| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2024 10:12:16 -0800 From: Deepak Gupta <debug@...osinc.com> To: Conor Dooley <conor@...nel.org> Cc: rick.p.edgecombe@...el.com, broonie@...nel.org, Szabolcs.Nagy@....com, kito.cheng@...ive.com, keescook@...omium.org, ajones@...tanamicro.com, paul.walmsley@...ive.com, palmer@...belt.com, conor.dooley@...rochip.com, cleger@...osinc.com, atishp@...shpatra.org, alex@...ti.fr, bjorn@...osinc.com, alexghiti@...osinc.com, corbet@....net, aou@...s.berkeley.edu, oleg@...hat.com, akpm@...ux-foundation.org, arnd@...db.de, ebiederm@...ssion.com, shuah@...nel.org, brauner@...nel.org, guoren@...nel.org, samitolvanen@...gle.com, evan@...osinc.com, xiao.w.wang@...el.com, apatel@...tanamicro.com, mchitale@...tanamicro.com, waylingii@...il.com, greentime.hu@...ive.com, heiko@...ech.de, jszhang@...nel.org, shikemeng@...weicloud.com, david@...hat.com, charlie@...osinc.com, panqinglin2020@...as.ac.cn, willy@...radead.org, vincent.chen@...ive.com, andy.chiu@...ive.com, gerg@...nel.org, jeeheng.sia@...rfivetech.com, mason.huo@...rfivetech.com, ancientmodern4@...il.com, mathis.salmen@...sal.de, cuiyunhui@...edance.com, bhe@...hat.com, chenjiahao16@...wei.com, ruscur@...sell.cc, bgray@...ux.ibm.com, alx@...nel.org, baruch@...s.co.il, zhangqing@...ngson.cn, catalin.marinas@....com, revest@...omium.org, josh@...htriplett.org, joey.gouly@....com, shr@...kernel.io, omosnace@...hat.com, ojeda@...nel.org, jhubbard@...dia.com, linux-doc@...r.kernel.org, linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, linux-arch@...r.kernel.org, linux-kselftest@...r.kernel.org Subject: Re: [RFC PATCH v1 24/28] riscv: select config for shadow stack and landing pad instr support On Thu, Jan 25, 2024 at 06:04:26PM +0000, Conor Dooley wrote: >On Wed, Jan 24, 2024 at 10:21:49PM -0800, debug@...osinc.com wrote: >> From: Deepak Gupta <debug@...osinc.com> >> >> This patch selects config shadow stack support and landing pad instr >> support. Shadow stack support and landing instr support is hidden behind >> `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path >> to enumerate CPU support and if cpu support exists, kernel will support >> cpu assisted user mode cfi. >> >> Signed-off-by: Deepak Gupta <debug@...osinc.com> >> --- >> arch/riscv/Kconfig | 15 +++++++++++++++ >> 1 file changed, 15 insertions(+) >> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> index 9d386e9edc45..437b2f9abf3e 100644 >> --- a/arch/riscv/Kconfig >> +++ b/arch/riscv/Kconfig >> @@ -163,6 +163,7 @@ config RISCV >> select SYSCTL_EXCEPTION_TRACE >> select THREAD_INFO_IN_TASK >> select TRACE_IRQFLAGS_SUPPORT >> + select RISCV_USER_CFI > >This select makes no sense to me, it will unconditionally enable >RISCV_USER_CFI. I don't think that that is your intent, since you have a >detailed option below that allows the user to turn it on or off. > >If you remove it, the commit message will need to change too FYI. > Selecting this config puts support in Kernel so that it can run tasks who wants to enable hardware assisted control flow integrity for themselves. But apps still always need to optin using `prctls`. Those prctls are stubs and return EINVAL when this config is not selected. Not selecting this config means, kernel will not support enabling this feature for user mode. I'll edit commit message to better reflect this. >Thanks, >Conor. > >> select UACCESS_MEMCPY if !MMU >> select ZONE_DMA32 if 64BIT >> >> @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK >> # https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769 >> depends on $(ld-option,--no-relax-gp) >> >> +config RISCV_USER_CFI >> + bool "riscv userspace control flow integrity" >> + help >> + Provides CPU assisted control flow integrity to userspace tasks. >> + Control flow integrity is provided by implementing shadow stack for >> + backward edge and indirect branch tracking for forward edge in program. >> + Shadow stack protection is a hardware feature that detects function >> + return address corruption. This helps mitigate ROP attacks. >> + Indirect branch tracking enforces that all indirect branches must land >> + on a landing pad instruction else CPU will fault. This mitigates against >> + JOP / COP attacks. Applications must be enabled to use it, and old user- >> + space does not get protection "for free". >> + default y >> + >> config ARCH_MMAP_RND_BITS_MIN >> default 18 if 64BIT >> default 8 >> -- >> 2.43.0 >> >> >> _______________________________________________ >> linux-riscv mailing list >> linux-riscv@...ts.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists