[PATCH v17 15/27] riscv/traps: Introduce software check exception and uprobe handling
Deepak Gupta
debug at rivosinc.com
Wed Jul 16 00:33:29 PDT 2025
On Tue, Jul 15, 2025 at 7:06 PM Zong Li <zong.li at sifive.com> wrote:
>
> On Wed, Jul 16, 2025 at 5:34 AM Deepak Gupta <debug at rivosinc.com> wrote:
> >
> > Hi Zong,
> >
> >
> > On Thu, Jun 19, 2025 at 7:16 PM Zong Li <zong.li at sifive.com> wrote:
> > >
> > > On Mon, Jun 16, 2025 at 3:31 PM Zong Li <zong.li at sifive.com> wrote:
> > > >
> > > > On Thu, Jun 5, 2025 at 1:17 AM Deepak Gupta <debug at rivosinc.com> wrote:
> > > > >
> > > > > zicfiss / zicfilp introduces a new exception to priv isa `software check
> > > > > exception` with cause code = 18. This patch implements software check
> > > > > exception.
> > > > >
> > .....
> >
> > > > When a user mode CFI violation occurs, the ELP state should be 1, and
> > > > the system traps into supervisor mode. During this trap, sstatus.SPELP
> > > > is set to 1, and the ELP state is reset to 0. If we don’t clear
> > > > sstatus.SPELP, the ELP state will become 1 again after executing the
> > > > sret instruction. As a result, the system might trigger another
> > > > forward CFI violation upon executing the next instruction in the user
> > > > program, unless it happens to be a lpad instruction.
> > > >
> > > > The previous patch was tested on QEMU, but QEMU does not set the
> > > > sstatus.SPELP bit to 1 when a forward CFI violation occurs. Therefore,
> > > > I suspect that QEMU might also require some fixes.
> > >
> > > Hi Deepak,
> > > The issue with QEMU was that the sw-check exception bit in medeleg
> > > couldn't be set. This has been fixed in the latest QEMU mainline. I
> > > have re-tested the latest QEMU version, and it works.
> >
> > What was this issue, can you point me to the patch in mainline?
>
> Hi Deepak
> The issue was that my QEMU setup somehow missed the change of
> `target/riscv/csr.c` in your following patch:
> https://github.com/qemu/qemu/commit/6031102401ae8a69a87b20fbec2aae666625d96a
> After I upgraded to the latest QEMU source, I found the kernel issue
> if we didn't clear sstatus.SPELP in the handler
> Thanks
Aah ok, got it.
>
> >
> > >
> > > >
> > > > Thanks
> > > >
> > > > > +
> > > > > + if (is_fcfi || is_bcfi) {
> > > > > + do_trap_error(regs, SIGSEGV, SEGV_CPERR, regs->epc,
> > > > > + "Oops - control flow violation");
> > > > > + return true;
> > > > > + }
> > > > > +
> > > > > + return false;
> > > > > +}
> > > > > +
> > > > > +/*
> > > > > + * software check exception is defined with risc-v cfi spec. Software check
> > > > > + * exception is raised when:-
> > > > > + * a) An indirect branch doesn't land on 4 byte aligned PC or `lpad`
> > > > > + * instruction or `label` value programmed in `lpad` instr doesn't
> > > > > + * match with value setup in `x7`. reported code in `xtval` is 2.
> > > > > + * b) `sspopchk` instruction finds a mismatch between top of shadow stack (ssp)
> > > > > + * and x1/x5. reported code in `xtval` is 3.
> > > > > + */
> > > > > +asmlinkage __visible __trap_section void do_trap_software_check(struct pt_regs *regs)
> > > > > +{
> > > > > + if (user_mode(regs)) {
> > > > > + irqentry_enter_from_user_mode(regs);
> > > > > +
> > > > > + /* not a cfi violation, then merge into flow of unknown trap handler */
> > > > > + if (!handle_user_cfi_violation(regs))
> > > > > + do_trap_unknown(regs);
> > > > > +
> > > > > + irqentry_exit_to_user_mode(regs);
> > > > > + } else {
> > > > > + /* sw check exception coming from kernel is a bug in kernel */
> > > > > + die(regs, "Kernel BUG");
> > > > > + }
> > > > > +}
> > > > > +
> > > > > #ifdef CONFIG_MMU
> > > > > asmlinkage __visible noinstr void do_page_fault(struct pt_regs *regs)
> > > > > {
> > > > >
> > > > > --
> > > > > 2.43.0
> > > > >
More information about the linux-riscv
mailing list