lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Jan 2024 10:12:16 -0800
From: Deepak Gupta <debug@...osinc.com>
To: Conor Dooley <conor@...nel.org>
Cc: rick.p.edgecombe@...el.com, broonie@...nel.org, Szabolcs.Nagy@....com,
	kito.cheng@...ive.com, keescook@...omium.org,
	ajones@...tanamicro.com, paul.walmsley@...ive.com,
	palmer@...belt.com, conor.dooley@...rochip.com, cleger@...osinc.com,
	atishp@...shpatra.org, alex@...ti.fr, bjorn@...osinc.com,
	alexghiti@...osinc.com, corbet@....net, aou@...s.berkeley.edu,
	oleg@...hat.com, akpm@...ux-foundation.org, arnd@...db.de,
	ebiederm@...ssion.com, shuah@...nel.org, brauner@...nel.org,
	guoren@...nel.org, samitolvanen@...gle.com, evan@...osinc.com,
	xiao.w.wang@...el.com, apatel@...tanamicro.com,
	mchitale@...tanamicro.com, waylingii@...il.com,
	greentime.hu@...ive.com, heiko@...ech.de, jszhang@...nel.org,
	shikemeng@...weicloud.com, david@...hat.com, charlie@...osinc.com,
	panqinglin2020@...as.ac.cn, willy@...radead.org,
	vincent.chen@...ive.com, andy.chiu@...ive.com, gerg@...nel.org,
	jeeheng.sia@...rfivetech.com, mason.huo@...rfivetech.com,
	ancientmodern4@...il.com, mathis.salmen@...sal.de,
	cuiyunhui@...edance.com, bhe@...hat.com, chenjiahao16@...wei.com,
	ruscur@...sell.cc, bgray@...ux.ibm.com, alx@...nel.org,
	baruch@...s.co.il, zhangqing@...ngson.cn, catalin.marinas@....com,
	revest@...omium.org, josh@...htriplett.org, joey.gouly@....com,
	shr@...kernel.io, omosnace@...hat.com, ojeda@...nel.org,
	jhubbard@...dia.com, linux-doc@...r.kernel.org,
	linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, linux-arch@...r.kernel.org,
	linux-kselftest@...r.kernel.org
Subject: Re: [RFC PATCH v1 24/28] riscv: select config for shadow stack and
 landing pad instr support

On Thu, Jan 25, 2024 at 06:04:26PM +0000, Conor Dooley wrote:
>On Wed, Jan 24, 2024 at 10:21:49PM -0800, debug@...osinc.com wrote:
>> From: Deepak Gupta <debug@...osinc.com>
>>
>> This patch selects config shadow stack support and landing pad instr
>> support. Shadow stack support and landing instr support is hidden behind
>> `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path
>> to enumerate CPU support and if cpu support exists, kernel will support
>> cpu assisted user mode cfi.
>>
>> Signed-off-by: Deepak Gupta <debug@...osinc.com>
>> ---
>>  arch/riscv/Kconfig | 15 +++++++++++++++
>>  1 file changed, 15 insertions(+)
>>
>> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> index 9d386e9edc45..437b2f9abf3e 100644
>> --- a/arch/riscv/Kconfig
>> +++ b/arch/riscv/Kconfig
>> @@ -163,6 +163,7 @@ config RISCV
>>  	select SYSCTL_EXCEPTION_TRACE
>>  	select THREAD_INFO_IN_TASK
>>  	select TRACE_IRQFLAGS_SUPPORT
>> +	select RISCV_USER_CFI
>
>This select makes no sense to me, it will unconditionally enable
>RISCV_USER_CFI. I don't think that that is your intent, since you have a
>detailed option below that allows the user to turn it on or off.
>
>If you remove it, the commit message will need to change too FYI.
>

Selecting this config puts support in Kernel so that it can run tasks who wants
to enable hardware assisted control flow integrity for themselves. But apps still
always need to optin using `prctls`. Those prctls are stubs and return EINVAL when
this config is not selected. Not selecting this config means, kernel will not support
enabling this feature for user mode.

I'll edit commit message to better reflect this.

>Thanks,
>Conor.
>
>>  	select UACCESS_MEMCPY if !MMU
>>  	select ZONE_DMA32 if 64BIT
>>
>> @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK
>>  	# https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769
>>  	depends on $(ld-option,--no-relax-gp)
>>
>> +config RISCV_USER_CFI
>> +	bool "riscv userspace control flow integrity"
>> +	help
>> +	  Provides CPU assisted control flow integrity to userspace tasks.
>> +	  Control flow integrity is provided by implementing shadow stack for
>> +	  backward edge and indirect branch tracking for forward edge in program.
>> +	  Shadow stack protection is a hardware feature that detects function
>> +	  return address corruption. This helps mitigate ROP attacks.
>> +	  Indirect branch tracking enforces that all indirect branches must land
>> +	  on a landing pad instruction else CPU will fault. This mitigates against
>> +	  JOP / COP attacks. Applications must be enabled to use it, and old user-
>> +	  space does not get protection "for free".
>> +	  default y
>> +
>>  config ARCH_MMAP_RND_BITS_MIN
>>  	default 18 if 64BIT
>>  	default 8
>> --
>> 2.43.0
>>
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ