lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Jan 2024 18:04:26 +0000
From: Conor Dooley <conor@...nel.org>
To: debug@...osinc.com
Cc: rick.p.edgecombe@...el.com, broonie@...nel.org, Szabolcs.Nagy@....com,
	kito.cheng@...ive.com, keescook@...omium.org,
	ajones@...tanamicro.com, paul.walmsley@...ive.com,
	palmer@...belt.com, conor.dooley@...rochip.com, cleger@...osinc.com,
	atishp@...shpatra.org, alex@...ti.fr, bjorn@...osinc.com,
	alexghiti@...osinc.com, corbet@....net, aou@...s.berkeley.edu,
	oleg@...hat.com, akpm@...ux-foundation.org, arnd@...db.de,
	ebiederm@...ssion.com, shuah@...nel.org, brauner@...nel.org,
	guoren@...nel.org, samitolvanen@...gle.com, evan@...osinc.com,
	xiao.w.wang@...el.com, apatel@...tanamicro.com,
	mchitale@...tanamicro.com, waylingii@...il.com,
	greentime.hu@...ive.com, heiko@...ech.de, jszhang@...nel.org,
	shikemeng@...weicloud.com, david@...hat.com, charlie@...osinc.com,
	panqinglin2020@...as.ac.cn, willy@...radead.org,
	vincent.chen@...ive.com, andy.chiu@...ive.com, gerg@...nel.org,
	jeeheng.sia@...rfivetech.com, mason.huo@...rfivetech.com,
	ancientmodern4@...il.com, mathis.salmen@...sal.de,
	cuiyunhui@...edance.com, bhe@...hat.com, chenjiahao16@...wei.com,
	ruscur@...sell.cc, bgray@...ux.ibm.com, alx@...nel.org,
	baruch@...s.co.il, zhangqing@...ngson.cn, catalin.marinas@....com,
	revest@...omium.org, josh@...htriplett.org, joey.gouly@....com,
	shr@...kernel.io, omosnace@...hat.com, ojeda@...nel.org,
	jhubbard@...dia.com, linux-doc@...r.kernel.org,
	linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, linux-arch@...r.kernel.org,
	linux-kselftest@...r.kernel.org
Subject: Re: [RFC PATCH v1 24/28] riscv: select config for shadow stack and
 landing pad instr support

On Wed, Jan 24, 2024 at 10:21:49PM -0800, debug@...osinc.com wrote:
> From: Deepak Gupta <debug@...osinc.com>
> 
> This patch selects config shadow stack support and landing pad instr
> support. Shadow stack support and landing instr support is hidden behind
> `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path
> to enumerate CPU support and if cpu support exists, kernel will support
> cpu assisted user mode cfi.
> 
> Signed-off-by: Deepak Gupta <debug@...osinc.com>
> ---
>  arch/riscv/Kconfig | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index 9d386e9edc45..437b2f9abf3e 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -163,6 +163,7 @@ config RISCV
>  	select SYSCTL_EXCEPTION_TRACE
>  	select THREAD_INFO_IN_TASK
>  	select TRACE_IRQFLAGS_SUPPORT
> +	select RISCV_USER_CFI

This select makes no sense to me, it will unconditionally enable
RISCV_USER_CFI. I don't think that that is your intent, since you have a
detailed option below that allows the user to turn it on or off.

If you remove it, the commit message will need to change too FYI.

Thanks,
Conor.

>  	select UACCESS_MEMCPY if !MMU
>  	select ZONE_DMA32 if 64BIT
>  
> @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK
>  	# https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769
>  	depends on $(ld-option,--no-relax-gp)
>  
> +config RISCV_USER_CFI
> +	bool "riscv userspace control flow integrity"
> +	help
> +	  Provides CPU assisted control flow integrity to userspace tasks.
> +	  Control flow integrity is provided by implementing shadow stack for
> +	  backward edge and indirect branch tracking for forward edge in program.
> +	  Shadow stack protection is a hardware feature that detects function
> +	  return address corruption. This helps mitigate ROP attacks.
> +	  Indirect branch tracking enforces that all indirect branches must land
> +	  on a landing pad instruction else CPU will fault. This mitigates against
> +	  JOP / COP attacks. Applications must be enabled to use it, and old user-
> +	  space does not get protection "for free".
> +	  default y
> +
>  config ARCH_MMAP_RND_BITS_MIN
>  	default 18 if 64BIT
>  	default 8
> -- 
> 2.43.0
> 
> 
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ