From patchwork Tue Sep 10 16:35:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1983360 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=GpEEOpUM; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=bAPbKOq3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4X38hZ1L30z1y1w for ; Wed, 11 Sep 2024 02:45:34 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=lLBhx1f2WHXkhy5qtNXqDz4Fa9WbwW7VhbbM3+mbvD8=; b=GpEEOpUMghM0A8 xrjz4U0irGNmvcpn8IMn7SFMSGvUsXPsiehzPRnDjMoBnnK3fuWhnZH6kR1aAk6q8lE+eZLod5avS 2HjkTY5oXAAlZeBxk7o0nZBB8s/+eTRhnr6khH+y2WCtrUZkTyqxrpADAhZkaM/qCixZUrvB+LgvW lCQ9G1m1HPe2Bu5speittWuSkZgrbDKs1RIwt2/XjPmhAHSll0Z09xfEvXdoy9FPkqek8f+aAn9OM R0Ob9m4gfblWTZYPxV64Jt8hxnHfnuoxFCOFPhDeR5/gHdsM2t7qBApZfPdYMUNXnfO7/nOkWoodN +8Oh+MECwAA1bvFe2+nw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1so3zY-00000006P9G-0BtB; Tue, 10 Sep 2024 16:45:24 +0000 Received: from mail-pg1-x529.google.com ([2607:f8b0:4864:20::529]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1so3q1-00000006Lt5-3Bug for opensbi@lists.infradead.org; Tue, 10 Sep 2024 16:35:34 +0000 Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-7d50532d335so2299031a12.1 for ; Tue, 10 Sep 2024 09:35:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1725986132; x=1726590932; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7owTcll3cIj7cO1EgxJRzQk1bJYu/VfH77ynU7+pwL4=; b=bAPbKOq3YEIWLgIj4yZuucomN4k53AI9+pH6S+JEKeo6urMyNpFDanOzYInp5WCfe7 ILQ0mLdPUAXPyn++EZWnC91OtqJOh5NpNeVGq6JxYgIEU/rEzwSht6vRljh5ks1h8RDl swbEDRbvdMD892cGT2HlOjP+ywoSIupd5giRv9uN0OI5R1oLy5Oxhi2AByWCkmeqw++M A/ba2nkFWoKzjZjglSssvWIQPsU7SCFtV0wa/rXcdwe7Y8XUun01JY/buEnpxLfQY1ug oBo+I3xkb/11wDhLfTa7YRSRLQPtnVXL4wAP+thVvi06KDcSnAVisFfUv0GhgO+pdcfs Rl5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725986132; x=1726590932; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7owTcll3cIj7cO1EgxJRzQk1bJYu/VfH77ynU7+pwL4=; b=QLevUzmdTF5w6N5ivKIaOp1vGgvbGLNysF+Po05eWrMOkkQn6/kUgZiU76fHXApade 9Hq3KggoprhR/a5XLjr3nC7XhkQFlnnqRDd1rDOEGfdsuxYY1D+kmIGKOOZ1Sp0/kh/S PR04fhsPaPk+W163wx1NWkulewWOB695i0J6Pyz2oE+hm19AzzAknWiUKkl89+pokq4i mvLYwYyia8CT9qTu4FGJJocJAXckvcdR6Jz1BTSIbNEVYrttFXSexsnatq/FEaPjWut7 +fsTGo7cx8m6RmqExf2s7PKUB6Uy2I60TB0XiLxTtObXUTXtnGSLWCNCN+D5qOi0MSnn 6mgw== X-Gm-Message-State: AOJu0YwMIbssNMy09QXqP02M1yCdyXxSEA2vkVHaf/63FNhLTxCgG40a MLzHb3aqsZgoIqAdeJqL5fpkdam8FkdvTiUjd9tsNR42DO0joGke7W1qK7F1hFmcHKGi1AFy7VW j X-Google-Smtp-Source: AGHT+IHDfpYTogDbh0BUv6Q+GCcVv/U4L7SJt1zaU0Ryvxklr6NGgPiEXwgTCM+tlU1mYSv3ZY+LMA== X-Received: by 2002:a17:90a:c217:b0:2d8:8d60:a19a with SMTP id 98e67ed59e1d1-2daffd0bf2fmr15132278a91.27.1725986131591; Tue, 10 Sep 2024 09:35:31 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2db04136bc9sm6668075a91.1.2024.09.10.09.35.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Sep 2024 09:35:31 -0700 (PDT) From: Deepak Gupta To: opensbi@lists.infradead.org Subject: [PATCH v5 4/4] lib: sbi: fwft: implement landing pad and shadow stack fwft interface Date: Tue, 10 Sep 2024 09:35:22 -0700 Message-ID: <20240910163522.2584936-5-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240910163522.2584936-1-debug@rivosinc.com> References: <20240910163522.2584936-1-debug@rivosinc.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240910_093533_828179_08B9E268 X-CRM114-Status: GOOD ( 11.43 ) X-Spam-Score: -1.9 (-) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Supervisor software can enable control flow integrity features for itself using fwft feature `SBI_FWFT_LANDING_PAD` and `SBI_FWFT_SHADOW_STACK`. This patch implements the mechanism to enable both thes [...] Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:529 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: apatel@ventanamicro.com, anup@brainfault.org, atishp@rivosinc.com, cleger@rivosinc.com, Deepak Gupta Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Supervisor software can enable control flow integrity features for itself using fwft feature `SBI_FWFT_LANDING_PAD` and `SBI_FWFT_SHADOW_STACK`. This patch implements the mechanism to enable both these fwft. Signed-off-by: Deepak Gupta Reviewed-by: Atish Patra Reviewed-by: Clément Léger --- lib/sbi/sbi_fwft.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/lib/sbi/sbi_fwft.c b/lib/sbi/sbi_fwft.c index ef881ef..747bc88 100644 --- a/lib/sbi/sbi_fwft.c +++ b/lib/sbi/sbi_fwft.c @@ -145,6 +145,68 @@ static int fwft_get_adue(struct fwft_config *conf, unsigned long *value) return SBI_OK; } +static int fwft_lpad_supported(struct fwft_config *conf) +{ + if (!sbi_hart_has_extension(sbi_scratch_thishart_ptr(), + SBI_HART_EXT_ZICFILP)) + return SBI_ENOTSUPP; + + return SBI_OK; +} + +static int fwft_enable_lpad(struct fwft_config *conf, unsigned long value) +{ + if (value == 1) + csr_set(CSR_MENVCFG, ENVCFG_LPE); + else if (value == 0) + csr_clear(CSR_MENVCFG, ENVCFG_LPE); + else + return SBI_EINVAL; + + return SBI_OK; +} + +static int fwft_get_lpad(struct fwft_config *conf, unsigned long *value) +{ + unsigned long cfg; + + cfg = csr_read(CSR_MENVCFG) & ENVCFG_LPE; + *value = cfg != 0; + + return SBI_OK; +} + +static int fwft_sstack_supported(struct fwft_config *conf) +{ + if (!sbi_hart_has_extension(sbi_scratch_thishart_ptr(), + SBI_HART_EXT_ZICFISS)) + return SBI_ENOTSUPP; + + return SBI_OK; +} + +static int fwft_enable_sstack(struct fwft_config *conf, unsigned long value) +{ + if (value == 1) + csr_set(CSR_MENVCFG, ENVCFG_SSE); + else if (value == 0) + csr_clear(CSR_MENVCFG, ENVCFG_SSE); + else + return SBI_EINVAL; + + return SBI_OK; +} + +static int fwft_get_sstack(struct fwft_config *conf, unsigned long *value) +{ + unsigned long cfg; + + cfg = csr_read(CSR_MENVCFG) & ENVCFG_SSE; + *value = cfg != 0; + + return SBI_OK; +} + static struct fwft_config* get_feature_config(enum sbi_fwft_feature_t feature) { int i; @@ -236,6 +298,18 @@ static const struct fwft_feature features[] = .set = fwft_set_adue, .get = fwft_get_adue, }, + { + .id = SBI_FWFT_LANDING_PAD, + .supported = fwft_lpad_supported, + .set = fwft_enable_lpad, + .get = fwft_get_lpad, + }, + { + .id = SBI_FWFT_SHADOW_STACK, + .supported = fwft_sstack_supported, + .set = fwft_enable_sstack, + .get = fwft_get_sstack, + }, }; int sbi_fwft_init(struct sbi_scratch *scratch, bool cold_boot)