Ywa+LRgMH7TkrCUpMjfUGeba9llx1huz1Mfnq1E0Y34iqMlfunI Q0h1UPO0CJhVsKyfoWchxOqaVeRuLJxPQJCyVFI9pQeCBqbNIRro4Tid9VvT3eqnpjweYG8P4e7 0MOVV22JKZQpMqwPGKBJBHzyfNltmEISqO/jsfIOIemexx1pi3Eej1/t6/cOEflBd4c6SziBgGA as7+748HDLNdXxJqi2f8/Tcs4oZr0Qyg7bfxfZCjy8zwBtU9Gw/r0= X-Gm-Gg: ASbGncsVF6eGone1S/rNvfjXhC+LnH2jKUiVVY32raVYVIz8vh5BJnI83Xzuoi6zwL2 3c9p2HE/30cZCMwQPQP6fDJuDzWJn5uQWzu3pNnt4vsqlYd63tmYTYTaSWpi0izyWkNEuRzRUBB P8UQMivXXw8RkjeqLqGtIZHfsdgR6lO/r0hc2tbHGB+LHNtkf0lEF2UD099jVw3//Z1v8s6wuyI yl2fIV7rKFV0+4QHTfsjrgaD4lsNMbxc3TUQlokE+tvQx8vOk1yih+WS1aXcstaPzgfCySl9FlS tQZTzvD4RcSgdnbmlaTFoBW5091ekhVM9++wFVZvGJAehN6qcoDzBPXmdUhgUjT2pmXZ6fGCHP2 EwfaWP/WhF4EMF/ltm7bnE/cQj+mP2byNQiJkLBqA6PlceBoM8iOSe+gq27gV8w6tcduM9PBm7t IZ6FgnMb6seE8UjJtwOrBibl2+YwEG82oqlFQ/6jirgEfQ+Tx0hDfnp8ypvdoDREm4b9GpIGDd6 IcJhoVOCmCwNHw0y0YZ X-Google-Smtp-Source: AGHT+IFp3FjSxcLo4R0dbL2NII10j3myH/iXPkGU7W/mbkDTlOCfTx7qw8aKwjoS6b5lbSX8u0ThuQ== X-Received: by 2002:a17:90b:3503:b0:32e:4924:690f with SMTP id 98e67ed59e1d1-33fd65cc11fmr12526835a91.6.1761539223571; Sun, 26 Oct 2025 21:27:03 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.27.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:02 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Valentin Haudiquet Subject: [PATCH v3 13/16] riscv/cfi: Add __allocate_shadow_stack for mapping new shadow stack Date: Sun, 26 Oct 2025 21:26:31 -0700 Message-Id: <20251027042634.2665717-14-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Co-authored-by: Valentin Haudiquet --- sysdeps/unix/sysv/linux/riscv/Makefile | 1 + .../sysv/linux/riscv/allocate-shadow-stack.c | 55 +++++++++++++++++++ .../sysv/linux/riscv/allocate-shadow-stack.h | 25 +++++++++ sysdeps/unix/sysv/linux/riscv/bits/mman.h | 30 ++++++++++ sysdeps/unix/sysv/linux/riscv/sysdep.h | 2 + 5 files changed, 113 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c create mode 100644 sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h create mode 100644 sysdeps/unix/sysv/linux/riscv/bits/mman.h diff --git a/sysdeps/unix/sysv/linux/riscv/Makefile b/sysdeps/unix/sysv/linux/riscv/Makefile index 04abf226ad..e6b1a02c59 100644 --- a/sysdeps/unix/sysv/linux/riscv/Makefile +++ b/sysdeps/unix/sysv/linux/riscv/Makefile @@ -5,6 +5,7 @@ sysdep_headers += \ # sysdep_headers sysdep_routines += \ + allocate-shadow-stack \ flush-icache \ hwprobe \ # sysdep_routines diff --git a/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c new file mode 100644 index 0000000000..7e060e1fe3 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.c @@ -0,0 +1,55 @@ +/* Helper function to allocate shadow stack. + Copyright (C) 2023-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +/* NB: This can be treated as a syscall by caller. */ + +long int +__allocate_shadow_stack (size_t stack_size, + shadow_stack_size_t *child_stack) +{ +#ifdef __NR_map_shadow_stack + size_t shadow_stack_size + = stack_size >> STACK_SIZE_TO_SHADOW_STACK_SIZE_SHIFT; + /* Align shadow stack to 8 bytes. */ + shadow_stack_size = ALIGN_UP (shadow_stack_size, 8); + /* Since sigaltstack shares shadow stack with the current context in + the thread, add extra 20 stack frames in shadow stack for signal + handlers. */ + shadow_stack_size += 20 * 8; + void *shadow_stack = (void *)INLINE_SYSCALL_CALL + (map_shadow_stack, NULL, shadow_stack_size, SHADOW_STACK_SET_TOKEN); + /* Report the map_shadow_stack error. */ + if (shadow_stack == MAP_FAILED) + return -errno; + + /* Save the shadow stack base and size on child stack. */ + child_stack[0] = (uintptr_t) shadow_stack; + child_stack[1] = shadow_stack_size; + + return 0; +#else + return -ENOSYS; +#endif +} diff --git a/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h new file mode 100644 index 0000000000..9009ebdec7 --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/allocate-shadow-stack.h @@ -0,0 +1,25 @@ +/* Helper function to allocate shadow stack. + Copyright (C) 2023-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +typedef __typeof (((ucontext_t *) 0)->uc_sigmask.__saved.__ssp) \ + shadow_stack_size_t; + +extern long int __allocate_shadow_stack (size_t, shadow_stack_size_t *) + attribute_hidden; diff --git a/sysdeps/unix/sysv/linux/riscv/bits/mman.h b/sysdeps/unix/sysv/linux/riscv/bits/mman.h new file mode 100644 index 0000000000..683d45b72e --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/bits/mman.h @@ -0,0 +1,30 @@ +/* Definitions for POSIX memory map interface. Linux/risc-v version. + Copyright (C) 1997-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library. If not, see + . */ + +#ifndef _SYS_MMAN_H +# error "Never use directly; include instead." +#endif + +#ifdef __riscv_shadow_stack +# define SHADOW_STACK_SET_TOKEN 0x1 +#endif + +#include + +/* Include generic Linux declarations. */ +#include diff --git a/sysdeps/unix/sysv/linux/riscv/sysdep.h b/sysdeps/unix/sysv/linux/riscv/sysdep.h index 14a1f3a647..da28831655 100644 --- a/sysdeps/unix/sysv/linux/riscv/sysdep.h +++ b/sysdeps/unix/sysv/linux/riscv/sysdep.h @@ -207,6 +207,8 @@ GNU_PROPERTY (FEATURE_1_AND, __VALUE_FOR_FEATURE_1_AND) #else /* !__ASSEMBLER__ */ +# define STACK_SIZE_TO_SHADOW_STACK_SIZE_SHIFT 5 + # if __WORDSIZE == 64 # define VDSO_NAME "LINUX_4.15" # define VDSO_HASH 182943605 From patchwork Mon Oct 27 04:26:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122673 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AA8763857B98 for ; Mon, 27 Oct 2025 04:45:32 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AA8763857B98 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=FRA7Apf2 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 23F9E3857C4F for ; Mon, 27 Oct 2025 04:27:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 23F9E3857C4F Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 23F9E3857C4F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::530 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539226; cv=none; b=EBWjt1KZEAkkITBcFruxqV9MMeTPjrGytKtwo0gAkrMoDF3EeHU9mxJOA55sKT85R1+NHYQSPhfMwmCypyU59vdyPhmiDYXQRhW20gIIzWzZfelFlgq48xQwxPzhykxAKRNkBWQoC1vmhJcu9P1e2rVL4BRVQmgQ2+B90PHvV7U= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539226; c=relaxed/simple; bh=QARQ8iWhc2feVw8f82vyJd90ILaPFdxFLDlUZFZYRRA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=JNOkO2NqYvW3YQ7UEtvhM6FDqTxfoVs6NBYuKPce/xMEFLdVu3QdFBqbyECvzZRZFjpmOuqtB2+JTLo+O0yGHUE+5yg0QJVX0mO7vdIoC5eldv7MSm9297Qsyaq3JVA/oFMxOijH/QQJK5u0L6YK7rxMxSUHhzrB3dOPr6m2YB8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 23F9E3857C4F Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-b6cf07258e3so3050672a12.0 for ; Sun, 26 Oct 2025 21:27:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539225; x=1762144025; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2pdpMUijEdA9MXE3rEPQ8N5cvaiLeJW+fLW2q2F4u0g=; b=FRA7Apf2g5/wrRPF1qzJEKC+gKI+VvAq6S1oYyINLcuPoYvJfLa6sRoMnrhJDFs8gP XIny1ajbYgpB7zWbQHdI6geupsi1jRpsJtzQto4D+HMj/tISEj00/Xz0PKMja3KTB8f5 bMsnP/8U/9ng/1XTG9CgI5h0T66DejZPum5IP9S2eMrb/4dnD+cwF7Ewztx/QH0ENbGt mJgWFEoXZ7ptAQwHEr7sYbZcMRZmmSNXf9zb2fXMskyqhWBVkf6QxA+MlDVZRz1+20Xf hrEmfwF0oHvwQi/ZneNnHk4VrHn6WuDieKRPbJOrRPmUWbZKroeCbroiaTBwE3AbYBVB Ddsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539225; x=1762144025; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2pdpMUijEdA9MXE3rEPQ8N5cvaiLeJW+fLW2q2F4u0g=; b=SjsamZaGXUFIYLZ4VKpyRyE26+OxyywyqQQZAQxhoLvnYmQouQALRnjBcvxgMXlITk qnGKxy2mkgk36AsjQBvPUlM4ITdtXEmCpSe5ribl1gJkLyj8tLN+l6lCZsvgWHsx30N1 gZhzZIDIJ61N6vtZfEypHLizaoml5MC/mcLXuvavlesYNWI80y0BqLWZFbHNued5de7T weZV8pqGUkzP0d4Xq4j0eDkZ06KuxuVDEb8W9FNC+aWp7LKvsDJbkdHP29plCm8OC2gh RaMz51/inpSOcpjE+PzNVN0WuNXv+zrgZLqXZIzhQkskcMpHV6N8EAeS/Upx26JJxT6d jbhw== X-Gm-Message-State: AOJu0YxH8s/Wnt4eik5yxrPd35t0WYRRIHh3AluRJb5P0embJjbEiXzN PUsyXL+Kj0PeiH5wdfCK1SmVwDFxvSgm9cOn75QfTamYPh3jCejcQMCU/D6WLyg85ju63/LduLU norJW8f5sP/SE55wke+qjmJSsgQHbcdtpquSgji+FFnDHrC3hpTgn9O7yt9yTOWIBfvUZzVSNS1 klPx5RdRPkWQtgtZa4uY0lvzYoJ4fJGe0FFYtfmikUVxFyuZBwzzE= X-Gm-Gg: ASbGnctdTFxKfYtG7k/uNV567QyikFhAv/1VQikNyRwQ/fyQ1jsHEewE7S6ZoFZa78l 9oxkleYbCBQcXhHuBNSc6IawD9lvvc/i0m5VEWJgmzy95I2At/R81DXNpx9V8cl6llH3yn+Iyxt rjdR8mIO7dvNxRhn8Pql5PiPWRMCtkHDZb0FVStlkpHc+bYIP0sItJmfmD6TpcC2ObSlelRtGak ofRxJLHWWJBMzlvh50kIRPw4Xvw9rcmbx7magMz/f2BYhkPV++Ieluynf1pKwhLkgvGW6XRnZnv HUkCr0m0TKQiG1ZhfEfh7fuTsbyDlNNJ+E8X1fOdM0FmT8J6RrBDPRBKzaTplOghrLiXIm6YvVZ sWFRSJTCKPyikif7gNsS1TnVOoMjuw036+w1qV7fTvxqb0ZlRSnYnSp4rLoWG6DEwU7l+LsaQMW W6qLjehSgai+E7nWtua3fSnUb685n7S/D/cb5dZaLGci28ETKvpvYSORY7E1Tjoj9h/gO+sJ+eC XUXJfNHkJzTuD1clvAi X-Google-Smtp-Source: AGHT+IEUvPEzaeT8snUxzNUQMqxeKVFCx7oNSd5mgL8sa1E9tXL3lv714ZwjKb8m+i/ye70SnI+mxA== X-Received: by 2002:a17:903:3c24:b0:269:8f2d:5221 with SMTP id d9443c01a7336-290c9c89cd4mr403838655ad.9.1761539224534; Sun, 26 Oct 2025 21:27:04 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.27.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:04 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 14/16] riscv/cfi: Add __ssp_sigset_arch_t and use it for both ucontext/jmpbuf Date: Sun, 26 Oct 2025 21:26:32 -0700 Message-Id: <20251027042634.2665717-15-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- .../sysv/linux/riscv/bits/types/__sigset_t.h | 43 +++++++++++++++++++ sysdeps/unix/sysv/linux/riscv/setjmpP.h | 31 +------------ sysdeps/unix/sysv/linux/riscv/sys/ucontext.h | 6 +-- 3 files changed, 47 insertions(+), 33 deletions(-) create mode 100644 sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h diff --git a/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h b/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h new file mode 100644 index 0000000000..ff04596c3e --- /dev/null +++ b/sysdeps/unix/sysv/linux/riscv/bits/types/__sigset_t.h @@ -0,0 +1,43 @@ +/* Architecture-specific __sigset_t definition. RISC-V version. */ +#ifndef ____sigset_t_defined +#define ____sigset_t_defined + +#define _SIGSET_NWORDS (1024 / (8 * sizeof (unsigned long int))) +typedef struct +{ + unsigned long int __val[_SIGSET_NWORDS]; +} __sigset_t; + +#define ALIGN_DOWN(base, size) ((base) & -((__typeof__ (base)) (size))) +#define ALIGN_UP(base, size) ALIGN_DOWN ((base) + (size) - 1, (size)) + +/* Number of bits per long. */ +#define _SSP_SIGSET_BITS_PER_WORD (8 * sizeof (unsigned long int)) +/* This holds the number of signals, 512 should be sufficient for future. + expansion */ +#define _SSP_SIGSET_NSIG 512 +/* Number of longs to hold all signals. */ +#define _SSP_SIGSET_NWORDS \ + (ALIGN_UP (_SSP_SIGSET_NSIG, _SSP_SIGSET_BITS_PER_WORD) \ + / _SSP_SIGSET_BITS_PER_WORD) + +typedef struct + { + unsigned long int __val[_SSP_SIGSET_NWORDS]; + } __ssp_sigset_t; + +typedef union + { + __sigset_t __saved_mask_compat; + struct + { + __ssp_sigset_t __saved_mask; + /* Used for shadow stack pointer. NB: Shadow stack pointer + must have the same alignment as __saved_mask. Otherwise + offset of __saved_mask will be changed. */ + unsigned long int __ssp; + unsigned long int __ssp_base; + } __saved; + } __ssp_sigset_arch_t; + +#endif diff --git a/sysdeps/unix/sysv/linux/riscv/setjmpP.h b/sysdeps/unix/sysv/linux/riscv/setjmpP.h index 3c3d1d4c03..c4dfa7e6db 100644 --- a/sysdeps/unix/sysv/linux/riscv/setjmpP.h +++ b/sysdeps/unix/sysv/linux/riscv/setjmpP.h @@ -23,42 +23,13 @@ #include #include -/* Number of bits per long. */ -#define _JUMP_BUF_SIGSET_BITS_PER_WORD (8 * sizeof (unsigned long int)) -/* This holds the number of signals, 512 should be sufficient for future. - expansion */ -#define _JUMP_BUF_SIGSET_NSIG 512 -/* Number of longs to hold all signals. */ -#define _JUMP_BUF_SIGSET_NWORDS \ - (ALIGN_UP (_JUMP_BUF_SIGSET_NSIG, _JUMP_BUF_SIGSET_BITS_PER_WORD) \ - / _JUMP_BUF_SIGSET_BITS_PER_WORD) - -typedef struct - { - unsigned long int __val[_JUMP_BUF_SIGSET_NWORDS]; - } __jmp_buf_sigset_t; - -typedef union - { - __sigset_t __saved_mask_compat; - struct - { - __jmp_buf_sigset_t __saved_mask; - /* Used for shadow stack pointer. NB: Shadow stack pointer - must have the same alignment as __saved_mask. Otherwise - offset of __saved_mask will be changed. */ - unsigned long int __ssp; - unsigned long int __ssp_base; - } __saved; - } __jmpbuf_arch_t; - /* has NB: We use setjmp in thread cancellation and this saves the shadow stack register, but __libc_unwind_longjmp doesn't restore the shadow stack register since cancellation never returns after longjmp. */ #undef __sigset_t -#define __sigset_t __jmpbuf_arch_t +#define __sigset_t __ssp_sigset_arch_t #include #undef __saved_mask #define __saved_mask __saved_mask.__saved.__saved_mask diff --git a/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h b/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h index a572ec62ee..fb514c3be2 100644 --- a/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h +++ b/sysdeps/unix/sysv/linux/riscv/sys/ucontext.h @@ -23,7 +23,7 @@ #include -#include +#include #include typedef unsigned long int __riscv_mc_gp_state[32]; @@ -90,12 +90,12 @@ typedef struct ucontext_t unsigned long int __uc_flags; struct ucontext_t *uc_link; stack_t uc_stack; - sigset_t uc_sigmask; + __ssp_sigset_arch_t uc_sigmask; /* There's some padding here to allow sigset_t to be expanded in the future. Though this is unlikely, other architectures put uc_sigmask at the end of this structure and explicitly state it can be expanded, so we didn't want to box ourselves in here. */ - char __glibc_reserved[1024 / 8 - sizeof (sigset_t)]; + char __glibc_reserved[1024 / 8 - sizeof (__ssp_sigset_t)]; /* We can't put uc_sigmask at the end of this structure because we need to be able to expand sigcontext in the future. For example, the vector ISA extension will almost certainly add ISA state. We want From patchwork Mon Oct 27 04:26:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122665 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E5AC83857C67 for ; Mon, 27 Oct 2025 04:35:26 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E5AC83857C67 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=De/EsaC3 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by sourceware.org (Postfix) with ESMTPS id 73EE33858C20 for ; Mon, 27 Oct 2025 04:27:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 73EE33858C20 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 73EE33858C20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1033 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539227; cv=none; b=qgLfa6SzW62eGN2kLpRjCEv7QbMsE1ugBRxtYyEadpeIgWpiJlm/5GcabTH5Raw+tMLmG/G1VTnKEYxM5GSJTBMi8qbIEMTAam4RNRY+9euUxitC0Xbt0NQi+Tnp63sbC6h5SCSjEl+8vVV0fy2rTPES/XW9bMtmMGin1Ega8OM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539227; c=relaxed/simple; bh=i+kVuNLw9sGbZl/cfNYxSJ4TPkdQQMjKCNkqgr95fxs=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=vgt18gcNAkm6qa5ewlPVBYX4hG0W+k+s0mpL+0K1aKyXJ2YK9IKB/moL8cPoMO0nFhkX8LCOMtL8jc95J0HMwi2HwgPrOIiLkV9U99pebDb0iEftpzVTCl+7RFcKImFRhmj7RjNIiuFXsgN/TEjgLKPjJ1eU0dGf/hxgqlKjqnw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 73EE33858C20 Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-33292adb180so4284044a91.3 for ; Sun, 26 Oct 2025 21:27:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539226; x=1762144026; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BCBfmsg3qrdXt2rf07bfHwE1QMYRkXeFiMgyUXXkCo8=; b=De/EsaC3EUw7rcg6EPpzvSIabadk99hM/74pE1J/PTn4YZNWiSafFHpggEVkyEFoY3 om0SgOznnpovlm/+LRBCGSwKsw061KvqZ+eF0e6ni1xZBsWR1bYNvoA8J3kHW/kuPnPa wwCJoNb23G8k3XP5z50NbMoT8PQyOywN0BebaivRCLhQ5lz5NC4hA4SoEtksfnqjgHX9 2UibeUdNP0nx3Dc2cHHswPCLb5kWcKs86b2GdhxlJmvBCZ5FfwB4QheBW57eP2Jrp/bd 5lq5fYTr+MzgQGagHsF77u2pD8uGLn4K5g3tVJWGg+t0Fy0bPKnMveZFAwmiEuzwgM5E j9xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539226; x=1762144026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BCBfmsg3qrdXt2rf07bfHwE1QMYRkXeFiMgyUXXkCo8=; b=kIyYnCVCNgyx/3roojpaVQ3agUZHh/uNSVvmRa/5GS4WGJHgRSYHL3f4zjwWpRCCvd cHUkwsVXkmT5GnIWPyWrLwLyhYVedn4E1dQjeuygPpOu5sn/D4fpM/7ygQFiHY7rOvJW llrlTyA5D3OX+DfLtHD/Px+jpFtKZ0AcUG+KNvAfW/KoaAgKR/YD6xLp7aER332HycIE Or6zt455aqznLGiuaVdwuqE8UEQHKpc3M9XzOjfZIoI6zISCZ72XkAU2PRAnajukNDMo 8T6//xjQxnkIo0rljF/tfWZV3mjNcnSDQwt+AfIpBDLAnwvaGt5IEgcu7jfU3Xjq77v+ EcgA== X-Gm-Message-State: AOJu0YywTdEbeOjO8ezV9QPdCm4FKTVZomDAYek+muRQJV5EVdS2E71K YRPz+GTX7Z0TxuIKBAWvDzVqqLg6Y4HcmHs3Gb/RY4o0/VqzinKtHa+TX6DmU6y9V6oEHccN45n M4V0SFeWMxJWeQsCFTn/KvILLUPO9b0dDdmBq2D29moNLdhmiOSN3n8CfEpmCob7q55ZoY97A8l nFa8eAUvYvX6JJThRqy6PIC87silupRjmOObhLpY2X+bESR6Mu/H4= X-Gm-Gg: ASbGnctAMkJ52CkWldl8lfuujy0gMRdIRQ6iVedTo0Vo86kasqZ+mLy+ezwQciDQyXV oeulRBqmJGU8j9fn46MTEFgLMrTZR2xFUJ6DYYoHDMAej2gACDTHaF1DSwwVNPu2fho6VXdN4FI 1d7TtAVQhN6HzDce9aQ+IkoQ6izWlUmDPW8gQTNeNpVoAhhZi71xHyjucV0ITNjk3TJRCMfSqRb mxMB54wWksq4BMX1+9l0g/6wThrvXR47vYCt+sPWrYO+JsmPe3F+qsomhQidqllvVner5VeYLcH mezDywOXnW+tSSa/DWq7HltNgKekI+SlZeUhpog75IeRBpbsMsteSpmo1XfpaAg4DIKcuFxtov4 Gb6go2RtR4D+3e2K5zyKUGiBDXO+CZKvvimWHzMIIKZrZLtvCKSNe5jpHfKvJia9aDxw10bIg94 +rCzIbPaeIvc+OXbXQrCXpC0R5TqZ1GVtVidphus63Iiv4tAPgtDzXfQwCBiDtikxXOOOI6qBLa aT3HmAlCx1ZbI0nE4iwtxc8TC0Y+OY= X-Google-Smtp-Source: AGHT+IFU/fLBMk+7V8xnZbS2ESsmhjQr7NgqyKHv2wzlKdZ6JT2OjMkgGbRSZykTWQh7QtP6169csw== X-Received: by 2002:a17:90b:2789:b0:335:2a00:6842 with SMTP id 98e67ed59e1d1-33bcf8f7e1bmr52581174a91.26.1761539225772; Sun, 26 Oct 2025 21:27:05 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.27.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:05 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang , Nia Su Subject: [PATCH v3 15/16] riscv/cfi: Support ucontext under CFI Date: Sun, 26 Oct 2025 21:26:33 -0700 Message-Id: <20251027042634.2665717-16-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This patch adds support for shadow stack and landing pad to the ucontext library, shadow stack switches are protected by a shadow stack restore token which will be validated during the switch. Co-authored-by: Nia Su --- sysdeps/unix/sysv/linux/riscv/getcontext.S | 20 +++++ sysdeps/unix/sysv/linux/riscv/makecontext.c | 19 +++++ sysdeps/unix/sysv/linux/riscv/setcontext.S | 67 +++++++++++++++++ sysdeps/unix/sysv/linux/riscv/swapcontext.S | 77 +++++++++++++++++++- sysdeps/unix/sysv/linux/riscv/ucontext_i.sym | 2 + 5 files changed, 184 insertions(+), 1 deletion(-) diff --git a/sysdeps/unix/sysv/linux/riscv/getcontext.S b/sysdeps/unix/sysv/linux/riscv/getcontext.S index 86e7a8ff91..9595ddd880 100644 --- a/sysdeps/unix/sysv/linux/riscv/getcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/getcontext.S @@ -17,11 +17,13 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int getcontext (ucontext_t *ucp) */ .text LEAF (__getcontext) + LPAD SAVE_INT_REG (ra, 0, a0) SAVE_INT_REG (ra, 1, a0) SAVE_INT_REG (sp, 2, a0) @@ -58,6 +60,24 @@ LEAF (__getcontext) sw a1, MCONTEXT_FSR(a0) #endif /* __riscv_float_abi_soft */ +#ifdef __riscv_shadow_stack + ssrdp t0 + beqz t0, .Lskip_ss + /* Read ssp_base from TLS */ + ld t1, TLS_SSP_BASE_OFFSET(tp) + + bnez t1, .Lbase_saved + /* if not found, save and use current ssp as the marker */ + mv t1, t0 + sd t1, TLS_SSP_BASE_OFFSET(tp) + +.Lbase_saved: + /* Save caller's ssp and base marker to ucontext */ + REG_S t1, UCONTEXT_SSP_BASE(a0) + REG_S t0, UCONTEXT_SSP(a0) +.Lskip_ss: +#endif + /* rt_sigprocmask (SIG_BLOCK, NULL, &ucp->uc_sigmask, _NSIG8) */ li a3, _NSIG8 add a2, a0, UCONTEXT_SIGMASK diff --git a/sysdeps/unix/sysv/linux/riscv/makecontext.c b/sysdeps/unix/sysv/linux/riscv/makecontext.c index 3da27dd5df..b30ff97f5b 100644 --- a/sysdeps/unix/sysv/linux/riscv/makecontext.c +++ b/sysdeps/unix/sysv/linux/riscv/makecontext.c @@ -21,6 +21,9 @@ #include #include #include +#ifdef __riscv_shadow_stack +#include +#endif void __makecontext (ucontext_t *ucp, void (*func) (void), int argc, @@ -73,6 +76,22 @@ __makecontext (ucontext_t *ucp, void (*func) (void), int argc, va_end (vl); } +#ifdef __riscv_shadow_stack + /* Allocate shadow stack for the new context */ + + /* shstk_size[0]: shadow stack base + shstk_size[1]: shadow stack size */ + shadow_stack_size_t shstk_size[2]; + int ret = __allocate_shadow_stack(ucp->uc_stack.ss_size, shstk_size); + if (ret != 0) + { + abort(); + } + + ucp->uc_sigmask.__saved.__ssp_base = shstk_size[0]; + ucp->uc_sigmask.__saved.__ssp = shstk_size[0] + shstk_size[1] - \ + sizeof (shstk_size[0]); +#endif } weak_alias (__makecontext, makecontext) diff --git a/sysdeps/unix/sysv/linux/riscv/setcontext.S b/sysdeps/unix/sysv/linux/riscv/setcontext.S index a2de57b537..83d9c43e5a 100644 --- a/sysdeps/unix/sysv/linux/riscv/setcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/setcontext.S @@ -17,6 +17,7 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int __setcontext (const ucontext_t *ucp) @@ -29,6 +30,7 @@ .text LEAF (__setcontext) + LPAD mv t0, a0 /* Save ucp into t0. */ @@ -45,6 +47,55 @@ LEAF (__setcontext) cfi_def_cfa (t0, 0) +#ifdef __riscv_shadow_stack + /* Skip if shadow stack is not enabled */ + ssrdp ra + beqz ra, .Lfin + /* We are safe to adjust shadow stack after the sanity check */ + REG_L t1, UCONTEXT_SSP_BASE(t0) + REG_L a1, UCONTEXT_SSP(t0) + REG_L a2, TLS_SSP_BASE_OFFSET(tp) + bne t1, a2, .Ldifferent_stack + +.Lunwind: + bleu a1, ra, .Lfin + /* increase ssp by at most a page size to ensure always run into + a guard page before accidentally point to another legal shadow + stack page */ + /* ra = (a1 - ra >= 4096) ? ra + 4096 : a1 */ + lui t2, 1 + add ra, ra, t2 + bleu ra, a1, 1f + mv ra, a1 +1: + csrw ssp, ra + /* Test if the location pointed by ssp is legal */ + sspush ra + sspopchk ra + j .Lunwind + +.Ldifferent_stack: + /* Create restore token */ + sspush ra + mv a4, a1 + +.Lfind_rstor_token: + /* Probe and validate target restore token */ + ssamoswap.d a3, x0, (a4) + addi a2, a4, 8 + beq a3, a2, .Lswitch_stack + /* Restore the shadow stack and try the next slot */ + ssamoswap.d x0, a3, (a4) + addi a4, a4, -8 + j .Lfind_rstor_token + +.Lswitch_stack: + /* Switch stack: update ssp and base */ + csrw ssp, a1 + REG_S t1, TLS_SSP_BASE_OFFSET(tp) +.Lfin: +#endif + #ifndef __riscv_float_abi_soft lw t1, MCONTEXT_FSR(t0) @@ -66,7 +117,11 @@ LEAF (__setcontext) /* Note the contents of argument registers will be random unless makecontext() has been called. */ +#ifdef __riscv_landing_pad + RESTORE_INT_REG (t2, 0, t0) +#else RESTORE_INT_REG (t1, 0, t0) +#endif RESTORE_INT_REG_CFI (ra, 1, t0) RESTORE_INT_REG (sp, 2, t0) RESTORE_INT_REG_CFI (s0, 8, t0) @@ -90,7 +145,12 @@ LEAF (__setcontext) RESTORE_INT_REG_CFI (s10, 26, t0) RESTORE_INT_REG_CFI (s11, 27, t0) +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + jr t2 +#else jr t1 +#endif 99: tail __syscall_error @@ -99,12 +159,19 @@ libc_hidden_def (__setcontext) weak_alias (__setcontext, setcontext) LEAF (__start_context) + LPAD /* Terminate call stack by noting ra == 0. Happily, s0 == 0 here. */ cfi_register (ra, s0) /* Call the function passed to makecontext. */ +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + mv t2, s1 + jalr t2 +#else jalr s1 +#endif /* Invoke subsequent context if present, else exit(0). */ mv a0, s2 diff --git a/sysdeps/unix/sysv/linux/riscv/swapcontext.S b/sysdeps/unix/sysv/linux/riscv/swapcontext.S index bf5754c8b5..d69d91e9d0 100644 --- a/sysdeps/unix/sysv/linux/riscv/swapcontext.S +++ b/sysdeps/unix/sysv/linux/riscv/swapcontext.S @@ -17,10 +17,12 @@ . */ #include "ucontext-macros.h" +#include "tcb-offsets.h" /* int swapcontext (ucontext_t *oucp, const ucontext_t *ucp) */ LEAF (__swapcontext) + LPAD mv t0, a1 /* Save ucp into t0. */ SAVE_INT_REG (ra, 0, a0) @@ -59,6 +61,25 @@ LEAF (__swapcontext) sw a1, MCONTEXT_FSR(a0) #endif /* __riscv_float_abi_soft */ +#ifdef __riscv_shadow_stack + /* Skip if shadow stack is not enabled */ + ssrdp ra + beqz ra, .Lfin + + /* Read ssp_base from TLS */ + ld t2, TLS_SSP_BASE_OFFSET(tp) + bnez t2, .Lbase_saved + + /* if not found, use current ssp as the marker */ + mv t2, ra + sd t2, TLS_SSP_BASE_OFFSET(tp) + +.Lbase_saved: + /* Save caller's ssp and base marker to oucp */ + REG_S t2, UCONTEXT_SSP_BASE(a0) + REG_S ra, UCONTEXT_SSP(a0) +#endif + /* rt_sigprocmask (SIG_SETMASK, &ucp->uc_sigmask, &oucp->uc_sigmask, _NSIG8) */ li a3, _NSIG8 add a2, a0, UCONTEXT_SIGMASK @@ -70,6 +91,52 @@ LEAF (__swapcontext) bltz a0, 99f +#ifdef __riscv_shadow_stack + /* Load ss information from ucp */ + REG_L a0, UCONTEXT_SSP_BASE(t0) + REG_L a1, UCONTEXT_SSP(t0) + REG_L a2, TLS_SSP_BASE_OFFSET(tp) + bne a0, a2, .Ldifferent_stack + +.Lunwind: + bleu a1, ra, .Lfin + /* increase ssp by at most a page size to ensure always run into + a guard page before accidentally point to another legal shadow + stack page */ + /* ra = (a1 - ra >= 4096) ? ra + 4096 : a1 */ + lui t2, 1 + add ra, ra, t2 + bleu ra, a1, 1f + mv ra, a1 +1: + csrw ssp, ra + /* Test if the location pointed by ssp is legal */ + sspush ra + sspopchk ra + j .Lunwind + +.Ldifferent_stack: + /* Create restore token */ + sspush ra + mv a4, a1 + +.Lfind_rstor_token: + /* Probe and validate target restore token */ + ssamoswap.d a3, x0, (a4) + addi a2, a4, 8 + beq a3, a2, .Lswitch_stack + /* Restore the shadow stack and try the next slot */ + ssamoswap.d x0, a3, (a4) + addi a4, a4, -8 + j .Lfind_rstor_token + +.Lswitch_stack: + /* Switch stack: update ssp and base */ + csrw ssp, a1 + REG_S a0, TLS_SSP_BASE_OFFSET(tp) +.Lfin: +#endif + #ifndef __riscv_float_abi_soft lw t1, MCONTEXT_FSR(t0) @@ -91,7 +158,11 @@ LEAF (__swapcontext) /* Note the contents of argument registers will be random unless makecontext() has been called. */ +#ifdef __riscv_landing_pad + RESTORE_INT_REG (t2, 0, t0) +#else RESTORE_INT_REG (t1, 0, t0) +#endif RESTORE_INT_REG (ra, 1, t0) RESTORE_INT_REG (sp, 2, t0) RESTORE_INT_REG (s0, 8, t0) @@ -115,8 +186,12 @@ LEAF (__swapcontext) RESTORE_INT_REG (s10, 26, t0) RESTORE_INT_REG (s11, 27, t0) +#ifdef __riscv_landing_pad + /* We need to use software-guared jump */ + jr t2 +#else jr t1 - +#endif 99: tail __syscall_error diff --git a/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym b/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym index be55b26310..14214e14ca 100644 --- a/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym +++ b/sysdeps/unix/sysv/linux/riscv/ucontext_i.sym @@ -20,6 +20,8 @@ UCONTEXT_LINK ucontext (uc_link) UCONTEXT_STACK ucontext (uc_stack) UCONTEXT_MCONTEXT ucontext (uc_mcontext) UCONTEXT_SIGMASK ucontext (uc_sigmask) +UCONTEXT_SSP ucontext (uc_sigmask.__saved.__ssp) +UCONTEXT_SSP_BASE ucontext (uc_sigmask.__saved.__ssp_base) STACK_SP stack (ss_sp) STACK_SIZE stack (ss_size) From patchwork Mon Oct 27 04:26:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jesse Huang X-Patchwork-Id: 122670 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6A74C3858C51 for ; Mon, 27 Oct 2025 04:41:49 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6A74C3858C51 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=O21EZxGq X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by sourceware.org (Postfix) with ESMTPS id 5DC993858D2A for ; Mon, 27 Oct 2025 04:27:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5DC993858D2A Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=sifive.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=sifive.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5DC993858D2A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1034 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539228; cv=none; b=lNFRlq85CtckEhaEK9Y9wEixOgi+s/K7UIDcgXEXxn438GndtYKNekzEnAX3cLuWecp/t9jStJrgSVTOpQrlNsEk+Jaki1jj6zpTY822sjyS7Z/7L/SFQAR6lH0gixVo8uMn6oAzsVTOyk8m1UNM9zTKEFanQIZyH4ZnumlNBWk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1761539228; c=relaxed/simple; bh=0BqWAUPlPYWpg07xZOucm+85jzhvYfBdPzUFsCRoq+0=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=f/wQaHDMF1Cq5DxeMLh9ZvRlCQ5/AHIO6QNMQfjXyZhLY/70X/kO/3+BOptuL/ANsXxM1DXKZv7QCftkF+xQLIg3KJsXYDed2gqC4/GR6FPDWKP6nsL4ODocVSV373AcfF1FzOzGq98OCS0+BMaIPb2xD/j2028wub9nkkmhuKw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5DC993858D2A Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-33d962c0e9aso3481460a91.0 for ; Sun, 26 Oct 2025 21:27:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1761539227; x=1762144027; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CL+5LfjZ5dfOkPZj1En9qUHRezon1XMbQMrh/ApH3Gc=; b=O21EZxGqxMCKEeI6Q2LStug6HqWvKdAUnrZV4Br2sDfzNR0jRwtABtYOjJ8sg3k63j exT82NqjQkMGJ8bDLvHYFLTaAemKSaNY+y5BPKI8HnVOH59epi18TC9U4z4i34MmXgsp Iq/hHLwwGgdpK5k4Px5doBcjt/5U1BNRYqXrpPIS1pXZZMWKIafQI9hCWwGabZiLd8+8 Z+PuPrWpzGCMwIenNq27WVb3B0tXNBftOqU0/eEDZAf/vUkhDZLsEqOkF7sc8ykKTHlm FKQNj8fOUfSrFe3ROy+3QBdZVJf/hsLnehkynSZFM0h1u0UuW7nQbJEr6VHnwn/S97Dh 6Big== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761539227; x=1762144027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CL+5LfjZ5dfOkPZj1En9qUHRezon1XMbQMrh/ApH3Gc=; b=FCL4fmxsPm0V+J3oPpBfCyf9d0HMBo38Ur2evGW4k0Hdvr/SWAWUXy64zL3n1a4u+x q+ZRT9HBNHo9ZSf9WHjfCUGSN8T6Sn2mRpIxHrc/5WK+sNhAgNmZl7dYtcPe4GfWCobA oaLQJST/sOcDL8lIm9AQDRAwYKMSjpmWkPU7f7v5Z0S4yKjqUPYIRg2rSpd/pE/sxtsw JcmGY8LzKkm1fX8hO+jc7aKWhtpW53sBYYjwwy9Uf0oiXRHabx1jWnIoDJrSxD71QI66 iulSyiIfKuEcP4wzfrh/KtGXwCfOK+HN7iLWchURMBsFTDwzWqp7qkv6lGr5BuHFKL2o 0A5w== X-Gm-Message-State: AOJu0YzB9sVdqty6GQB07pVen3N4utyfRS0tglG4o22EF65JbTosALCs QPQWv70ol185hQTWEYUUltB7tvLIM17h9uwgMbf/TYudtq6qI36Np4Q//j+mndOsUXXQuMFIdKD p9pIdibWIfI/uPMgr5swarKfiwq3msVD9OCgj7pSZcJzNQeWte8UrpY+XTwQz67CLJi0Ere/WxF blVzr+w4Eo6Ugq68oC1UUW7Zq8aBi5kRGFL2k+FsN+Sw1OosoM3WA= X-Gm-Gg: ASbGncuYQPP7I8Z2mSvwiDfJT5LqY/KDIpYczcp4xjHwIA7nRsVyfPWP6ZHFDprCAK8 KG7N5DDW3in4YmTTxjGLol8ODmNf7irrM3fh6VKLSZMMeHnzv88AcPf6TbmtbcGFtpBmtBOt2Hj T74tQhR49lIF9Ma0VL9akGfSJtTt4NvjwOH6e0Z/RRzyApDtFecbZjBH/wh8j+BtEQFiubGXCBs TU370wczqYF9Wp0iPy1Hr3a59JtOI89IIDMUip6jlNVWakdghU/qnoKOMNZlcTpq/ygFu8eMAZq o73/xZEfkmd0vht1Ssd9viiNeMCdVbax5v23dqIZNOy35Mgfk1TBmjKaMw+zLX+/jaHsR84tKwt FnHTdL1lFCwFkWIh4Lfnu1SdQyX5oKdRMHxpgSCYOVHjgx+JB1jLlHpjcuBuo0Qzz2QswCaBxM1 dyay4ZTC/qioCdgXXTTPeLpoegir+zXlKwhycOSPwZEy5RvHvvs6rkzKS9OFHnP6h0ucUrt96cw MpsHR7nT3lTMEJkHLGK1PijYoM6xYY= X-Google-Smtp-Source: AGHT+IHXtK72HCV0cv8sZsHLA2bqQ5jqf11wtToFDr8CGxeY8Wbv4wPD93isqp9Kv6ASsvK7X6PTSg== X-Received: by 2002:a17:90b:350e:b0:32e:3592:581a with SMTP id 98e67ed59e1d1-33fd3cecfe2mr12716860a91.17.1761539226678; Sun, 26 Oct 2025 21:27:06 -0700 (PDT) Received: from sw08.internal.sifive.com ([4.53.31.132]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-33fed80df16sm6765734a91.15.2025.10.26.21.27.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 26 Oct 2025 21:27:06 -0700 (PDT) From: Jesse Huang To: libc-alpha@sourceware.org Cc: andrew@sifive.com, darius@bluespec.com, debug@rivosinc.com, jlaw@ventanamicro.com, kito.cheng@sifive.com, palmer@dabbelt.com, Jesse Huang Subject: [PATCH v3 16/16] riscv/cfi: Add __INDIRECT_RETURN attribute to swapcontext Date: Sun, 26 Oct 2025 21:26:34 -0700 Message-Id: <20251027042634.2665717-17-jesse.huang@sifive.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20251027042634.2665717-1-jesse.huang@sifive.com> References: <20251027042634.2665717-1-jesse.huang@sifive.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org --- sysdeps/riscv/bits/indirect-return.h | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 sysdeps/riscv/bits/indirect-return.h diff --git a/sysdeps/riscv/bits/indirect-return.h b/sysdeps/riscv/bits/indirect-return.h new file mode 100644 index 0000000000..4ab1804671 --- /dev/null +++ b/sysdeps/riscv/bits/indirect-return.h @@ -0,0 +1,36 @@ +/* Definition of __INDIRECT_RETURN. RISC-V version. + Copyright (C) 2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _UCONTEXT_H +# error "Never include directly; use instead." +#endif + +/* __INDIRECT_RETURN indicates that swapcontext may return via + an indirect branch. This happens when GCS is enabled, so + add the attribute if available, otherwise returns_twice has + a similar effect, but it prevents some code transformations + that can cause build failures in some rare cases so it is + only used when GCS is enabled. */ +#if __glibc_has_attribute (__indirect_return__) +# define __INDIRECT_RETURN __attribute__ ((__indirect_return__)) +#elif __glibc_has_attribute (__returns_twice__) \ + && defined __ARM_FEATURE_GCS_DEFAULT +# define __INDIRECT_RETURN __attribute__ ((__returns_twice__)) +#else +# define __INDIRECT_RETURN +#endif