lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20241208155141.21611-1-ni_liqiang@126.com>
Date: Sun,  8 Dec 2024 23:51:41 +0800
From: niliqiang <ni_liqiang@....com>
To: debug@...osinc.com
Cc: Liam.Howlett@...cle.com,
	ajones@...tanamicro.com,
	akpm@...ux-foundation.org,
	alexghiti@...osinc.com,
	alistair.francis@....com,
	andy.chiu@...ive.com,
	andybnac@...il.com,
	aou@...s.berkeley.edu,
	arnd@...db.de,
	atishp@...osinc.com,
	bp@...en8.de,
	brauner@...nel.org,
	broonie@...nel.org,
	carlos.bilbao.osdev@...il.com,
	charlie@...osinc.com,
	cleger@...osinc.com,
	conor.dooley@...rochip.com,
	conor@...nel.org,
	corbet@....net,
	dave.hansen@...ux.intel.com,
	david@...hat.com,
	devicetree@...r.kernel.org,
	ebiederm@...ssion.com,
	evan@...osinc.com,
	hpa@...or.com,
	jim.shu@...ive.com,
	kees@...nel.org,
	kito.cheng@...ive.com,
	krzk+dt@...nel.org,
	linux-arch@...r.kernel.org,
	linux-doc@...r.kernel.org,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-kselftest@...r.kernel.org,
	linux-mm@...ck.org,
	linux-riscv@...ts.infradead.org,
	lorenzo.stoakes@...cle.com,
	mingo@...hat.com,
	ni.liqiang@....com.cn
Subject: Re: [PATCH v7 00/32] riscv control-flow integrity for usermode

> How to test this series
> =======================

I recently built a test environment for RISCV control-flow integrity for
usermode using QEMU, referring to the test instructions in the patch.
I found several problems during the test, and I hope you can answer them.
Thank you.

Q1:
The CFI-related macro definition values in
QEMU(branch: qemu-zicfilp_zicfiss_ratified_master_july11) and
Linux(branch: linux-riscv-cfi-vdso_user_cfi_v6.12-rc1) are inconsistent.
For example, the definition value of PR_GET_SHADOW_STACK_STATUS in QEMU
is 71, but the definition value in Linux is 74.

In order to continue the test, I modified the relevant definitions
in the QEMU and GUN source codes with reference to the Linux source code,
so that the cfi-related macro definitions in the QEMU and GUN source codes
are consistent with Linux.

Q2:
When zicfilp=true is added to the QEMU command to enable landing pad,
after cfitests command is executed, a segmentation fault is prompted,
software check exception is raised, and the value of xtval is 2.

According to the comments in the code, when xtval is 2, there are the
following exceptions. 
 * An indirect branch doesn't land on 4 byte aligned PC or `lpad`
 * instruction or `label` value programmed in `lpad` instr doesn't
 * match with value setup in `x7`.

Why do these software check exceptions exist? What should I do to further
troubleshoot or resolve these issues?
The software versions I am using are all the versions mentioned in the
test instructions, and the zicfiss test is in line with expectations. 
Can you help me with the above two questions, especially the second one?
thank you very much.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ