From: Deepak Gupta <debug@rivosinc.com>
To: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org,
linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: corbet@lwn.net, palmer@dabbelt.com, aou@eecs.berkeley.edu,
robh@kernel.org, krzk+dt@kernel.org, oleg@redhat.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
peterz@infradead.org, akpm@linux-foundation.org, arnd@arndb.de,
ebiederm@xmission.com, kees@kernel.org, Liam.Howlett@oracle.com,
vbabka@suse.cz, lorenzo.stoakes@oracle.com, shuah@kernel.org,
brauner@kernel.org, samuel.holland@sifive.com,
debug@rivosinc.com, andy.chiu@sifive.com, jerry.shih@sifive.com,
greentime.hu@sifive.com, charlie@rivosinc.com, evan@rivosinc.com,
cleger@rivosinc.com, xiao.w.wang@intel.com,
ajones@ventanamicro.com, anup@brainfault.org,
mchitale@ventanamicro.com, atishp@rivosinc.com,
sameo@rivosinc.com, bjorn@rivosinc.com, alexghiti@rivosinc.com,
david@redhat.com, libang.li@antgroup.com, jszhang@kernel.org,
leobras@redhat.com, guoren@kernel.org, samitolvanen@google.com,
songshuaishuai@tinylab.org, costa.shul@redhat.com,
bhe@redhat.com, zong.li@sifive.com, puranjay@kernel.org,
namcaov@gmail.com, antonb@tenstorrent.com, sorear@fastmail.com,
quic_bjorande@quicinc.com, ancientmodern4@gmail.com,
ben.dooks@codethink.co.uk, quic_zhonhan@quicinc.com,
cuiyunhui@bytedance.com, yang.lee@linux.alibaba.com,
ke.zhao@shingroup.cn, sunilvl@ventanamicro.com,
tanzhasanwork@gmail.com, schwab@suse.de, dawei.li@shingroup.cn,
rppt@kernel.org, willy@infradead.org, usama.anjum@collabora.com,
osalvador@suse.de, ryan.roberts@arm.com, andrii@kernel.org,
alx@kernel.org, catalin.marinas@arm.com, broonie@kernel.org,
revest@chromium.org, bgray@linux.ibm.com, deller@gmx.de,
zev@bewilderbeest.net
Subject: [PATCH v4 27/30] riscv: create a config for shadow stack and landing pad instr support
Date: Thu, 12 Sep 2024 16:16:46 -0700 [thread overview]
Message-ID: <20240912231650.3740732-28-debug@rivosinc.com> (raw)
In-Reply-To: <20240912231650.3740732-1-debug@rivosinc.com>
This patch creates a config for shadow stack support and landing pad instr
support. Shadow stack support and landing instr support can be enabled by
selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires
up path to enumerate CPU support and if cpu support exists, kernel will
support cpu assisted user mode cfi.
If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`
and `ARCH_HAS_USER_SHADOW_STACK` for riscv.
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
arch/riscv/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index d1d629a3eb91..24bf08c905d2 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -231,6 +231,25 @@ config ARCH_HAS_BROKEN_DWARF5
# https://github.com/llvm/llvm-project/commit/7ffabb61a5569444b5ac9322e22e5471cc5e4a77
depends on LD_IS_LLD && LLD_VERSION < 180000
+config RISCV_USER_CFI
+ def_bool y
+ bool "riscv userspace control flow integrity"
+ depends on 64BIT && $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss)
+ depends on RISCV_ALTERNATIVE
+ select ARCH_HAS_USER_SHADOW_STACK
+ select ARCH_USES_HIGH_VMA_FLAGS
+ help
+ Provides CPU assisted control flow integrity to userspace tasks.
+ Control flow integrity is provided by implementing shadow stack for
+ backward edge and indirect branch tracking for forward edge in program.
+ Shadow stack protection is a hardware feature that detects function
+ return address corruption. This helps mitigate ROP attacks.
+ Indirect branch tracking enforces that all indirect branches must land
+ on a landing pad instruction else CPU will fault. This mitigates against
+ JOP / COP attacks. Applications must be enabled to use it, and old user-
+ space does not get protection "for free".
+ default y
+
config ARCH_MMAP_RND_BITS_MIN
default 18 if 64BIT
default 8
--
2.45.0
WARNING: multiple messages have this Message-ID (diff)
From: Deepak Gupta <debug@rivosinc.com>
To: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org,
linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: quic_zhonhan@quicinc.com, zong.li@sifive.com,
zev@bewilderbeest.net, david@redhat.com, peterz@infradead.org,
catalin.marinas@arm.com, broonie@kernel.org,
dave.hansen@linux.intel.com, atishp@rivosinc.com,
bjorn@rivosinc.com, namcaov@gmail.com, usama.anjum@collabora.com,
guoren@kernel.org, alx@kernel.org, jszhang@kernel.org,
hpa@zytor.com, puranjay@kernel.org, shuah@kernel.org,
sorear@fastmail.com, costa.shul@redhat.com, robh@kernel.org,
antonb@tenstorrent.com, quic_bjorande@quicinc.com,
lorenzo.stoakes@oracle.com, corbet@lwn.net,
dawei.li@shingroup.cn, anup@brainfault.org, deller@gmx.de,
x86@kernel.org, andrii@kernel.org, willy@infradead.org,
kees@kernel.org, mingo@redhat.com, libang.li@antgroup.com,
samitolvanen@google.com, greentime.hu@sifive.com,
osalvador@suse.de, ajones@ventanamicro.com, revest@chromium.org,
ancientmodern4@gmail.com, aou@eecs.berkeley.edu,
jerry.shih@sifive.com, alexghiti@rivosinc.com, arnd@arndb.de,
yang.lee@linux.alibaba.com, charlie@rivosinc.com,
bgray@linux.ibm.com, Liam.Howlett@oracle.com, leobras@redhat.com,
songshuaishuai@tinylab.org, xiao.w.wang@intel.com, bp@alien8.de,
cuiyunhui@bytedance.com, mchitale@ventanamicro.com,
cleger@rivosinc.com, tglx@linutronix.de, krzk+dt@kernel.org,
vbabka@suse.cz, debug@rivosinc.com, brauner@kernel.org,
bhe@redhat.com, ke.zhao@shingroup.cn, oleg@redhat.com,
samuel.holland@sifive.com, ben.dooks@codethink.co.uk,
evan@rivosinc.com, palmer@dabbelt.com, ebiederm@xmission.com,
andy.chiu@sifive.com, schwab@suse.de, akpm@linux-foundation.org,
sameo@rivosinc.com, tanzhasanwork@gmail.com, rppt@kernel.org,
ryan.roberts@arm.com
Subject: [PATCH v4 27/30] riscv: create a config for shadow stack and landing pad instr support
Date: Thu, 12 Sep 2024 16:16:46 -0700 [thread overview]
Message-ID: <20240912231650.3740732-28-debug@rivosinc.com> (raw)
In-Reply-To: <20240912231650.3740732-1-debug@rivosinc.com>
This patch creates a config for shadow stack support and landing pad instr
support. Shadow stack support and landing instr support can be enabled by
selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires
up path to enumerate CPU support and if cpu support exists, kernel will
support cpu assisted user mode cfi.
If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`
and `ARCH_HAS_USER_SHADOW_STACK` for riscv.
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
arch/riscv/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index d1d629a3eb91..24bf08c905d2 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -231,6 +231,25 @@ config ARCH_HAS_BROKEN_DWARF5
# https://github.com/llvm/llvm-project/commit/7ffabb61a5569444b5ac9322e22e5471cc5e4a77
depends on LD_IS_LLD && LLD_VERSION < 180000
+config RISCV_USER_CFI
+ def_bool y
+ bool "riscv userspace control flow integrity"
+ depends on 64BIT && $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss)
+ depends on RISCV_ALTERNATIVE
+ select ARCH_HAS_USER_SHADOW_STACK
+ select ARCH_USES_HIGH_VMA_FLAGS
+ help
+ Provides CPU assisted control flow integrity to userspace tasks.
+ Control flow integrity is provided by implementing shadow stack for
+ backward edge and indirect branch tracking for forward edge in program.
+ Shadow stack protection is a hardware feature that detects function
+ return address corruption. This helps mitigate ROP attacks.
+ Indirect branch tracking enforces that all indirect branches must land
+ on a landing pad instruction else CPU will fault. This mitigates against
+ JOP / COP attacks. Applications must be enabled to use it, and old user-
+ space does not get protection "for free".
+ default y
+
config ARCH_MMAP_RND_BITS_MIN
default 18 if 64BIT
default 8
--
2.45.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-09-12 23:19 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-12 23:16 [PATCH v4 00/30] riscv control-flow integrity for usermode Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 01/30] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-13 15:51 ` Carlos Bilbao
2024-09-13 15:51 ` Carlos Bilbao
2024-09-12 23:16 ` [PATCH v4 02/30] mm: helper `is_shadow_stack_vma` to check shadow stack vma Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 03/30] riscv: Enable cbo.zero only when all harts support Zicboz Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 04/30] riscv: Add support for per-thread envcfg CSR values Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 05/30] riscv: Call riscv_user_isa_enable() only on the boot hart Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 06/30] riscv/Kconfig: enable HAVE_EXIT_THREAD for riscv Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 07/30] riscv: zicfilp / zicfiss in dt-bindings (extensions.yaml) Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-13 0:18 ` Rob Herring (Arm)
2024-09-13 0:18 ` Rob Herring (Arm)
2024-09-13 18:33 ` Conor Dooley
2024-09-13 18:33 ` Conor Dooley
2024-09-12 23:16 ` [PATCH v4 08/30] riscv: zicfiss / zicfilp enumeration Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 09/30] riscv: zicfiss / zicfilp extension csr and bit definitions Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 10/30] riscv: usercfi state for task and save/restore of CSR_SSP on trap entry/exit Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 11/30] riscv/mm : ensure PROT_WRITE leads to VM_READ | VM_WRITE Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 12/30] riscv mm: manufacture shadow stack pte Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 13/30] riscv mmu: teach pte_mkwrite to manufacture shadow stack PTEs Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 14/30] riscv mmu: write protect and shadow stack Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 15/30] riscv/mm: Implement map_shadow_stack() syscall Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-13 15:26 ` Mark Brown
2024-09-13 15:26 ` Mark Brown
2024-09-12 23:16 ` [PATCH v4 16/30] riscv/shstk: If needed allocate a new shadow stack on clone Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-14 1:54 ` kernel test robot
2024-09-14 1:54 ` kernel test robot
2024-09-14 3:06 ` kernel test robot
2024-09-14 3:06 ` kernel test robot
2024-09-14 3:26 ` kernel test robot
2024-09-14 3:26 ` kernel test robot
2024-09-12 23:16 ` [PATCH v4 17/30] prctl: arch-agnostic prctl for shadow stack Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 18/30] prctl: arch-agnostic prctl for indirect branch tracking Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 19/30] riscv: Implements arch agnostic shadow stack prctls Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 20/30] riscv: Implements arch agnostic indirect branch tracking prctls Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 21/30] riscv/traps: Introduce software check exception Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-13 19:35 ` Andy Chiu
2024-09-13 19:35 ` Andy Chiu
2024-09-17 0:00 ` Deepak Gupta
2024-09-17 0:00 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 22/30] riscv sigcontext: cfi state struct definition for sigcontext Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 23/30] riscv signal: save and restore of shadow stack for signal Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-13 19:25 ` Andy Chiu
2024-09-13 19:25 ` Andy Chiu
2024-09-16 22:03 ` Deepak Gupta
2024-09-16 22:03 ` Deepak Gupta
2024-09-17 22:03 ` Andy Chiu
2024-09-17 22:03 ` Andy Chiu
2024-09-17 22:52 ` Deepak Gupta
2024-09-17 22:52 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 24/30] riscv/kernel: update __show_regs to print shadow stack register Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 25/30] riscv/ptrace: riscv cfi status and state via ptrace and in core files Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 26/30] riscv/hwprobe: zicfilp / zicfiss enumeration in hwprobe Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta [this message]
2024-09-12 23:16 ` [PATCH v4 27/30] riscv: create a config for shadow stack and landing pad instr support Deepak Gupta
2024-09-12 23:16 ` [PATCH v4 28/30] riscv: Documentation for landing pad / indirect branch tracking Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-16 2:41 ` Bagas Sanjaya
2024-09-16 2:41 ` Bagas Sanjaya
2024-09-12 23:16 ` [PATCH v4 29/30] riscv: Documentation for shadow stack on riscv Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
2024-09-16 3:20 ` Bagas Sanjaya
2024-09-16 3:20 ` Bagas Sanjaya
2024-09-12 23:16 ` [PATCH v4 30/30] kselftest/riscv: kselftest for user mode cfi Deepak Gupta
2024-09-12 23:16 ` Deepak Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240912231650.3740732-28-debug@rivosinc.com \
--to=debug@rivosinc.com \
--cc=Liam.Howlett@oracle.com \
--cc=ajones@ventanamicro.com \
--cc=akpm@linux-foundation.org \
--cc=alexghiti@rivosinc.com \
--cc=alx@kernel.org \
--cc=ancientmodern4@gmail.com \
--cc=andrii@kernel.org \
--cc=andy.chiu@sifive.com \
--cc=antonb@tenstorrent.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=atishp@rivosinc.com \
--cc=ben.dooks@codethink.co.uk \
--cc=bgray@linux.ibm.com \
--cc=bhe@redhat.com \
--cc=bjorn@rivosinc.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=charlie@rivosinc.com \
--cc=cleger@rivosinc.com \
--cc=conor@kernel.org \
--cc=corbet@lwn.net \
--cc=costa.shul@redhat.com \
--cc=cuiyunhui@bytedance.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=dawei.li@shingroup.cn \
--cc=deller@gmx.de \
--cc=devicetree@vger.kernel.org \
--cc=ebiederm@xmission.com \
--cc=evan@rivosinc.com \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=hpa@zytor.com \
--cc=jerry.shih@sifive.com \
--cc=jszhang@kernel.org \
--cc=ke.zhao@shingroup.cn \
--cc=kees@kernel.org \
--cc=krzk+dt@kernel.org \
--cc=leobras@redhat.com \
--cc=libang.li@antgroup.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mchitale@ventanamicro.com \
--cc=mingo@redhat.com \
--cc=namcaov@gmail.com \
--cc=oleg@redhat.com \
--cc=osalvador@suse.de \
--cc=palmer@dabbelt.com \
--cc=palmer@sifive.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=puranjay@kernel.org \
--cc=quic_bjorande@quicinc.com \
--cc=quic_zhonhan@quicinc.com \
--cc=revest@chromium.org \
--cc=robh@kernel.org \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sameo@rivosinc.com \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=schwab@suse.de \
--cc=shuah@kernel.org \
--cc=songshuaishuai@tinylab.org \
--cc=sorear@fastmail.com \
--cc=sunilvl@ventanamicro.com \
--cc=tanzhasanwork@gmail.com \
--cc=tglx@linutronix.de \
--cc=usama.anjum@collabora.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=xiao.w.wang@intel.com \
--cc=yang.lee@linux.alibaba.com \
--cc=zev@bewilderbeest.net \
--cc=zong.li@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.