From: Andy Chiu <andy.chiu@sifive.com>
To: linux-riscv@lists.infradead.org, palmer@dabbelt.com,
anup@brainfault.org, atishp@atishpatra.org,
kvm-riscv@lists.infradead.org, kvm@vger.kernel.org
Cc: vineetg@rivosinc.com, greentime.hu@sifive.com,
guoren@linux.alibaba.com, ShihPo Hung <shihpo.hung@sifive.com>,
Vincent Chen <vincent.chen@sifive.com>,
Andy Chiu <andy.chiu@sifive.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Stuebner <heiko.stuebner@vrull.eu>,
Conor Dooley <conor.dooley@microchip.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Alexandre Ghiti <alex@ghiti.fr>, Guo Ren <guoren@kernel.org>
Subject: [PATCH -next v19 17/24] riscv: prevent stack corruption by reserving task_pt_regs(p) early
Date: Tue, 9 May 2023 10:30:26 +0000 [thread overview]
Message-ID: <20230509103033.11285-18-andy.chiu@sifive.com> (raw)
In-Reply-To: <20230509103033.11285-1-andy.chiu@sifive.com>
From: Greentime Hu <greentime.hu@sifive.com>
Early function calls, such as setup_vm(), relocate_enable_mmu(),
soc_early_init() etc, are free to operate on stack. However,
PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly
reserved for the placement of per-task register context pointed by
task_pt_regs(p). Those functions may corrupt task_pt_regs if we overlap
the $sp with it. In fact, we had accidentally corrupted sstatus.VS in some
tests, treating the kernel to save V context before V was actually
allocated, resulting in a kernel panic.
Thus, we should skip PT_SIZE_ON_STACK for $sp before making C function
calls from the top-level assembly.
Co-developed-by: ShihPo Hung <shihpo.hung@sifive.com>
Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com>
Co-developed-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Greentime Hu <greentime.hu@sifive.com>
Signed-off-by: Andy Chiu <andy.chiu@sifive.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Tested-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
---
arch/riscv/kernel/head.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index e16bb2185d55..11c3b94c4534 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -301,6 +301,7 @@ clear_bss_done:
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
XIP_FIXUP_OFFSET sp
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_BUILTIN_DTB
la a0, __dtb_start
XIP_FIXUP_OFFSET a0
@@ -318,6 +319,7 @@ clear_bss_done:
/* Restore C environment */
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_KASAN
call kasan_early_init
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Andy Chiu <andy.chiu@sifive.com>
To: linux-riscv@lists.infradead.org, palmer@dabbelt.com,
anup@brainfault.org, atishp@atishpatra.org,
kvm-riscv@lists.infradead.org, kvm@vger.kernel.org
Cc: vineetg@rivosinc.com, greentime.hu@sifive.com,
guoren@linux.alibaba.com, ShihPo Hung <shihpo.hung@sifive.com>,
Vincent Chen <vincent.chen@sifive.com>,
Andy Chiu <andy.chiu@sifive.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Stuebner <heiko.stuebner@vrull.eu>,
Conor Dooley <conor.dooley@microchip.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Alexandre Ghiti <alex@ghiti.fr>, Guo Ren <guoren@kernel.org>
Subject: [PATCH -next v19 17/24] riscv: prevent stack corruption by reserving task_pt_regs(p) early
Date: Tue, 9 May 2023 10:30:26 +0000 [thread overview]
Message-ID: <20230509103033.11285-18-andy.chiu@sifive.com> (raw)
In-Reply-To: <20230509103033.11285-1-andy.chiu@sifive.com>
From: Greentime Hu <greentime.hu@sifive.com>
Early function calls, such as setup_vm(), relocate_enable_mmu(),
soc_early_init() etc, are free to operate on stack. However,
PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly
reserved for the placement of per-task register context pointed by
task_pt_regs(p). Those functions may corrupt task_pt_regs if we overlap
the $sp with it. In fact, we had accidentally corrupted sstatus.VS in some
tests, treating the kernel to save V context before V was actually
allocated, resulting in a kernel panic.
Thus, we should skip PT_SIZE_ON_STACK for $sp before making C function
calls from the top-level assembly.
Co-developed-by: ShihPo Hung <shihpo.hung@sifive.com>
Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com>
Co-developed-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Greentime Hu <greentime.hu@sifive.com>
Signed-off-by: Andy Chiu <andy.chiu@sifive.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Tested-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
---
arch/riscv/kernel/head.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index e16bb2185d55..11c3b94c4534 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -301,6 +301,7 @@ clear_bss_done:
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
XIP_FIXUP_OFFSET sp
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_BUILTIN_DTB
la a0, __dtb_start
XIP_FIXUP_OFFSET a0
@@ -318,6 +319,7 @@ clear_bss_done:
/* Restore C environment */
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_KASAN
call kasan_early_init
--
2.17.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2023-05-09 10:33 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-09 10:30 [PATCH -next v19 00/24] riscv: Add vector ISA support Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 01/24] riscv: Rename __switch_to_aux() -> fpu Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-16 2:47 ` Andy Chiu
2023-05-16 2:47 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 02/24] riscv: Extending cpufeature.c to detect V-extension Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 03/24] riscv: hwprobe: Add support for RISCV_HWPROBE_BASE_BEHAVIOR_V Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 11:05 ` Heiko Stübner
2023-05-09 11:05 ` Heiko Stübner
2023-05-09 16:41 ` Andy Chiu
2023-05-09 16:41 ` Andy Chiu
2023-05-09 17:32 ` Evan Green
2023-05-09 17:32 ` Evan Green
2023-05-09 17:59 ` Palmer Dabbelt
2023-05-09 17:59 ` Palmer Dabbelt
2023-05-09 18:29 ` Evan Green
2023-05-09 18:29 ` Evan Green
2023-05-11 22:36 ` Palmer Dabbelt
2023-05-11 22:36 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 04/24] riscv: Add new csr defines related to vector extension Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-16 3:15 ` Andy Chiu
2023-05-16 3:15 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 05/24] riscv: Clear vector regfile on bootup Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 06/24] riscv: Disable Vector Instructions for kernel itself Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 07/24] riscv: Introduce Vector enable/disable helpers Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 08/24] riscv: Introduce riscv_v_vsize to record size of Vector context Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-11 22:56 ` Palmer Dabbelt
2023-05-09 10:30 ` [PATCH -next v19 09/24] riscv: Introduce struct/helpers to save/restore per-task Vector state Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 10/24] riscv: Add task switch support for vector Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 11/24] riscv: Allocate user's vector context in the first-use trap Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 12/24] riscv: Add ptrace vector support Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 13/24] riscv: signal: check fp-reserved words unconditionally Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 14/24] riscv: signal: Add sigcontext save/restore for vector Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 15/24] riscv: signal: Report signal frame size to userspace via auxv Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 16/24] riscv: signal: validate altstack to reflect Vector Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` Andy Chiu [this message]
2023-05-09 10:30 ` [PATCH -next v19 17/24] riscv: prevent stack corruption by reserving task_pt_regs(p) early Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 18/24] riscv: kvm: Add V extension to KVM ISA Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 19/24] riscv: KVM: Add vector lazy save/restore support Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 20/24] riscv: Add prctl controls for userspace vector management Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 11:14 ` Heiko Stübner
2023-05-09 11:14 ` Heiko Stübner
2023-05-09 16:11 ` Andy Chiu
2023-05-09 16:11 ` Andy Chiu
2023-05-09 17:58 ` Palmer Dabbelt
2023-05-09 17:58 ` Palmer Dabbelt
2023-05-15 11:38 ` Björn Töpel
2023-05-15 11:38 ` Björn Töpel
2023-05-16 7:13 ` Andy Chiu
2023-05-16 7:13 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 21/24] riscv: Add sysctl to set the default vector rule for new processes Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-15 11:42 ` Björn Töpel
2023-05-15 11:42 ` Björn Töpel
2023-05-09 10:30 ` [PATCH -next v19 22/24] riscv: detect assembler support for .option arch Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 10:30 ` [PATCH -next v19 23/24] riscv: Enable Vector code to be built Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-09 12:34 ` Conor Dooley
2023-05-09 12:34 ` Conor Dooley
2023-05-09 16:04 ` Andy Chiu
2023-05-09 16:04 ` Andy Chiu
2023-05-09 16:53 ` Conor Dooley
2023-05-09 16:53 ` Conor Dooley
2023-05-09 20:59 ` Palmer Dabbelt
2023-05-09 20:59 ` Palmer Dabbelt
2023-05-09 21:06 ` Conor Dooley
2023-05-09 21:06 ` Conor Dooley
2023-05-15 12:04 ` Conor Dooley
2023-05-15 12:04 ` Conor Dooley
2023-05-09 22:14 ` kernel test robot
2023-05-09 22:14 ` kernel test robot
2023-05-09 10:30 ` [PATCH -next v19 24/24] riscv: Add documentation for Vector Andy Chiu
2023-05-09 10:30 ` Andy Chiu
2023-05-15 11:41 ` Björn Töpel
2023-05-15 11:41 ` Björn Töpel
2023-05-09 20:59 ` [PATCH -next v19 00/24] riscv: Add vector ISA support Palmer Dabbelt
2023-05-09 20:59 ` Palmer Dabbelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230509103033.11285-18-andy.chiu@sifive.com \
--to=andy.chiu@sifive.com \
--cc=alex@ghiti.fr \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=atishp@atishpatra.org \
--cc=conor.dooley@microchip.com \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=guoren@linux.alibaba.com \
--cc=heiko.stuebner@vrull.eu \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=masahiroy@kernel.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=shihpo.hung@sifive.com \
--cc=vincent.chen@sifive.com \
--cc=vineetg@rivosinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.