[PW_SID:1086512] [v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB#1826
[PW_SID:1086512] [v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB#1826linux-riscv-bot wants to merge 3 commits into
Conversation
…_TYPED_FUNC_START After commit 67bdd7b ("riscv: Split out measure_cycles() for reuse") and commit c03ad15 ("riscv: Reuse measure_cycles() in check_vector_unaligned_access()"), there are CFI failure when booting kernels with CONFIG_CFI=y: CFI failure at measure_cycles+0x38/0xe0 (target: __riscv_copy_words_unaligned+0x0/0x50; expected type: ...) CFI failure at measure_cycles+0x38/0xe0 (target: __riscv_copy_vec_words_unaligned+0x0/0x24; expected type: ...) The __riscv_copy_*_unaligned() functions are now called indirectly but they are not defined with SYM_TYPED_FUNC_START, which is required for assembly functions called indirectly from C to pass CFI checking. Switch to SYM_TYPED_FUNC_START to clear up the CFI failures. Fixes: 67bdd7b ("riscv: Split out measure_cycles() for reuse") Fixes: c03ad15 ("riscv: Reuse measure_cycles() in check_vector_unaligned_access()") Signed-off-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Nam Cao <namcao@linutronix.de> Link: https://patch.msgid.link/20260406-measure_cycles-cfi-failure-v1-1-03e0234ae02f@kernel.org Signed-off-by: Paul Walmsley <pjw@kernel.org>
Follow the ARM64 GCS (Guarded Control Stack) implementation approach by reducing the shadow stack size allocation from min(RLIMIT_STACK, 4GB) to min(RLIMIT_STACK/2, 2GB). see commit '506496bcbb42 "arm64/gcs: Ensure that new threads have a GCS")' Rationale: 1. Shadow stacks only store return addresses (8 bytes per entry), not local variables, function parameters, or saved registers. A 2GB shadow stack is far more than sufficient for any practical application, even with extremely deep recursion. Using half the size maintains adequate while being more resource-efficient margin 2. On memory-constrained systems (e.g., platforms with only 4GB of physical memory, which is a common configuration), allocating 4GB of virtual address space for shadow stack per process/thread can lead to virtual memory allocation failures when the overcommit mode is set to OVERCOMMIT_GUESS or OVERCOMMIT_NEVER: Error: "__vm_enough_memory: not enough memory for the allocation" This reduces virtual address space consumption by 50% while maintaining more than adequate space for return address storage. Signed-off-by: Zong Li <zong.li@sifive.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
|
Patch 1: "[v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB" |
linux-riscv-bot
force-pushed
the
workflow__riscv__fixes
branch
2 times, most recently
from
94a07a2 to
f190ec6
Compare
3 participants
PR for series 1086512 applied to workflow__riscv__fixes
Name: [v2] riscv: cif: reduce shadow stack size limit from 4GB to 2GB
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=1086512
Version: 2