From: Richard Patel <ripatel@wii.dev>
To: Paul Walmsley <pjw@kernel.org>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: Alexandre Ghiti <alex@ghiti.fr>,
Deepak Gupta <debug@rivosinc.com>, Zong Li <zong.li@sifive.com>,
Charlie Jenkins <charlie@rivosinc.com>,
Shuah Khan <shuah@kernel.org>,
linux-riscv@lists.infradead.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org, Richard Patel <ripatel@wii.dev>
Subject: [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI
Date: Mon, 18 May 2026 18:39:18 +0000 [thread overview]
Message-ID: <20260518183918.322545-1-ripatel@wii.dev> (raw)
prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored
unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should
be permitted.
This is a uABI breaking change (fails previously accepted bits
with EINVAL).
Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to be more descriptive")
Signed-off-by: Richard Patel <ripatel@wii.dev>
---
arch/riscv/include/asm/usercfi.h | 1 +
arch/riscv/kernel/usercfi.c | 3 +++
tools/testing/selftests/riscv/cfi/cfitests.c | 6 ++++++
3 files changed, 10 insertions(+)
diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
index f56966edbf5c..61ee02cee297 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -50,6 +50,7 @@ void set_indir_lp_status(struct task_struct *task, bool enable);
void set_indir_lp_lock(struct task_struct *task, bool lock);
#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
+#define PR_CFI_SUPPORTED_STATUS_MASK (PR_CFI_ENABLE | PR_CFI_DISABLE | PR_CFI_LOCK)
#else
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index cbfb4e495e9f..5a7113d69bad 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -467,6 +467,9 @@ int arch_prctl_set_branch_landing_pad_state(struct task_struct *t, unsigned long
if (!is_user_lpad_enabled())
return -EINVAL;
+ if (state & ~PR_CFI_SUPPORTED_STATUS_MASK)
+ return -EINVAL;
+
/* indirect branch tracking is locked and further can't be modified by user */
if (is_indir_lp_locked(t))
return -EINVAL;
diff --git a/tools/testing/selftests/riscv/cfi/cfitests.c b/tools/testing/selftests/riscv/cfi/cfitests.c
index 39d097b6881f..0e3943461e7d 100644
--- a/tools/testing/selftests/riscv/cfi/cfitests.c
+++ b/tools/testing/selftests/riscv/cfi/cfitests.c
@@ -141,6 +141,12 @@ int main(int argc, char *argv[])
ksft_print_msg("Starting risc-v tests\n");
+ /* Test unknown PR_CFI bits */
+ ret = my_syscall5(__NR_prctl, PR_SET_CFI, PR_CFI_BRANCH_LANDING_PADS,
+ PR_CFI_ENABLE | 0xffff0, 0, 0);
+ if (!ret)
+ ksft_exit_fail_msg("PR_SET_CFI accepted reserved branch landing pad bits\n");
+
/*
* Landing pad test. Not a lot of kernel changes to support landing
* pads for user mode except lighting up a bit in senvcfg via a prctl.
--
2.47.3
WARNING: multiple messages have this Message-ID (diff)
From: Richard Patel <ripatel@wii.dev>
To: Paul Walmsley <pjw@kernel.org>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>
Cc: Alexandre Ghiti <alex@ghiti.fr>,
Deepak Gupta <debug@rivosinc.com>, Zong Li <zong.li@sifive.com>,
Charlie Jenkins <charlie@rivosinc.com>,
Shuah Khan <shuah@kernel.org>,
linux-riscv@lists.infradead.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org, Richard Patel <ripatel@wii.dev>
Subject: [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI
Date: Mon, 18 May 2026 18:39:18 +0000 [thread overview]
Message-ID: <20260518183918.322545-1-ripatel@wii.dev> (raw)
prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored
unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should
be permitted.
This is a uABI breaking change (fails previously accepted bits
with EINVAL).
Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to be more descriptive")
Signed-off-by: Richard Patel <ripatel@wii.dev>
---
arch/riscv/include/asm/usercfi.h | 1 +
arch/riscv/kernel/usercfi.c | 3 +++
tools/testing/selftests/riscv/cfi/cfitests.c | 6 ++++++
3 files changed, 10 insertions(+)
diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
index f56966edbf5c..61ee02cee297 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -50,6 +50,7 @@ void set_indir_lp_status(struct task_struct *task, bool enable);
void set_indir_lp_lock(struct task_struct *task, bool lock);
#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
+#define PR_CFI_SUPPORTED_STATUS_MASK (PR_CFI_ENABLE | PR_CFI_DISABLE | PR_CFI_LOCK)
#else
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index cbfb4e495e9f..5a7113d69bad 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -467,6 +467,9 @@ int arch_prctl_set_branch_landing_pad_state(struct task_struct *t, unsigned long
if (!is_user_lpad_enabled())
return -EINVAL;
+ if (state & ~PR_CFI_SUPPORTED_STATUS_MASK)
+ return -EINVAL;
+
/* indirect branch tracking is locked and further can't be modified by user */
if (is_indir_lp_locked(t))
return -EINVAL;
diff --git a/tools/testing/selftests/riscv/cfi/cfitests.c b/tools/testing/selftests/riscv/cfi/cfitests.c
index 39d097b6881f..0e3943461e7d 100644
--- a/tools/testing/selftests/riscv/cfi/cfitests.c
+++ b/tools/testing/selftests/riscv/cfi/cfitests.c
@@ -141,6 +141,12 @@ int main(int argc, char *argv[])
ksft_print_msg("Starting risc-v tests\n");
+ /* Test unknown PR_CFI bits */
+ ret = my_syscall5(__NR_prctl, PR_SET_CFI, PR_CFI_BRANCH_LANDING_PADS,
+ PR_CFI_ENABLE | 0xffff0, 0, 0);
+ if (!ret)
+ ksft_exit_fail_msg("PR_SET_CFI accepted reserved branch landing pad bits\n");
+
/*
* Landing pad test. Not a lot of kernel changes to support landing
* pads for user mode except lighting up a bit in senvcfg via a prctl.
--
2.47.3
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next reply other threads:[~2026-05-18 18:45 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-18 18:39 Richard Patel [this message]
2026-05-18 18:39 ` [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI Richard Patel
2026-06-04 22:40 ` Paul Walmsley
2026-06-04 22:40 ` Paul Walmsley
2026-06-05 15:10 ` Richard Patel
2026-06-05 15:10 ` Richard Patel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260518183918.322545-1-ripatel@wii.dev \
--to=ripatel@wii.dev \
--cc=alex@ghiti.fr \
--cc=aou@eecs.berkeley.edu \
--cc=charlie@rivosinc.com \
--cc=debug@rivosinc.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=pjw@kernel.org \
--cc=shuah@kernel.org \
--cc=zong.li@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.