| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKC1njQ8P2mNiiev-NDyTJPjJ6AAVqrtHMcwt_sc5A7Z+3-Jrg@mail.gmail.com>
Date: Thu, 20 Mar 2025 16:09:12 -0700
From: Deepak Gupta <debug@...osinc.com>
To: Radim Krčmář <rkrcmar@...tanamicro.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>,
Conor Dooley <conor@...nel.org>, Rob Herring <robh@...nel.org>,
Krzysztof Kozlowski <krzk+dt@...nel.org>, Arnd Bergmann <arnd@...db.de>,
Christian Brauner <brauner@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Kees Cook <kees@...nel.org>,
Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>, Jann Horn <jannh@...gle.com>,
Conor Dooley <conor+dt@...nel.org>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-riscv@...ts.infradead.org, devicetree@...r.kernel.org,
linux-arch@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kselftest@...r.kernel.org, alistair.francis@....com,
richard.henderson@...aro.org, jim.shu@...ive.com, andybnac@...il.com,
kito.cheng@...ive.com, charlie@...osinc.com, atishp@...osinc.com,
evan@...osinc.com, cleger@...osinc.com, alexghiti@...osinc.com,
samitolvanen@...gle.com, broonie@...nel.org, rick.p.edgecombe@...el.com,
linux-riscv <linux-riscv-bounces@...ts.infradead.org>
Subject: Re: [PATCH v12 19/28] riscv/ptrace: riscv cfi status and state via
ptrace and in core files
On Thu, Mar 20, 2025 at 3:24 PM Radim Krčmář <rkrcmar@...tanamicro.com> wrote:
>
> 2025-03-14T14:39:38-07:00, Deepak Gupta <debug@...osinc.com>:
> > Expose a new register type NT_RISCV_USER_CFI for risc-v cfi status and
> > state. Intentionally both landing pad and shadow stack status and state
> > are rolled into cfi state. Creating two different NT_RISCV_USER_XXX would
> > not be useful and wastage of a note type. Enabling or disabling of feature
> > is not allowed via ptrace set interface. However setting `elp` state or
> > setting shadow stack pointer are allowed via ptrace set interface. It is
> > expected `gdb` might have use to fixup `elp` state or `shadow stack`
> > pointer.
> >
> > Signed-off-by: Deepak Gupta <debug@...osinc.com>
> > ---
> > arch/riscv/include/uapi/asm/ptrace.h | 18 ++++++++
> > arch/riscv/kernel/ptrace.c | 83 ++++++++++++++++++++++++++++++++++++
> > include/uapi/linux/elf.h | 1 +
> > 3 files changed, 102 insertions(+)
> >
> > diff --git a/arch/riscv/include/uapi/asm/ptrace.h b/arch/riscv/include/uapi/asm/ptrace.h
> > index 659ea3af5680..e6571fba8a8a 100644
> > --- a/arch/riscv/include/uapi/asm/ptrace.h
> > +++ b/arch/riscv/include/uapi/asm/ptrace.h
> > @@ -131,6 +131,24 @@ struct __sc_riscv_cfi_state {
> > unsigned long ss_ptr; /* shadow stack pointer */
> > };
> >
> > +struct __cfi_status {
> > + /* indirect branch tracking state */
> > + __u64 lp_en : 1;
> > + __u64 lp_lock : 1;
> > + __u64 elp_state : 1;
> > +
> > + /* shadow stack status */
> > + __u64 shstk_en : 1;
> > + __u64 shstk_lock : 1;
>
> I remember there was deep hatred towards bitfields in the Linux
> community, have things changes?
hmm. I didn't know about the strong hatred.
Although I can see lots of examples of this pattern in existing kernel code.
No strong feelings on my side, I can change this and have it single 64bit field
and accessed via bitmasks.
>
> > + __u64 rsvd : sizeof(__u64) - 5;
>
> I think you meant "64 - 5".
eeh. bad bug. thanks.
>
> > +};
> > +
> > +struct user_cfi_state {
> > + struct __cfi_status cfi_status;
> > + __u64 shstk_ptr;
> > +};
> > +
> > #endif /* __ASSEMBLY__ */
> >
> > #endif /* _UAPI_ASM_RISCV_PTRACE_H */
> > diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
> > @@ -224,6 +297,16 @@ static const struct user_regset riscv_user_regset[] = {
> > .set = tagged_addr_ctrl_set,
> > },
> > #endif
> > +#ifdef CONFIG_RISCV_USER_CFI
> > + [REGSET_CFI] = {
> > + .core_note_type = NT_RISCV_USER_CFI,
> > + .align = sizeof(__u64),
> > + .n = sizeof(struct user_cfi_state) / sizeof(__u64),
> > + .size = sizeof(__u64),
>
> Why not `size = sizeof(struct user_cfi_state)` and `n = 1`?
yeah another good catch.
Should write a kselftest against it, so that it can be caught.
>
> > + .regset_get = riscv_cfi_get,
> > + .set = riscv_cfi_set,
> > + },
> > +#endif
>
> [I haven't yet reviewed if a new register is the right thing to do nor
> looked at the rest of the patch.]
Powered by blists - more mailing lists