08d0ce30e0
Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_<compat_>sys_<name> takes a pt_regs pointer and extracts arguments from registers, __se_<compat_>sys_<name> is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_<compat_>sys_<name>. Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Link: https://lore.kernel.org/r/20230710183544.999540-9-samitolvanen@google.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
103 lines
2.4 KiB
C
103 lines
2.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (C) 2008-2009 Red Hat, Inc. All rights reserved.
|
|
* Copyright 2010 Tilera Corporation. All Rights Reserved.
|
|
* Copyright 2015 Regents of the University of California, Berkeley
|
|
*
|
|
* See asm-generic/syscall.h for descriptions of what we must do here.
|
|
*/
|
|
|
|
#ifndef _ASM_RISCV_SYSCALL_H
|
|
#define _ASM_RISCV_SYSCALL_H
|
|
|
|
#include <asm/hwprobe.h>
|
|
#include <uapi/linux/audit.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/err.h>
|
|
|
|
/* The array of function pointers for syscalls. */
|
|
extern void * const sys_call_table[];
|
|
extern void * const compat_sys_call_table[];
|
|
|
|
/*
|
|
* Only the low 32 bits of orig_r0 are meaningful, so we return int.
|
|
* This importantly ignores the high bits on 64-bit, so comparisons
|
|
* sign-extend the low 32 bits.
|
|
*/
|
|
static inline int syscall_get_nr(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
return regs->a7;
|
|
}
|
|
|
|
static inline void syscall_rollback(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
regs->a0 = regs->orig_a0;
|
|
}
|
|
|
|
static inline long syscall_get_error(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
unsigned long error = regs->a0;
|
|
|
|
return IS_ERR_VALUE(error) ? error : 0;
|
|
}
|
|
|
|
static inline long syscall_get_return_value(struct task_struct *task,
|
|
struct pt_regs *regs)
|
|
{
|
|
return regs->a0;
|
|
}
|
|
|
|
static inline void syscall_set_return_value(struct task_struct *task,
|
|
struct pt_regs *regs,
|
|
int error, long val)
|
|
{
|
|
regs->a0 = (long) error ?: val;
|
|
}
|
|
|
|
static inline void syscall_get_arguments(struct task_struct *task,
|
|
struct pt_regs *regs,
|
|
unsigned long *args)
|
|
{
|
|
args[0] = regs->orig_a0;
|
|
args++;
|
|
memcpy(args, ®s->a1, 5 * sizeof(args[0]));
|
|
}
|
|
|
|
static inline int syscall_get_arch(struct task_struct *task)
|
|
{
|
|
#ifdef CONFIG_64BIT
|
|
return AUDIT_ARCH_RISCV64;
|
|
#else
|
|
return AUDIT_ARCH_RISCV32;
|
|
#endif
|
|
}
|
|
|
|
typedef long (*syscall_t)(const struct pt_regs *);
|
|
static inline void syscall_handler(struct pt_regs *regs, ulong syscall)
|
|
{
|
|
syscall_t fn;
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
if ((regs->status & SR_UXL) == SR_UXL_32)
|
|
fn = compat_sys_call_table[syscall];
|
|
else
|
|
#endif
|
|
fn = sys_call_table[syscall];
|
|
|
|
regs->a0 = fn(regs);
|
|
}
|
|
|
|
static inline bool arch_syscall_is_vdso_sigreturn(struct pt_regs *regs)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
asmlinkage long sys_riscv_flush_icache(uintptr_t, uintptr_t, uintptr_t);
|
|
|
|
asmlinkage long sys_riscv_hwprobe(struct riscv_hwprobe *, size_t, size_t,
|
|
unsigned long *, unsigned int);
|
|
#endif /* _ASM_RISCV_SYSCALL_H */
|