lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CANXhq0ryrNUoBvACX9hh-=FVOe+L6_6beXrZQn2e1P6eWgcUiA@mail.gmail.com>
Date: Wed, 12 Nov 2025 10:19:23 +0800
From: Zong Li <zong.li@...ive.com>
To: Deepak Gupta <debug@...osinc.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, 
	"H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	"Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, 
	Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Paul Walmsley <paul.walmsley@...ive.com>, 
	Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, 
	Conor Dooley <conor@...nel.org>, Rob Herring <robh@...nel.org>, 
	Krzysztof Kozlowski <krzk+dt@...nel.org>, Arnd Bergmann <arnd@...db.de>, 
	Christian Brauner <brauner@...nel.org>, Peter Zijlstra <peterz@...radead.org>, 
	Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Kees Cook <kees@...nel.org>, 
	Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>, Jann Horn <jannh@...gle.com>, 
	Conor Dooley <conor+dt@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, 
	Trevor Gross <tmgross@...ch.edu>, Benno Lossin <lossin@...nel.org>, linux-kernel@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, 
	linux-riscv@...ts.infradead.org, devicetree@...r.kernel.org, 
	linux-arch@...r.kernel.org, linux-doc@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, alistair.francis@....com, 
	richard.henderson@...aro.org, jim.shu@...ive.com, andybnac@...il.com, 
	kito.cheng@...ive.com, charlie@...osinc.com, atishp@...osinc.com, 
	evan@...osinc.com, cleger@...osinc.com, alexghiti@...osinc.com, 
	samitolvanen@...gle.com, broonie@...nel.org, rick.p.edgecombe@...el.com, 
	rust-for-linux@...r.kernel.org
Subject: Re: [PATCH v22 25/28] riscv: create a config for shadow stack and
 landing pad instr support

On Wed, Nov 12, 2025 at 2:22 AM Deepak Gupta <debug@...osinc.com> wrote:
>
> On Tue, Nov 11, 2025 at 01:58:37PM +0800, Zong Li wrote:
> >On Fri, Oct 24, 2025 at 12:51 AM Deepak Gupta via B4 Relay
> ><devnull+debug.rivosinc.com@...nel.org> wrote:
> >>
> >> From: Deepak Gupta <debug@...osinc.com>
> >>
> >> This patch creates a config for shadow stack support and landing pad instr
> >> support. Shadow stack support and landing instr support can be enabled by
> >> selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires
> >> up path to enumerate CPU support and if cpu support exists, kernel will
> >> support cpu assisted user mode cfi.
> >>
> >> If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`,
> >> `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv.
> >>
> >> Reviewed-by: Zong Li <zong.li@...ive.com>
> >> Signed-off-by: Deepak Gupta <debug@...osinc.com>
> >> ---
> >>  arch/riscv/Kconfig                  | 22 ++++++++++++++++++++++
> >>  arch/riscv/configs/hardening.config |  4 ++++
> >>  2 files changed, 26 insertions(+)
> >>
> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> >> index 0c6038dc5dfd..4f9f9358e6e3 100644
> >> --- a/arch/riscv/Kconfig
> >> +++ b/arch/riscv/Kconfig
> >> @@ -1146,6 +1146,28 @@ config RANDOMIZE_BASE
> >>
> >>            If unsure, say N.
> >>
> >> +config RISCV_USER_CFI
> >> +       def_bool y
> >> +       bool "riscv userspace control flow integrity"
> >> +       depends on 64BIT && $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss) && \
> >> +                           $(cc-option,-fcf-protection=full)
> >
> >Hi Deepak,
> >I noticed that you added a $(cc-option,-fcf-protection=full) check in
> >this version. I think this check will fail by a cc1 warning when using
> >a newer toolchain, because -fcf-protection cannot be used alone, it
> >must be specified together with the appropriate -march option.
> >For example:
> >  1. -fcf-protection=branch requires -march=..._zicfilp
> >  2. -fcf-protection=return requires -march=..._zicfiss
> >  3. -fcf-protection=full requires -march=..._zicfilp_zicfiss
>
> toolchain that I have from June doesn't require -march=..._zicfilp_zicfiss
> for -fcf-protection=full. If that has changed, I think this will need a
> revision.

Yes, that’s what I’ve learned from the toolchain guys so far, perhaps
we can double check with them. If it is right, I guess we might merge
them into one check as follows:
$(cc-option,-mabi=lp64 -march=rv64ima_zicfilp_zicfiss -fcf-protection=full)
or
$(cc-option,-mabi=lp64 -march=rv64ima_zicfiss -fcf-protection=return)

>
> >
> >
> >> +       depends on RISCV_ALTERNATIVE
> >> +       select RISCV_SBI
> >> +       select ARCH_HAS_USER_SHADOW_STACK
> >> +       select ARCH_USES_HIGH_VMA_FLAGS
> >> +       select DYNAMIC_SIGFRAME
> >> +       help
> >> +         Provides CPU assisted control flow integrity to userspace tasks.
> >> +         Control flow integrity is provided by implementing shadow stack for
> >> +         backward edge and indirect branch tracking for forward edge in program.
> >> +         Shadow stack protection is a hardware feature that detects function
> >> +         return address corruption. This helps mitigate ROP attacks.
> >> +         Indirect branch tracking enforces that all indirect branches must land
> >> +         on a landing pad instruction else CPU will fault. This mitigates against
> >> +         JOP / COP attacks. Applications must be enabled to use it, and old user-
> >> +         space does not get protection "for free".
> >> +         default y.
> >> +
> >>  endmenu # "Kernel features"
> >>
> >>  menu "Boot options"
> >> diff --git a/arch/riscv/configs/hardening.config b/arch/riscv/configs/hardening.config
> >> new file mode 100644
> >> index 000000000000..089f4cee82f4
> >> --- /dev/null
> >> +++ b/arch/riscv/configs/hardening.config
> >> @@ -0,0 +1,4 @@
> >> +# RISCV specific kernel hardening options
> >> +
> >> +# Enable control flow integrity support for usermode.
> >> +CONFIG_RISCV_USER_CFI=y
> >>
> >> --
> >> 2.43.0
> >>
> >>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ