08d0ce30e0
Commit f0bddf50586d ("riscv: entry: Convert to generic entry") moved syscall handling to C code, which exposed function pointer type mismatches that trip fine-grained forward-edge Control-Flow Integrity (CFI) checks as syscall handlers are all called through the same syscall_t pointer type. To fix the type mismatches, implement pt_regs based syscall wrappers similarly to x86 and arm64. This patch is based on arm64 syscall wrappers added in commit 4378a7d4be30 ("arm64: implement syscall wrappers"), where the main goal was to minimize the risk of userspace-controlled values being used under speculation. This may be a concern for riscv in future as well. Following other architectures, the syscall wrappers generate three functions for each syscall; __riscv_<compat_>sys_<name> takes a pt_regs pointer and extracts arguments from registers, __se_<compat_>sys_<name> is a sign-extension wrapper that casts the long arguments to the correct types for the real syscall implementation, which is named __do_<compat_>sys_<name>. Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Link: https://lore.kernel.org/r/20230710183544.999540-9-samitolvanen@google.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
23 lines
600 B
C
23 lines
600 B
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright (C) 2009 Arnd Bergmann <arnd@arndb.de>
|
|
* Copyright (C) 2012 Regents of the University of California
|
|
*/
|
|
|
|
#include <linux/linkage.h>
|
|
#include <linux/syscalls.h>
|
|
#include <asm-generic/syscalls.h>
|
|
#include <asm/syscall.h>
|
|
|
|
#undef __SYSCALL
|
|
#define __SYSCALL(nr, call) asmlinkage long __riscv_##call(const struct pt_regs *);
|
|
#include <asm/unistd.h>
|
|
|
|
#undef __SYSCALL
|
|
#define __SYSCALL(nr, call) [nr] = __riscv_##call,
|
|
|
|
void * const sys_call_table[__NR_syscalls] = {
|
|
[0 ... __NR_syscalls - 1] = __riscv_sys_ni_syscall,
|
|
#include <asm/unistd.h>
|
|
};
|