lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ef72ae20-6b68-496a-a819-8818ade0d433@collabora.com>
Date: Mon, 1 Apr 2024 14:46:13 +0500
From: Muhammad Usama Anjum <usama.anjum@...labora.com>
To: Deepak Gupta <debug@...osinc.com>
Cc: Muhammad Usama Anjum <usama.anjum@...labora.com>,
 paul.walmsley@...ive.com, rick.p.edgecombe@...el.com, broonie@...nel.org,
 Szabolcs.Nagy@....com, kito.cheng@...ive.com, keescook@...omium.org,
 ajones@...tanamicro.com, conor.dooley@...rochip.com, cleger@...osinc.com,
 atishp@...shpatra.org, alex@...ti.fr, bjorn@...osinc.com,
 alexghiti@...osinc.com, samuel.holland@...ive.com, palmer@...ive.com,
 conor@...nel.org, linux-doc@...r.kernel.org,
 linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
 devicetree@...r.kernel.org, linux-mm@...ck.org, linux-arch@...r.kernel.org,
 linux-kselftest@...r.kernel.org, corbet@....net,
 tech-j-ext@...ts.risc-v.org, palmer@...belt.com, aou@...s.berkeley.edu,
 robh+dt@...nel.org, krzysztof.kozlowski+dt@...aro.org, oleg@...hat.com,
 akpm@...ux-foundation.org, arnd@...db.de, ebiederm@...ssion.com,
 Liam.Howlett@...cle.com, vbabka@...e.cz, lstoakes@...il.com,
 shuah@...nel.org, brauner@...nel.org, andy.chiu@...ive.com,
 jerry.shih@...ive.com, hankuan.chen@...ive.com, greentime.hu@...ive.com,
 evan@...osinc.com, xiao.w.wang@...el.com, charlie@...osinc.com,
 apatel@...tanamicro.com, mchitale@...tanamicro.com,
 dbarboza@...tanamicro.com, sameo@...osinc.com, shikemeng@...weicloud.com,
 willy@...radead.org, vincent.chen@...ive.com, guoren@...nel.org,
 samitolvanen@...gle.com, songshuaishuai@...ylab.org, gerg@...nel.org,
 heiko@...ech.de, bhe@...hat.com, jeeheng.sia@...rfivetech.com,
 cyy@...self.name, maskray@...gle.com, ancientmodern4@...il.com,
 mathis.salmen@...sal.de, cuiyunhui@...edance.com, bgray@...ux.ibm.com,
 mpe@...erman.id.au, baruch@...s.co.il, alx@...nel.org, david@...hat.com,
 catalin.marinas@....com, revest@...omium.org, josh@...htriplett.org,
 shr@...kernel.io, deller@....de, omosnace@...hat.com, ojeda@...nel.org,
 jhubbard@...dia.com
Subject: Re: [PATCH v2 27/27] kselftest/riscv: kselftest for user mode cfi

On 3/30/24 1:02 AM, Deepak Gupta wrote:
> On Fri, Mar 29, 2024 at 12:50 PM Muhammad Usama Anjum
> <usama.anjum@...labora.com> wrote:
>>
>> On 3/29/24 9:44 AM, Deepak Gupta wrote:
>>> Adds kselftest for RISC-V control flow integrity implementation for user
>>> mode. There is not a lot going on in kernel for enabling landing pad for
>>> user mode. Thus kselftest simply enables landing pad for the binary and
>>> a signal handler is registered for SIGSEGV. Any control flow violation are
>>> reported as SIGSEGV with si_code = SEGV_CPERR. Test will fail on recieving
>>> any SEGV_CPERR. Shadow stack part has more changes in kernel and thus there
>>> are separate tests for that
>>>       - enable and disable
>>>       - Exercise `map_shadow_stack` syscall
>>>       - `fork` test to make sure COW works for shadow stack pages
>>>       - gup tests
>>>         As of today kernel uses FOLL_FORCE when access happens to memory via
>>>         /proc/<pid>/mem. Not breaking that for shadow stack
>>>       - signal test. Make sure signal delivery results in token creation on
>>>       shadow stack and consumes (and verifies) token on sigreturn
>>>     - shadow stack protection test. attempts to write using regular store
>>>         instruction on shadow stack memory must result in access faults
>>>
>>> Signed-off-by: Deepak Gupta <debug@...osinc.com>
>>> ---
>>>  tools/testing/selftests/riscv/Makefile        |   2 +-
>>>  tools/testing/selftests/riscv/cfi/Makefile    |  10 +
>>>  .../testing/selftests/riscv/cfi/cfi_rv_test.h |  85 ++++
>>>  .../selftests/riscv/cfi/riscv_cfi_test.c      |  91 +++++
>>>  .../testing/selftests/riscv/cfi/shadowstack.c | 376 ++++++++++++++++++
>>>  .../testing/selftests/riscv/cfi/shadowstack.h |  39 ++
>> Please add generated binaries in the .gitignore files.
> 
> hmm...
> I don't see binary as part of the patch. Which file are you referring
> to here being binary?
shadowstack would be generated by the build. Create a .gitignore file and
add it there. For example, look at
tools/testing/selftests/riscv/vector/.gitignore to understand.


> 
>>
> 

-- 
BR,
Muhammad Usama Anjum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ