riscv: Implement arch-agnostic shadow stack prctls

#ifndef __ASSEMBLER__

#include <linux/types.h>

#include <linux/prctl.h>

struct task_struct;

struct kernel_clone_args;

#ifdef CONFIG_RISCV_USER_CFI

struct cfi_state {

	unsigned long ubcfi_en : 1; /* Enable for backward cfi. */

	unsigned long ubcfi_locked : 1;

	unsigned long user_shdw_stk; /* Current user shadow stack pointer */

	unsigned long shdw_stk_base; /* Base address of shadow stack */

	unsigned long shdw_stk_size; /* size of shadow stack */

unsigned long get_shstk_base(struct task_struct *task, unsigned long *size);

void set_active_shstk(struct task_struct *task, unsigned long shstk_addr);

bool is_shstk_enabled(struct task_struct *task);

bool is_shstk_locked(struct task_struct *task);

bool is_shstk_allocated(struct task_struct *task);

void set_shstk_lock(struct task_struct *task);

void set_shstk_status(struct task_struct *task, bool enable);

#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)

#else

#define is_shstk_enabled(task) false

#define is_shstk_locked(task) false

#define is_shstk_allocated(task) false

#define set_shstk_lock(task) do {} while (0)

#define set_shstk_status(task, enable) do {} while (0)

#endif /* CONFIG_RISCV_USER_CFI */

#endif /* __ASSEMBLER__ */

	regs->epc = pc;

	regs->sp = sp;

	/*

	 * clear shadow stack state on exec.

	 * libc will set it later via prctl.

	 */

	set_shstk_status(current, false);

	set_shstk_base(current, 0, 0);

	set_active_shstk(current, 0);

#ifdef CONFIG_64BIT

	regs->status &= ~SR_UXL;

	return task->thread_info.user_cfi_state.ubcfi_en;

}

bool is_shstk_allocated(struct task_struct *task)

{

	return task->thread_info.user_cfi_state.shdw_stk_base;

}

bool is_shstk_locked(struct task_struct *task)

{

	return task->thread_info.user_cfi_state.ubcfi_locked;

}

void set_shstk_base(struct task_struct *task, unsigned long shstk_addr, unsigned long size)

{

	task->thread_info.user_cfi_state.shdw_stk_base = shstk_addr;

	task->thread_info.user_cfi_state.user_shdw_stk = shstk_addr;

}

void set_shstk_status(struct task_struct *task, bool enable)

{

	if (!cpu_supports_shadow_stack())

		return;

	task->thread_info.user_cfi_state.ubcfi_en = enable ? 1 : 0;

	if (enable)

		task->thread.envcfg |= ENVCFG_SSE;

	else

		task->thread.envcfg &= ~ENVCFG_SSE;

	csr_write(CSR_ENVCFG, task->thread.envcfg);

}

void set_shstk_lock(struct task_struct *task)

{

	task->thread_info.user_cfi_state.ubcfi_locked = 1;

}

/*

 * If size is 0, then to be compatible with regular stack we want it to be as big as

 * regular stack. Else PAGE_ALIGN it and return back

	vm_munmap(base, size);

	set_shstk_base(tsk, 0, 0);

}

int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status)

{

	unsigned long bcfi_status = 0;

	if (!cpu_supports_shadow_stack())

		return -EINVAL;

	/* this means shadow stack is enabled on the task */

	bcfi_status |= (is_shstk_enabled(t) ? PR_SHADOW_STACK_ENABLE : 0);

	return copy_to_user(status, &bcfi_status, sizeof(bcfi_status)) ? -EFAULT : 0;

}

int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status)

{

	unsigned long size = 0, addr = 0;

	bool enable_shstk = false;

	if (!cpu_supports_shadow_stack())

		return -EINVAL;

	/* Reject unknown flags */

	if (status & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK)

		return -EINVAL;

	/* bcfi status is locked and further can't be modified by user */

	if (is_shstk_locked(t))

		return -EINVAL;

	enable_shstk = status & PR_SHADOW_STACK_ENABLE;

	/* Request is to enable shadow stack and shadow stack is not enabled already */

	if (enable_shstk && !is_shstk_enabled(t)) {

		/* shadow stack was allocated and enable request again

		 * no need to support such usecase and return EINVAL.

		 */

		if (is_shstk_allocated(t))

			return -EINVAL;

		size = calc_shstk_size(0);

		addr = allocate_shadow_stack(0, size, 0, false);

		if (IS_ERR_VALUE(addr))

			return -ENOMEM;

		set_shstk_base(t, addr, size);

		set_active_shstk(t, addr + size);

	}

	/*

	 * If a request to disable shadow stack happens, let's go ahead and release it

	 * Although, if CLONE_VFORKed child did this, then in that case we will end up

	 * not releasing the shadow stack (because it might be needed in parent). Although

	 * we will disable it for VFORKed child. And if VFORKed child tries to enable again

	 * then in that case, it'll get entirely new shadow stack because following condition

	 * are true

	 *  - shadow stack was not enabled for vforked child

	 *  - shadow stack base was anyways pointing to 0

	 * This shouldn't be a big issue because we want parent to have availability of shadow

	 * stack whenever VFORKed child releases resources via exit or exec but at the same

	 * time we want VFORKed child to break away and establish new shadow stack if it desires

	 *

	 */

	if (!enable_shstk)

		shstk_release(t);

	set_shstk_status(t, enable_shstk);

	return 0;

}

int arch_lock_shadow_stack_status(struct task_struct *task,

				  unsigned long arg)

{

	/* If shtstk not supported or not enabled on task, nothing to lock here */

	if (!cpu_supports_shadow_stack() ||

	    !is_shstk_enabled(task) || arg != 0)

		return -EINVAL;

	set_shstk_lock(task);

	return 0;

}