From: Andy Chiu <andy.chiu@sifive.com>
To: linux-riscv@lists.infradead.org, palmer@dabbelt.com,
anup@brainfault.org, atishp@atishpatra.org,
kvm-riscv@lists.infradead.org, kvm@vger.kernel.org
Cc: vineetg@rivosinc.com, greentime.hu@sifive.com,
guoren@linux.alibaba.com, ShihPo Hung <shihpo.hung@sifive.com>,
Vincent Chen <vincent.chen@sifive.com>,
Andy Chiu <andy.chiu@sifive.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Stuebner <heiko.stuebner@vrull.eu>,
Masahiro Yamada <masahiroy@kernel.org>,
Alexandre Ghiti <alex@ghiti.fr>, Guo Ren <guoren@kernel.org>
Subject: [PATCH -next v20 17/26] riscv: prevent stack corruption by reserving task_pt_regs(p) early
Date: Thu, 18 May 2023 16:19:40 +0000 [thread overview]
Message-ID: <20230518161949.11203-18-andy.chiu@sifive.com> (raw)
In-Reply-To: <20230518161949.11203-1-andy.chiu@sifive.com>
From: Greentime Hu <greentime.hu@sifive.com>
Early function calls, such as setup_vm(), relocate_enable_mmu(),
soc_early_init() etc, are free to operate on stack. However,
PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly
reserved for the placement of per-task register context pointed by
task_pt_regs(p). Those functions may corrupt task_pt_regs if we overlap
the $sp with it. In fact, we had accidentally corrupted sstatus.VS in some
tests, treating the kernel to save V context before V was actually
allocated, resulting in a kernel panic.
Thus, we should skip PT_SIZE_ON_STACK for $sp before making C function
calls from the top-level assembly.
Co-developed-by: ShihPo Hung <shihpo.hung@sifive.com>
Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com>
Co-developed-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Greentime Hu <greentime.hu@sifive.com>
Signed-off-by: Andy Chiu <andy.chiu@sifive.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Tested-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
---
arch/riscv/kernel/head.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index e16bb2185d55..11c3b94c4534 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -301,6 +301,7 @@ clear_bss_done:
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
XIP_FIXUP_OFFSET sp
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_BUILTIN_DTB
la a0, __dtb_start
XIP_FIXUP_OFFSET a0
@@ -318,6 +319,7 @@ clear_bss_done:
/* Restore C environment */
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_KASAN
call kasan_early_init
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Andy Chiu <andy.chiu@sifive.com>
To: linux-riscv@lists.infradead.org, palmer@dabbelt.com,
anup@brainfault.org, atishp@atishpatra.org,
kvm-riscv@lists.infradead.org, kvm@vger.kernel.org
Cc: vineetg@rivosinc.com, greentime.hu@sifive.com,
guoren@linux.alibaba.com, ShihPo Hung <shihpo.hung@sifive.com>,
Vincent Chen <vincent.chen@sifive.com>,
Andy Chiu <andy.chiu@sifive.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Stuebner <heiko.stuebner@vrull.eu>,
Masahiro Yamada <masahiroy@kernel.org>,
Alexandre Ghiti <alex@ghiti.fr>, Guo Ren <guoren@kernel.org>
Subject: [PATCH -next v20 17/26] riscv: prevent stack corruption by reserving task_pt_regs(p) early
Date: Thu, 18 May 2023 16:19:40 +0000 [thread overview]
Message-ID: <20230518161949.11203-18-andy.chiu@sifive.com> (raw)
In-Reply-To: <20230518161949.11203-1-andy.chiu@sifive.com>
From: Greentime Hu <greentime.hu@sifive.com>
Early function calls, such as setup_vm(), relocate_enable_mmu(),
soc_early_init() etc, are free to operate on stack. However,
PT_SIZE_ON_STACK bytes at the head of the kernel stack are purposedly
reserved for the placement of per-task register context pointed by
task_pt_regs(p). Those functions may corrupt task_pt_regs if we overlap
the $sp with it. In fact, we had accidentally corrupted sstatus.VS in some
tests, treating the kernel to save V context before V was actually
allocated, resulting in a kernel panic.
Thus, we should skip PT_SIZE_ON_STACK for $sp before making C function
calls from the top-level assembly.
Co-developed-by: ShihPo Hung <shihpo.hung@sifive.com>
Signed-off-by: ShihPo Hung <shihpo.hung@sifive.com>
Co-developed-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Vincent Chen <vincent.chen@sifive.com>
Signed-off-by: Greentime Hu <greentime.hu@sifive.com>
Signed-off-by: Andy Chiu <andy.chiu@sifive.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Reviewed-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
Tested-by: Heiko Stuebner <heiko.stuebner@vrull.eu>
---
arch/riscv/kernel/head.S | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
index e16bb2185d55..11c3b94c4534 100644
--- a/arch/riscv/kernel/head.S
+++ b/arch/riscv/kernel/head.S
@@ -301,6 +301,7 @@ clear_bss_done:
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
XIP_FIXUP_OFFSET sp
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_BUILTIN_DTB
la a0, __dtb_start
XIP_FIXUP_OFFSET a0
@@ -318,6 +319,7 @@ clear_bss_done:
/* Restore C environment */
la tp, init_task
la sp, init_thread_union + THREAD_SIZE
+ addi sp, sp, -PT_SIZE_ON_STACK
#ifdef CONFIG_KASAN
call kasan_early_init
--
2.17.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2023-05-18 16:22 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-18 16:19 [PATCH -next v20 00/26] riscv: Add vector ISA support Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 01/26] riscv: Rename __switch_to_aux() -> fpu Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 02/26] riscv: Extending cpufeature.c to detect V-extension Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 03/26] riscv: hwprobe: Add support for probing V in RISCV_HWPROBE_KEY_IMA_EXT_0 Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 17:28 ` Conor Dooley
2023-05-18 17:28 ` Conor Dooley
2023-05-19 16:50 ` Evan Green
2023-05-19 16:50 ` Evan Green
2023-05-24 0:48 ` Palmer Dabbelt
2023-05-24 0:48 ` Palmer Dabbelt
2023-06-01 4:46 ` Guo Ren
2023-06-01 4:46 ` Guo Ren
2023-05-18 16:19 ` [PATCH -next v20 04/26] riscv: Add new csr defines related to vector extension Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 05/26] riscv: Clear vector regfile on bootup Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 06/26] riscv: Disable Vector Instructions for kernel itself Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 07/26] riscv: Introduce Vector enable/disable helpers Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 08/26] riscv: Introduce riscv_v_vsize to record size of Vector context Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 09/26] riscv: Introduce struct/helpers to save/restore per-task Vector state Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-18 16:19 ` [PATCH -next v20 10/26] riscv: Add task switch support for vector Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-30 10:11 ` Andy Chiu
2023-05-30 10:11 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 11/26] riscv: Allocate user's vector context in the first-use trap Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 17:47 ` Conor Dooley
2023-05-18 17:47 ` Conor Dooley
2023-05-22 9:40 ` Andy Chiu
2023-05-22 9:40 ` Andy Chiu
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 14:21 ` Darius Rad
2023-05-24 14:21 ` Darius Rad
2023-05-30 16:51 ` Guo Ren
2023-05-30 16:51 ` Guo Ren
2023-05-18 16:19 ` [PATCH -next v20 12/26] riscv: Add ptrace vector support Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 0:49 ` Palmer Dabbelt
2023-05-24 6:32 ` Arnd Bergmann
2023-05-24 6:32 ` Arnd Bergmann
2023-05-24 7:50 ` Andreas Schwab
2023-05-24 7:50 ` Andreas Schwab
2023-05-18 16:19 ` [PATCH -next v20 13/26] riscv: signal: check fp-reserved words unconditionally Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 14/26] riscv: signal: Add sigcontext save/restore for vector Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 15/26] riscv: signal: Report signal frame size to userspace via auxv Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 16/26] riscv: signal: validate altstack to reflect Vector Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` Andy Chiu [this message]
2023-05-18 16:19 ` [PATCH -next v20 17/26] riscv: prevent stack corruption by reserving task_pt_regs(p) early Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 18/26] riscv: kvm: Add V extension to KVM ISA Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 19/26] riscv: KVM: Add vector lazy save/restore support Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 20/26] riscv: Add prctl controls for userspace vector management Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-20 14:11 ` kernel test robot
2023-05-20 14:11 ` kernel test robot
2023-05-21 1:50 ` kernel test robot
2023-05-21 1:50 ` kernel test robot
2023-05-22 4:12 ` Andy Chiu
2023-05-21 5:38 ` Rémi Denis-Courmont
2023-05-21 5:38 ` Rémi Denis-Courmont
2023-05-22 8:28 ` Andy Chiu
2023-05-22 8:28 ` Andy Chiu
2023-05-22 9:58 ` Rémi Denis-Courmont
2023-05-24 0:18 ` Palmer Dabbelt
2023-05-24 0:18 ` Palmer Dabbelt
2023-05-24 9:25 ` Andy Chiu
2023-05-24 9:25 ` Andy Chiu
2023-05-24 16:16 ` Rémi Denis-Courmont
2023-05-24 16:16 ` Rémi Denis-Courmont
2023-05-30 14:14 ` Andy Chiu
2023-05-30 14:14 ` Andy Chiu
2023-05-24 16:13 ` Rémi Denis-Courmont
2023-05-24 16:13 ` Rémi Denis-Courmont
2023-05-23 13:56 ` Björn Töpel
2023-05-23 13:56 ` Björn Töpel
2023-05-18 16:19 ` [PATCH -next v20 21/26] riscv: Add sysctl to set the default vector rule for new processes Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-23 13:45 ` Björn Töpel
2023-05-23 13:45 ` Björn Töpel
2023-05-18 16:19 ` [PATCH -next v20 22/26] riscv: detect assembler support for .option arch Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 23/26] riscv: Enable Vector code to be built Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 17:31 ` Conor Dooley
2023-05-18 17:31 ` Conor Dooley
2023-05-24 0:22 ` Palmer Dabbelt
2023-05-24 0:22 ` Palmer Dabbelt
2023-05-18 16:19 ` [PATCH -next v20 24/26] riscv: Add documentation for Vector Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-19 8:09 ` Bagas Sanjaya
2023-05-19 8:09 ` Bagas Sanjaya
2023-05-21 5:20 ` Rémi Denis-Courmont
2023-05-21 5:20 ` Rémi Denis-Courmont
2023-05-18 16:19 ` [PATCH -next v20 25/26] selftests: Test RISC-V Vector prctl interface Andy Chiu
2023-05-18 16:19 ` Andy Chiu
2023-05-18 16:19 ` [PATCH -next v20 26/26] selftests: add .gitignore file for RISC-V hwprobe Andy Chiu
2023-05-18 16:19 ` Andy Chiu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230518161949.11203-18-andy.chiu@sifive.com \
--to=andy.chiu@sifive.com \
--cc=alex@ghiti.fr \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=atishp@atishpatra.org \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=guoren@linux.alibaba.com \
--cc=heiko.stuebner@vrull.eu \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=masahiroy@kernel.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=shihpo.hung@sifive.com \
--cc=vincent.chen@sifive.com \
--cc=vineetg@rivosinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.