From patchwork Fri Mar 17 11:35:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Chiu X-Patchwork-Id: 1758242 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=2gGNyQbC; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=sifive.com header.i=@sifive.com header.a=rsa-sha256 header.s=google header.b=JTsUG/K5; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PdMZN56ZSz2470 for ; Fri, 17 Mar 2023 22:38:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8geuIDdhQOoEUDZgT+hRx4SRsxTjydp9bPyu5zK0+1g=; b=2gGNyQbCWiQbo0 FsV8ofqw1XQZ8HSnQq7h9C3wHfrFrAVs2t/+CWUPTejv/GgFDZu1jMMveIl+DuJe1j8vF8r8rw4aa DR1bZllFtubTIfoZPWj9LMIT7z6DwuLEaIyqw7CijJ6j6uVGGc87bnqgP8cBi07hNyoTcJndVre1y nzODhd0kxN56/V8wHWljkaEQoI1ZCNejzvBGV871ks04RRpofmWNxIs8jbN2ITwThiIwVCKaZmVnh 0PTFqwSWzUkTj4E3dVODytf9I109ZcuMjcyXILf+aMUZPewU34Z4tRYfkvQxzT46qfsC1qDXDyBRG bZ6HZ4vU5bJNxSMR9F9g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pd8PI-0025lN-2y; Fri, 17 Mar 2023 11:38:00 +0000 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pd8PG-0025hn-1b for kvm-riscv@lists.infradead.org; Fri, 17 Mar 2023 11:37:59 +0000 Received: by mail-pj1-x1030.google.com with SMTP id 6-20020a17090a190600b00237c5b6ecd7so8776425pjg.4 for ; Fri, 17 Mar 2023 04:37:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1679053077; h=references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=2/srIeqtOeL8WlVYBrDSAnb/WyWsrKaiEJtMn58iONk=; b=JTsUG/K5QtL0DcwnamfsJrMzXDQ7zOkJtx0wegxPmA18XsJ4/5yCCu6YfqY0KmiSpe l+kvxhhrIt/CfokY+rUkAy/f7XFtL3ZpP61hyC3y87rLTamoQEN6XPFHCgWAnuhnmVm4 6nctYI1xK5eC/YCCg6k70XgE4+QACVApaoizHMjKDOc/UmEk0RJt3OnGtsTPtysVdANL +J9hQdU0YZgYFcDtrkRDyz8Kh1dv4Wf5GqHG1QxfH9+ML5NsIlyAieagxROEUTkbtrig jY+ZcQOfkxfEBF/DahZxkKABEyC5RKjYpiQwh5f9xthiFP+sfdMFhdkExxhpnm2voInl LI9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679053077; h=references:in-reply-to:message-id:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2/srIeqtOeL8WlVYBrDSAnb/WyWsrKaiEJtMn58iONk=; b=bm245kvO2L8EwtAeH6z1YYnTwhU6Ss0188pAL+uTEGh5Vn/WhMQ3DxYh09QJiOaYqo LeAn97NLwWeZgGngg3RBuMdc4VwDE6o5d/wP1WnsdyOS43j2WX5hIf3eQucDiNl24F7k 44LD28yMIG26sYwu64r+Hwiq/uv1QVn42tfxsiVu++WHwOCXAFrKV5kA+kVdeKUF5gDO pJozjoNfIO0Ay7BAoT6k/GW22OIRAfDKaMmzR9gNFWa8WyGO147iwiQJHKySdcW6cE8a MTVavT+Cr6umAacvvX6NYhQr6jTunFaDmXHVaNosGocB3dQqxPiekaCFQCPRR2At5rc+ fxag== X-Gm-Message-State: AO0yUKWsWNVB7VMlM8r/LAhFccXyKz4oLqrpiwqBMTakESjBv6Yu0EMF jqVN8DG6Qymb6yElmuBjZpoWeQ== X-Google-Smtp-Source: AK7set+SvLkgLD55k9exmeaGWXbyv8B92DP3AAq3POzq7CvetackAp4FKOja4aWavUybfyNLCQhgMA== X-Received: by 2002:a17:90a:51:b0:23d:4b01:b27 with SMTP id 17-20020a17090a005100b0023d4b010b27mr8210678pjb.10.1679053077169; Fri, 17 Mar 2023 04:37:57 -0700 (PDT) Received: from hsinchu25.internal.sifive.com (59-124-168-89.hinet-ip.hinet.net. [59.124.168.89]) by smtp.gmail.com with ESMTPSA id n63-20020a17090a2cc500b0023d3845b02bsm1188740pjd.45.2023.03.17.04.37.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Mar 2023 04:37:56 -0700 (PDT) From: Andy Chiu To: linux-riscv@lists.infradead.org, palmer@dabbelt.com, anup@brainfault.org, atishp@atishpatra.org, kvm-riscv@lists.infradead.org, kvm@vger.kernel.org Cc: vineetg@rivosinc.com, greentime.hu@sifive.com, guoren@linux.alibaba.com, ShihPo Hung , Vincent Chen , Andy Chiu , Paul Walmsley , Albert Ou , Conor Dooley , Alexandre Ghiti , Masahiro Yamada , Guo Ren Subject: [PATCH -next v15 16/19] riscv: prevent stack corruption by reserving task_pt_regs(p) early Date: Fri, 17 Mar 2023 11:35:35 +0000 Message-Id: <20230317113538.10878-17-andy.chiu@sifive.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230317113538.10878-1-andy.chiu@sifive.com> References: <20230317113538.10878-1-andy.chiu@sifive.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230317_043758_547241_A9491870 X-CRM114-Status: UNSURE ( 8.93 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Greentime Hu Early function calls, such as setup_vm(), relocate_enable_mmu(), soc_early_init() etc, are free to operate on stack. However, PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly rese [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1030 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: kvm-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "kvm-riscv" Errors-To: kvm-riscv-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Greentime Hu Early function calls, such as setup_vm(), relocate_enable_mmu(), soc_early_init() etc, are free to operate on stack. However, PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly reserved for the placement of per-task register context pointed by task_pt_regs(p). Those functions may corrupt task_pt_regs if we overlap the $sp with it. In fact, we had accidentally corrupted sstatus.VS in some tests, treating the kernel to save V context before V was actually allocated, resulting in a kernel panic. Thus, we should skip PT_SIZE_ON_STACK for $sp before making C function calls from the top-level assembly. Co-developed-by: ShihPo Hung Signed-off-by: ShihPo Hung Co-developed-by: Vincent Chen Signed-off-by: Vincent Chen Signed-off-by: Greentime Hu Signed-off-by: Andy Chiu Reviewed-by: Conor Dooley --- arch/riscv/kernel/head.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S index e16bb2185d55..11c3b94c4534 100644 --- a/arch/riscv/kernel/head.S +++ b/arch/riscv/kernel/head.S @@ -301,6 +301,7 @@ clear_bss_done: la tp, init_task la sp, init_thread_union + THREAD_SIZE XIP_FIXUP_OFFSET sp + addi sp, sp, -PT_SIZE_ON_STACK #ifdef CONFIG_BUILTIN_DTB la a0, __dtb_start XIP_FIXUP_OFFSET a0 @@ -318,6 +319,7 @@ clear_bss_done: /* Restore C environment */ la tp, init_task la sp, init_thread_union + THREAD_SIZE + addi sp, sp, -PT_SIZE_ON_STACK #ifdef CONFIG_KASAN call kasan_early_init