mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-03-22 07:27:12 +08:00
66c9c713de
Save the shadow stack pointer in the sigcontext structure when delivering a signal. Restore the shadow stack pointer from sigcontext on sigreturn. As part of the save operation, the kernel uses the 'ssamoswap' instruction to save a snapshot of the current shadow stack on the shadow stack itself (this can be called a "save token"). During restore on sigreturn, the kernel retrieves the save token from the top of the shadow stack and validates it. This ensures that user mode can't arbitrarily pivot to any shadow stack address without having a token and thus provides a strong security assurance during the window between signal delivery and sigreturn. Use an ABI-compatible way of saving/restoring the shadow stack pointer into the signal stack. This follows the vector extension, where extra registers are placed in a form of extension header + extension body in the stack. The extension header indicates the size of the extra architectural states plus the size of header itself, and a magic identifier for the extension. Then, the extension body contains the new architectural states in the form defined by uapi. Signed-off-by: Andy Chiu <andy.chiu@sifive.com> Signed-off-by: Deepak Gupta <debug@rivosinc.com> Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com> Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-17-b55691eacf4f@rivosinc.com [pjw@kernel.org: cleaned patch description, code comments; resolved checkpatch warning] Signed-off-by: Paul Walmsley <pjw@kernel.org>
42 lines
948 B
C
42 lines
948 B
C
/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
|
|
/*
|
|
* Copyright (C) 2012 Regents of the University of California
|
|
*/
|
|
|
|
#ifndef _UAPI_ASM_RISCV_SIGCONTEXT_H
|
|
#define _UAPI_ASM_RISCV_SIGCONTEXT_H
|
|
|
|
#include <asm/ptrace.h>
|
|
|
|
/* The Magic number for signal context frame header. */
|
|
#define RISCV_V_MAGIC 0x53465457
|
|
#define RISCV_ZICFISS_MAGIC 0x9487
|
|
#define END_MAGIC 0x0
|
|
|
|
/* The size of END signal context header. */
|
|
#define END_HDR_SIZE 0x0
|
|
|
|
#ifndef __ASSEMBLER__
|
|
|
|
struct __sc_riscv_v_state {
|
|
struct __riscv_v_ext_state v_state;
|
|
} __attribute__((aligned(16)));
|
|
|
|
/*
|
|
* Signal context structure
|
|
*
|
|
* This contains the context saved before a signal handler is invoked;
|
|
* it is restored by sys_rt_sigreturn.
|
|
*/
|
|
struct sigcontext {
|
|
struct user_regs_struct sc_regs;
|
|
union {
|
|
union __riscv_fp_state sc_fpregs;
|
|
struct __riscv_extra_ext_header sc_extdesc;
|
|
};
|
|
};
|
|
|
|
#endif /*!__ASSEMBLER__*/
|
|
|
|
#endif /* _UAPI_ASM_RISCV_SIGCONTEXT_H */
|