| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <14afa916-565e-4c25-8e19-ddb87644ae8b@infradead.org> Date: Fri, 5 Dec 2025 11:41:58 -0800 From: Randy Dunlap <rdunlap@...radead.org> To: Deepak Gupta <debug@...osinc.com> Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, Vlastimil Babka <vbabka@...e.cz>, Lorenzo Stoakes <lorenzo.stoakes@...cle.com>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Conor Dooley <conor@...nel.org>, Rob Herring <robh@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Arnd Bergmann <arnd@...db.de>, Christian Brauner <brauner@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Oleg Nesterov <oleg@...hat.com>, Eric Biederman <ebiederm@...ssion.com>, Kees Cook <kees@...nel.org>, Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>, Jann Horn <jannh@...gle.com>, Conor Dooley <conor+dt@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Benno Lossin <lossin@...nel.org>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, linux-riscv@...ts.infradead.org, devicetree@...r.kernel.org, linux-arch@...r.kernel.org, linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org, alistair.francis@....com, richard.henderson@...aro.org, jim.shu@...ive.com, andybnac@...il.com, kito.cheng@...ive.com, charlie@...osinc.com, atishp@...osinc.com, evan@...osinc.com, cleger@...osinc.com, alexghiti@...osinc.com, samitolvanen@...gle.com, broonie@...nel.org, rick.p.edgecombe@...el.com, rust-for-linux@...r.kernel.org, Zong Li <zong.li@...ive.com>, Andreas Korb <andreas.korb@...ec.fraunhofer.de>, Valentin Haudiquet <valentin.haudiquet@...onical.com> Subject: Re: [PATCH v24 25/28] riscv: create a config for shadow stack and landing pad instr support On 12/5/25 10:24 AM, Deepak Gupta wrote: > On Thu, Dec 04, 2025 at 02:17:27PM -0800, Randy Dunlap wrote: >> >> >> On 12/4/25 12:04 PM, Deepak Gupta wrote: >>> This patch creates a config for shadow stack support and landing pad instr >>> support. Shadow stack support and landing instr support can be enabled by >>> selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires >>> up path to enumerate CPU support and if cpu support exists, kernel will >>> support cpu assisted user mode cfi. >>> >>> If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`, >>> `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv. >>> >>> Reviewed-by: Zong Li <zong.li@...ive.com> >>> Tested-by: Andreas Korb <andreas.korb@...ec.fraunhofer.de> >>> Tested-by: Valentin Haudiquet <valentin.haudiquet@...onical.com> >>> Signed-off-by: Deepak Gupta <debug@...osinc.com> >>> --- >>> arch/riscv/Kconfig | 22 ++++++++++++++++++++++ >>> arch/riscv/configs/hardening.config | 4 ++++ >>> 2 files changed, 26 insertions(+) >>> >>> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >>> index 0c6038dc5dfd..f5574c6f66d8 100644 >>> --- a/arch/riscv/Kconfig >>> +++ b/arch/riscv/Kconfig >>> @@ -1146,6 +1146,28 @@ config RANDOMIZE_BASE >>> >>> If unsure, say N. >>> >>> +config RISCV_USER_CFI >>> + def_bool y >>> + bool "riscv userspace control flow integrity" >>> + depends on 64BIT && \ >>> + $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss_zicfilp -fcf-protection=full) >>> + depends on RISCV_ALTERNATIVE >>> + select RISCV_SBI >>> + select ARCH_HAS_USER_SHADOW_STACK >>> + select ARCH_USES_HIGH_VMA_FLAGS >>> + select DYNAMIC_SIGFRAME >>> + help >>> + Provides CPU assisted control flow integrity to userspace tasks. >> >> CPU-assisted >> >>> + Control flow integrity is provided by implementing shadow stack for >>> + backward edge and indirect branch tracking for forward edge in program. >>> + Shadow stack protection is a hardware feature that detects function >>> + return address corruption. This helps mitigate ROP attacks. >>> + Indirect branch tracking enforces that all indirect branches must land >>> + on a landing pad instruction else CPU will fault. This mitigates against >>> + JOP / COP attacks. Applications must be enabled to use it, and old user- >>> + space does not get protection "for free". >>> + default y. >> >> Default is y if hardware supports it. >> ? > > No default Y means support is built in the kernel for cfi. (if the compiler supports it?) > If hardware doesn't support CFI instructions, then kernel will do following > > - prctls to manage shadow stack/landing pad enable/disable will fail. > - vDSO will not have shadow stack instructions in it. Thanks for the info. -- ~Randy
Powered by blists - more mailing lists