2025-03-14T14:39:41-07:00, Deepak Gupta debug@rivosinc.com:
Kernel will have to perform shadow stack operations on user shadow stack. Like during signal delivery and sigreturn, shadow stack token must be created and validated respectively. Thus shadow stack access for kernel must be enabled.
Why can't kernel access the user shadow stack through an aliased WR mapping?
In future when kernel shadow stacks are enabled for linux kernel, it must be enabled as early as possible for better coverage and prevent imbalance between regular stack and shadow stack. After `relocate_enable_mmu` has been done, this is as early as possible it can enabled.
Reviewed-by: Zong Li zong.li@sifive.com Signed-off-by: Deepak Gupta debug@rivosinc.com
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S @@ -320,6 +326,12 @@ SYM_CODE_START(_start_kernel) la tp, init_task la sp, init_thread_union + THREAD_SIZE addi sp, sp, -PT_SIZE_ON_STACK
- li a7, SBI_EXT_FWFT
- li a6, SBI_EXT_FWFT_SET
- li a0, SBI_FWFT_SHADOW_STACK
- li a1, 1 /* enable supervisor to access shadow stack access */
- li a2, SBI_FWFT_SET_FLAG_LOCK
- ecall
I think the ecall can fail even on machines that have Zicfiss, so it would be good to disable user shadow stack if that happens.