From patchwork Mon Sep 16 18:23:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1986211 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=fPazLsax; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=jHttu4F3; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4X6tbg1FDjz1y2d for ; Tue, 17 Sep 2024 04:24:14 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=kcwYuH1Nca+t5aMPiBClLA+FIIYHPN1EWFreVxHYphw=; b=fPazLsaxfyhcUN kkgrmP7yova5spwwukFMX7f1Kgin+6fPK+/5vavxzxs4jOamf0g80pmQ8TFDNjyUUMIBnpZKu1LYk qEUgwt6pllsJq0VRLC6ZEya36o9TQbDzfXfvlpoX0ZONrgCcHL+5y14TJyMcGdUkvG4YckvFB16Nf Er+VtrWDoR6VY4pEofJAgPP6kox+M4C/NoPPu9YTLMvyX5KJN3NB0gfR5ptblIvAtmSeLq4GEnDzP T2usk6PtQqdNNRmrRcnbPw33RwltoF8eWoPEGFvnSBSc0VpSbe2A2po1yBRKz2e4dexfbOyIBaSUh 4yDHGwzA39NsRL6RkeLA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1sqGOR-00000004gQh-250e; Mon, 16 Sep 2024 18:24:11 +0000 Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sqGON-00000004gNt-2vmm for opensbi@lists.infradead.org; Mon, 16 Sep 2024 18:24:08 +0000 Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-20536dcc6e9so26418185ad.2 for ; Mon, 16 Sep 2024 11:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1726511045; x=1727115845; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Z6oQt381CRKQ0qdZ0LmcKXQ3Bvm9YMSeDVdi5cdds0U=; b=jHttu4F3949uZIco2wRC+aERl4tAdmbWNZHM6MHHAlXSUfOz7PHwx8ON3CAsRTL5jc V70xoLzpWFafJxtd+SHknOtSjdmR82RH2I+R3JiQl/A9Ae4T5K5MzdWzlNUPy/BHQKFj VEPfXMz7xJDGGZsc34Gq4rnVqfAv9n75eLJAvJuQb65BFDds2+9+y932JQsIs0QNRlwN j7DQ0fIyGzmSBsEbSYpW34eO3P50HitDzZKeeQR1hPkSmI6jBtS0jb0xhZR6hucLhd+L 4RKd82eTKSlwlHUjAZNn/1mVk/F+ZVT8YFlAVXUSHlc6HnjAdLeJ4HJPGmAnsksGsnDj x9Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726511045; x=1727115845; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Z6oQt381CRKQ0qdZ0LmcKXQ3Bvm9YMSeDVdi5cdds0U=; b=cqNpirLPcvTkbRhjcVYsCoTRhYxhpMWeqX6HzJkej1lJXiN8yJSKnnFpEv3laztDq9 KqjQrSjt+Fs9y4q+YIbirqX3KWkkS4Obh7T8kv7N7Fdd7CGvG5tDlDYgLPbhncF1dFYm bph+2ib+gkhRqa8oZI098d8WJTdMA/iQXx+Y2NOT68cPU8Ke89wphlkTU+5X2eTpOuFo INanul3EdMe3traESA8bfoQX46WZ62sG3tMUE02cQNQQgrOVWbHxun6zHW1XgOdhJ+QY dXwaj+Rq4Pew7jKtsf1Njvhn+bYsGmuF60zQ3RiDOb0YsTW9GDrta/rCA/k3sq1IeMIk CFrQ== X-Gm-Message-State: AOJu0YzEyJcXPHZ8u/q6CeGVPXVv5SBsJF/0GZoV1vzEw3OyMLqc9P/F XtI21zYYPH4cIfQt39YCRUmRJkVEkaRnk1Sir4KK3s4FEm9+eYTENgPHWG+m4riVkGIAm/rRg2z v X-Google-Smtp-Source: AGHT+IH/A/IwnsZxzVW1cLqX1v4WpEndt9TIW4g7iYASgT/QdLRxJzIlLkXT63dR4ARZDF8QXtjfvg== X-Received: by 2002:a17:902:dac4:b0:205:5427:2231 with SMTP id d9443c01a7336-20782be4df7mr160297415ad.47.1726511045289; Mon, 16 Sep 2024 11:24:05 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20794600fadsm39203865ad.70.2024.09.16.11.24.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Sep 2024 11:24:04 -0700 (PDT) From: Deepak Gupta To: opensbi@lists.infradead.org Subject: [PATCH v6 4/4] lib: sbi: fwft: implement landing pad and shadow stack fwft interface Date: Mon, 16 Sep 2024 11:23:57 -0700 Message-ID: <20240916182357.24545-5-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240916182357.24545-1-debug@rivosinc.com> References: <20240916182357.24545-1-debug@rivosinc.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240916_112407_760182_CF3F4F75 X-CRM114-Status: GOOD ( 11.37 ) X-Spam-Score: -1.9 (-) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Supervisor software can enable control flow integrity features for itself using fwft feature `SBI_FWFT_LANDING_PAD` and `SBI_FWFT_SHADOW_STACK`. This patch implements the mechanism to enable both thes [...] Content analysis details: (-1.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:629 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: apatel@ventanamicro.com, anup@brainfault.org, atishp@rivosinc.com, cleger@rivosinc.com, Deepak Gupta Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Supervisor software can enable control flow integrity features for itself using fwft feature `SBI_FWFT_LANDING_PAD` and `SBI_FWFT_SHADOW_STACK`. This patch implements the mechanism to enable both these fwft. Signed-off-by: Deepak Gupta Reviewed-by: Atish Patra Reviewed-by: Clément Léger --- lib/sbi/sbi_fwft.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/lib/sbi/sbi_fwft.c b/lib/sbi/sbi_fwft.c index ef881ef..88610aa 100644 --- a/lib/sbi/sbi_fwft.c +++ b/lib/sbi/sbi_fwft.c @@ -145,6 +145,68 @@ static int fwft_get_adue(struct fwft_config *conf, unsigned long *value) return SBI_OK; } +static int fwft_lpad_supported(struct fwft_config *conf) +{ + if (!sbi_hart_has_extension(sbi_scratch_thishart_ptr(), + SBI_HART_EXT_ZICFILP)) + return SBI_ENOTSUPP; + + return SBI_OK; +} + +static int fwft_enable_lpad(struct fwft_config *conf, unsigned long value) +{ + if (value == 1) + csr_set(CSR_MENVCFG, ENVCFG_LPE); + else if (value == 0) + csr_clear(CSR_MENVCFG, ENVCFG_LPE); + else + return SBI_EINVAL; + + return SBI_OK; +} + +static int fwft_get_lpad(struct fwft_config *conf, unsigned long *value) +{ + unsigned long cfg; + + cfg = csr_read(CSR_MENVCFG) & ENVCFG_LPE; + *value = cfg != 0; + + return SBI_OK; +} + +static int fwft_sstack_supported(struct fwft_config *conf) +{ + if (!sbi_hart_has_extension(sbi_scratch_thishart_ptr(), + SBI_HART_EXT_ZICFISS)) + return SBI_ENOTSUPP; + + return SBI_OK; +} + +static int fwft_enable_sstack(struct fwft_config *conf, unsigned long value) +{ + if (value == 1) + csr_set(CSR_MENVCFG, ENVCFG_SSE); + else if (value == 0) + csr_clear(CSR_MENVCFG, ENVCFG_SSE); + else + return SBI_EINVAL; + + return SBI_OK; +} + +static int fwft_get_sstack(struct fwft_config *conf, unsigned long *value) +{ + unsigned long cfg; + + cfg = csr_read(CSR_MENVCFG) & ENVCFG_SSE; + *value = cfg != 0; + + return SBI_OK; +} + static struct fwft_config* get_feature_config(enum sbi_fwft_feature_t feature) { int i; @@ -230,6 +292,18 @@ static const struct fwft_feature features[] = .set = fwft_set_misaligned_delegation, .get = fwft_get_misaligned_delegation, }, + { + .id = SBI_FWFT_LANDING_PAD, + .supported = fwft_lpad_supported, + .set = fwft_enable_lpad, + .get = fwft_get_lpad, + }, + { + .id = SBI_FWFT_SHADOW_STACK, + .supported = fwft_sstack_supported, + .set = fwft_enable_sstack, + .get = fwft_get_sstack, + }, { .id = SBI_FWFT_PTE_AD_HW_UPDATING, .supported = fwft_adue_supported,