[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZyE1ZVCI71sLUeqm@debug.ba.rivosinc.com>
Date: Tue, 29 Oct 2024 12:20:05 -0700
From: Deepak Gupta <debug@...osinc.com>
To: Conor Dooley <conor@...nel.org>
Cc: Yunhui Cui <cuiyunhui@...edance.com>, punit.agrawal@...edance.com,
paul.walmsley@...ive.com, palmer@...belt.com, aou@...s.berkeley.edu,
cleger@...osinc.com, charlie@...osinc.com, evan@...osinc.com,
samuel.holland@...ive.com, andybnac@...il.com,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] RISC-V: Enable Zicbom in usermode
On Fri, Oct 25, 2024 at 11:16:44AM +0100, Conor Dooley wrote:
>On Fri, Oct 25, 2024 at 05:15:27PM +0800, Yunhui Cui wrote:
>> Like Zicboz, by enabling the corresponding bits of senvcfg,
>> the instructions cbo.clean, cbo.flush, and cbo.inval can be
>> executed normally in user mode.
>>
>> Signed-off-by: Yunhui Cui <cuiyunhui@...edance.com>
>> ---
>> arch/riscv/kernel/cpufeature.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/kernel/cpufeature.c b/arch/riscv/kernel/cpufeature.c
>> index 1992ea64786e..bc850518ab41 100644
>> --- a/arch/riscv/kernel/cpufeature.c
>> +++ b/arch/riscv/kernel/cpufeature.c
>> @@ -924,7 +924,7 @@ unsigned long riscv_get_elf_hwcap(void)
>> void __init riscv_user_isa_enable(void)
>> {
>> if (riscv_has_extension_unlikely(RISCV_ISA_EXT_ZICBOZ))
>> - current->thread.envcfg |= ENVCFG_CBZE;
>> + current->thread.envcfg |= ENVCFG_CBIE | ENVCFG_CBCFE | ENVCFG_CBZE;
>
>I believe we previously decided that userspace should not be allowed to
>use zicbom, but that not withstanding - this is wrong. It should be
>checking for Zicbom, not Zicboz.
Additional comment:
It would be good to have this (flush/clean/inval) disabled for seccomped
process or at least some sort of user abi to disable it (whenever use decides
to seccomp current task). So either
- by default disable when task is strict seccomped
OR
- introduce user abi (prctl) to disable it. so that any task trying to
lockdown itself should be able to do that.
This is particularly useful for sandbox hosting in same address space.
Powered by blists - more mailing lists