| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Mar 2024 01:08:12 -0400
From: "Stefan O'Rear" <sorear@...tmail.com>
To: debug <debug@...osinc.com>, "Paul Walmsley" <paul.walmsley@...ive.com>,
"Rick P Edgecombe" <rick.p.edgecombe@...el.com>,
"Mark Brown" <broonie@...nel.org>, "Szabolcs Nagy" <Szabolcs.Nagy@....com>,
"kito.cheng@...ive.com" <kito.cheng@...ive.com>,
"Kees Cook" <keescook@...omium.org>,
"Andrew Jones" <ajones@...tanamicro.com>,
"Conor Dooley" <conor.dooley@...rochip.com>,
Clément Léger <cleger@...osinc.com>,
"Atish Patra" <atishp@...shpatra.org>, "Alexandre Ghiti" <alex@...ti.fr>,
Björn Töpel <bjorn@...osinc.com>,
"Alexandre Ghiti" <alexghiti@...osinc.com>,
"Samuel Holland" <samuel.holland@...ive.com>, palmer@...ive.com,
"Conor Dooley" <conor@...nel.org>, linux-doc@...r.kernel.org,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
devicetree@...r.kernel.org, linux-mm@...ck.org, linux-arch@...r.kernel.org,
linux-kselftest@...r.kernel.org
Cc: "Jonathan Corbet" <corbet@....net>, tech-j-ext@...ts.risc-v.org,
"Palmer Dabbelt" <palmer@...belt.com>,
"Albert Ou" <aou@...s.berkeley.edu>, "Rob Herring" <robh+dt@...nel.org>,
"Krzysztof Kozlowski" <krzysztof.kozlowski+dt@...aro.org>,
oleg@...hat.com, "Andrew Morton" <akpm@...ux-foundation.org>,
"Arnd Bergmann" <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>, Liam.Howlett@...cle.com,
vbabka@...e.cz, lstoakes@...il.com, shuah@...nel.org,
"Christian Brauner" <brauner@...nel.org>,
"Andy Chiu" <andy.chiu@...ive.com>, jerry.shih@...ive.com,
hankuan.chen@...ive.com, greentime.hu@...ive.com,
"Evan Green" <evan@...osinc.com>, "Xiao Wang" <xiao.w.wang@...el.com>,
"Charlie Jenkins" <charlie@...osinc.com>,
"Anup Patel" <apatel@...tanamicro.com>, mchitale@...tanamicro.com,
dbarboza@...tanamicro.com, "Samuel Ortiz" <sameo@...osinc.com>,
shikemeng@...weicloud.com, willy@...radead.org,
"Vincent Chen" <vincent.chen@...ive.com>, guoren <guoren@...nel.org>,
"Sami Tolvanen" <samitolvanen@...gle.com>, songshuaishuai@...ylab.org,
"Greg Ungerer" <gerg@...nel.org>, "Heiko Stuebner" <heiko@...ech.de>,
"Baoquan He" <bhe@...hat.com>,
"Sia Jee Heng" <jeeheng.sia@...rfivetech.com>,
"Yangyu Chen" <cyy@...self.name>, maskray@...gle.com,
ancientmodern4@...il.com, mathis.salmen@...sal.de,
"yunhui cui" <cuiyunhui@...edance.com>, bgray@...ux.ibm.com,
mpe@...erman.id.au, baruch@...s.co.il,
"Alejandro Colomar" <alx@...nel.org>,
"David Hildenbrand" <david@...hat.com>,
"Catalin Marinas" <catalin.marinas@....com>, revest@...omium.org,
josh@...htriplett.org, shr@...kernel.io, deller@....de,
omosnace@...hat.com, ojeda@...nel.org, jhubbard@...dia.com
Subject: Re: [PATCH v2 04/27] riscv: zicfiss/zicfilp enumeration
On Fri, Mar 29, 2024, at 12:44 AM, Deepak Gupta wrote:
> Adds description in dt-bindings (extensions.yaml)
>
> This patch adds support for detecting zicfiss and zicfilp. zicfiss and zicfilp
> stands for unprivleged integer spec extension for shadow stack and branch
> tracking on indirect branches, respectively.
>
> This patch looks for zicfiss and zicfilp in device tree and accordinlgy lights
> up bit in cpu feature bitmap. Furthermore this patch adds detection utility
> functions to return whether shadow stack or landing pads are supported by
> cpu.
>
> Signed-off-by: Deepak Gupta <debug@...osinc.com>
> ---
> .../devicetree/bindings/riscv/extensions.yaml | 10 ++++++++++
> arch/riscv/include/asm/cpufeature.h | 13 +++++++++++++
> arch/riscv/include/asm/hwcap.h | 2 ++
> arch/riscv/include/asm/processor.h | 1 +
> arch/riscv/kernel/cpufeature.c | 2 ++
> 5 files changed, 28 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/riscv/extensions.yaml
> b/Documentation/devicetree/bindings/riscv/extensions.yaml
> index 63d81dc895e5..f8d78bf7400b 100644
> --- a/Documentation/devicetree/bindings/riscv/extensions.yaml
> +++ b/Documentation/devicetree/bindings/riscv/extensions.yaml
> @@ -317,6 +317,16 @@ properties:
> The standard Zicboz extension for cache-block zeroing as
> ratified
> in commit 3dd606f ("Create cmobase-v1.0.pdf") of
> riscv-CMOs.
>
> + - const: zicfilp
> + description:
> + The standard Zicfilp extension for enforcing forward edge
> control-flow
> + integrity as ratified in commit 0036ff2 of riscv-cfi.
> +
> + - const: zicfiss
> + description:
> + The standard Zicfiss extension for enforcing backward edge
> control-flow
> + integrity as ratified in commit 0036ff2 of riscv-cfi.
> +
Neither of these extensions is currently ratified (the public review
period started 15 hours ago) and the git hashes are unlikely to be
correct for the ratified version.
-s
> - const: zicntr
> description:
> The standard Zicntr extension for base counters and
> timers, as
> diff --git a/arch/riscv/include/asm/cpufeature.h
> b/arch/riscv/include/asm/cpufeature.h
> index 0bd11862b760..f0fb8d8ae273 100644
> --- a/arch/riscv/include/asm/cpufeature.h
> +++ b/arch/riscv/include/asm/cpufeature.h
> @@ -8,6 +8,7 @@
>
> #include <linux/bitmap.h>
> #include <linux/jump_label.h>
> +#include <linux/smp.h>
> #include <asm/hwcap.h>
> #include <asm/alternative-macros.h>
> #include <asm/errno.h>
> @@ -137,4 +138,16 @@ static __always_inline bool
> riscv_cpu_has_extension_unlikely(int cpu, const unsi
>
> DECLARE_STATIC_KEY_FALSE(fast_misaligned_access_speed_key);
>
> +static inline bool cpu_supports_shadow_stack(void)
> +{
> + return (IS_ENABLED(CONFIG_RISCV_USER_CFI) &&
> + riscv_cpu_has_extension_unlikely(smp_processor_id(),
> RISCV_ISA_EXT_ZICFISS));
> +}
> +
> +static inline bool cpu_supports_indirect_br_lp_instr(void)
> +{
> + return (IS_ENABLED(CONFIG_RISCV_USER_CFI) &&
> + riscv_cpu_has_extension_unlikely(smp_processor_id(),
> RISCV_ISA_EXT_ZICFILP));
> +}
> +
> #endif
> diff --git a/arch/riscv/include/asm/hwcap.h
> b/arch/riscv/include/asm/hwcap.h
> index 1f2d2599c655..74b6c727f545 100644
> --- a/arch/riscv/include/asm/hwcap.h
> +++ b/arch/riscv/include/asm/hwcap.h
> @@ -80,6 +80,8 @@
> #define RISCV_ISA_EXT_ZFA 71
> #define RISCV_ISA_EXT_ZTSO 72
> #define RISCV_ISA_EXT_ZACAS 73
> +#define RISCV_ISA_EXT_ZICFILP 74
> +#define RISCV_ISA_EXT_ZICFISS 75
>
> #define RISCV_ISA_EXT_XLINUXENVCFG 127
>
> diff --git a/arch/riscv/include/asm/processor.h
> b/arch/riscv/include/asm/processor.h
> index a8509cc31ab2..6c5b3d928b12 100644
> --- a/arch/riscv/include/asm/processor.h
> +++ b/arch/riscv/include/asm/processor.h
> @@ -13,6 +13,7 @@
> #include <vdso/processor.h>
>
> #include <asm/ptrace.h>
> +#include <asm/hwcap.h>
>
> #ifdef CONFIG_64BIT
> #define DEFAULT_MAP_WINDOW (UL(1) << (MMAP_VA_BITS - 1))
> diff --git a/arch/riscv/kernel/cpufeature.c
> b/arch/riscv/kernel/cpufeature.c
> index 79a5a35fab96..d052cad5b82f 100644
> --- a/arch/riscv/kernel/cpufeature.c
> +++ b/arch/riscv/kernel/cpufeature.c
> @@ -263,6 +263,8 @@ const struct riscv_isa_ext_data riscv_isa_ext[] = {
> __RISCV_ISA_EXT_DATA(h, RISCV_ISA_EXT_h),
> __RISCV_ISA_EXT_SUPERSET(zicbom, RISCV_ISA_EXT_ZICBOM,
> riscv_xlinuxenvcfg_exts),
> __RISCV_ISA_EXT_SUPERSET(zicboz, RISCV_ISA_EXT_ZICBOZ,
> riscv_xlinuxenvcfg_exts),
> + __RISCV_ISA_EXT_SUPERSET(zicfilp, RISCV_ISA_EXT_ZICFILP,
> riscv_xlinuxenvcfg_exts),
> + __RISCV_ISA_EXT_SUPERSET(zicfiss, RISCV_ISA_EXT_ZICFISS,
> riscv_xlinuxenvcfg_exts),
> __RISCV_ISA_EXT_DATA(zicntr, RISCV_ISA_EXT_ZICNTR),
> __RISCV_ISA_EXT_DATA(zicond, RISCV_ISA_EXT_ZICOND),
> __RISCV_ISA_EXT_DATA(zicsr, RISCV_ISA_EXT_ZICSR),
> --
> 2.43.2
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists