Merge patch series "riscv: SCS support"

Sami Tolvanen <samitolvanen@google.com> says:

This series adds Shadow Call Stack (SCS) support for RISC-V. SCS
uses compiler instrumentation to store return addresses in a
separate shadow stack to protect them against accidental or
malicious overwrites. More information about SCS can be found
here:

  https://clang.llvm.org/docs/ShadowCallStack.html

Patch 1 is from Deepak, and it simplifies VMAP_STACK overflow
handling by adding support for accessing per-CPU variables
directly in assembly. The patch is included in this series to
make IRQ stack switching cleaner with SCS, and I've simply
rebased it and fixed a couple of minor issues. Patch 2 uses this
functionality to clean up the stack switching by moving duplicate
code into a single function. On RISC-V, the compiler uses the
gp register for storing the current shadow call stack pointer,
which is incompatible with global pointer relaxation. Patch 3
moves global pointer loading into a macro that can be easily
disabled with SCS. Patch 4 implements SCS register loading and
switching, and allows the feature to be enabled, and patch 5 adds
separate per-CPU IRQ shadow call stacks when CONFIG_IRQ_STACKS is
enabled. Patch 6 fixes the backward-edge CFI test in lkdtm for
RISC-V.

Note that this series requires Clang 17. Earlier Clang versions
support SCS on RISC-V, but use the x18 register instead of gp,
which isn't ideal. gcc has SCS support for arm64, but I'm not
aware of plans to support RISC-V. Once the Zicfiss extension is
ratified, it's probably preferable to use hardware-backed shadow
stacks instead of SCS on hardware that supports the extension,
and we may want to consider implementing CONFIG_DYNAMIC_SCS to
patch between the implementation at runtime (similarly to the
arm64 implementation, which switches to SCS when hardware PAC
support isn't available).

* b4-shazam-merge:
  lkdtm: Fix CFI_BACKWARD on RISC-V
  riscv: Use separate IRQ shadow call stacks
  riscv: Implement Shadow Call Stack
  riscv: Move global pointer loading to a macro
  riscv: Deduplicate IRQ stack switching
  riscv: VMAP_STACK overflow detection thread-safe

Link: https://lore.kernel.org/r/20230927224757.1154247-8-samitolvanen@google.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>

diff --cc arch/riscv/Kconfig
Simple merge

diff --cc arch/riscv/kernel/entry.S
index d7dd9030df3f8812056974fa474abcb07f82c297,3a0db310325a104f26161a1048230938f50bc700..9f92c067f7e1e8a53fefe844add95cb9fef17325
--- 1/arch/riscv/kernel/entry.S
--- 2/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@@ -13,9 -15,8 +15,10 @@@
  #include <asm/thread_info.h>
  #include <asm/asm-offsets.h>
  #include <asm/errata_list.h>
+ #include <linux/sizes.h>
  
 +      .section .irqentry.text, "ax"
 +
  SYM_CODE_START(handle_exception)
        /*
         * If coming from userspace, preserve the user thread pointer and load

diff --cc arch/riscv/purgatory/Makefile
index 982fc8e771085edc6ba91f40855ec8edca525c13,6a3c16bd5ca3bb7fbd357e48f6b19cd5e7a360b0..280b0eb352b8b1025b29711451f828fd50ce7631
--- 1/arch/riscv/purgatory/Makefile
--- 2/arch/riscv/purgatory/Makefile
+++ b/arch/riscv/purgatory/Makefile
@@@ -81,10 -81,10 +81,14 @@@ ifdef CONFIG_CFI_CLAN
  PURGATORY_CFLAGS_REMOVE               += $(CC_FLAGS_CFI)
  endif
  
 +ifdef CONFIG_RELOCATABLE
 +PURGATORY_CFLAGS_REMOVE               += -fPIE
 +endif
 +
+ ifdef CONFIG_SHADOW_CALL_STACK
+ PURGATORY_CFLAGS_REMOVE               += $(CC_FLAGS_SCS)
+ endif
+ 
  CFLAGS_REMOVE_purgatory.o     += $(PURGATORY_CFLAGS_REMOVE)
  CFLAGS_purgatory.o            += $(PURGATORY_CFLAGS)