From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11665C36000 for ; Thu, 20 Mar 2025 21:25:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B04BA280002; Thu, 20 Mar 2025 17:25:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AB41B280001; Thu, 20 Mar 2025 17:25:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 954C1280002; Thu, 20 Mar 2025 17:25:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 76E7C280001 for ; Thu, 20 Mar 2025 17:25:35 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id A0AA3BADA6 for ; Thu, 20 Mar 2025 21:25:35 +0000 (UTC) X-FDA: 83243211030.14.27F1CBE Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by imf11.hostedemail.com (Postfix) with ESMTP id CCA6D4000B for ; Thu, 20 Mar 2025 21:25:33 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=ventanamicro.com header.s=google header.b=HA5LyXSK; dmarc=none; spf=pass (imf11.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.49 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742505934; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/BM8p6OTMwPELuLuoM3O1JzZA7D2mDcWqh6aQhebe2w=; b=bYewYmOm8rWbkluE/Sac7wnWVd5zssjJCk9e59xJNlHQsaFwCtQrKZbCYGgvkRi1og7Gac XBCFp5wiYuEau1i7kgSQ2KuJCVfSrWBrj/ccJ/gjQrajJKAC6vYXZp5WuIrvy9gAhi8Z8t 9CMEknW0biV2cQ449I5BJX9OoJKigB4= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=ventanamicro.com header.s=google header.b=HA5LyXSK; dmarc=none; spf=pass (imf11.hostedemail.com: domain of rkrcmar@ventanamicro.com designates 209.85.128.49 as permitted sender) smtp.mailfrom=rkrcmar@ventanamicro.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742505934; a=rsa-sha256; cv=none; b=cnedl2khqGXSZOUTShPdoDDcCU02WpecYybnpN2FbPuXakWP7nSujcwnDSqB4n8ZiTCZ0c WXcL73qMc0C02y++ThzH7LPwYh+6IM6qrqdCMHID325KafnDZ5sgeeZsCuQEwgrx4uyBxI /fRqQjmOgmwTYJet1MX79kMje9y/lzo= Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-43938828d02so1764465e9.1 for ; Thu, 20 Mar 2025 14:25:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ventanamicro.com; s=google; t=1742505932; x=1743110732; darn=kvack.org; h=in-reply-to:references:subject:from:to:cc:message-id:date :content-transfer-encoding:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=/BM8p6OTMwPELuLuoM3O1JzZA7D2mDcWqh6aQhebe2w=; b=HA5LyXSK7HcOJVG3Md6qKwycLq3D/8KF6X9J07UuJrGFnSkY+X1h8bfl6KFuglyHua aQ6rYW++VeLX9PgJIHKXg+B4F92/3GZP5G88ZjoZ/vhUcaVXZuh1W44VtPq9OvfIFpCr 9DcYAqh1uqmukvEFW2y42XCDs3qo1PMydTK+PaiOeVr5GfGwnGWsa56GI8ryZESGJHfb ukNKYlZtAYaF+rKQwMwCYGIJY0ktwKxsrdKv6s0BvNA9khOAnmzHX1u6KjEqFSTlLrag ZnybD44PM4J3jeZ1IOlw4u4Y/FgAuFpFSJOkDWFFr/EHydg/qoks9eORsuyEvw7eZAal 9PVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742505932; x=1743110732; h=in-reply-to:references:subject:from:to:cc:message-id:date :content-transfer-encoding:mime-version:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/BM8p6OTMwPELuLuoM3O1JzZA7D2mDcWqh6aQhebe2w=; b=pvz+z+VjSVsjCPsoZJ3oFNUbauf/L/HsiVZJosfuCGWSLMjyHyINK4YiafpJphmVj/ lN+VlAV94wIz6cTmKZ7Q3s8W9adpKvTGVGEloODyjlcHkR25uxZv53cvgUyp3H3pJeyf uOklT81BVbg6Npzw9ixL7U4I1cUUSiwBRuoCozBPyZa6UpOv/KF/0WFusOmqLgH+6Teg zrpjfO9V1kS6aoCHab7tP4SAtT3qLr8z6QvXmrnLSOd6cwX7RaWXR4S5Bk9LrSWfHCSa ycb/JnqM5vLcoxqIJ7URrryedbx2GhLomYfRNr7wFVbHac2JNm+k1cBiu4gIkDEUCAzq 5Wvg== X-Forwarded-Encrypted: i=1; AJvYcCWQ9Oc5NYl7W9qyhXjA2pYLj7qCdGiOfWw4ctv7RtuxdwLShTLfiGjfCjlMyWMtLNrNViC6vPCPgg==@kvack.org X-Gm-Message-State: AOJu0YzaX3GvGpMPjs8cU95DDdiNfSNs1Ros5H8EZnEd+I56hPwPsJxm uDZPAGiE2aWdMsWSWJkMUOFXOM2WvrM16/Ie9BhjJoytfJcBwBjBc6G2F/4JYMw= X-Gm-Gg: ASbGncujL1Uc2W3NX+iw13dYwVyxr5uybvDPwjw5UPyDJPJYzO81Xdj8jkscFf1/hba lUdbQ9V+bWivqwL+eHR9yjDP1RD7gSfIaiv3SXUUuweDDaYONtXuRZ9o5zRFqnxeucnb/BYyImE jrQDILfcgeUlivRsDuP9xtAAVzCQHK5nSpHzA6/GmypuFdl2g4oeWcjGt7qmMyc9UHfsvGWuim0 uBKmfWp15yqnk1+bTB+aWnrFxzG36yE7CAn/YqBsBB3SHvkRJp7UA7OLNSJuSNF0B/kZ/Oe4tsu fYiJUWMsIVW5Rkepl7BMr4xFyrtlhGrnxkDdnhSSXO+kSFokFx261iJhvAHvAq0c0L6gonviRnc 5L0wW X-Google-Smtp-Source: AGHT+IENUyr/tuJjthynG7pDAFWYzf7OBnXUo8NpuhgchW3KTo0PDxUCxZfCqwEA5Mqzg2/ebVjxow== X-Received: by 2002:a05:600c:46c3:b0:439:8294:2115 with SMTP id 5b1f17b1804b1-43d50a53d12mr2494095e9.8.1742505931793; Thu, 20 Mar 2025 14:25:31 -0700 (PDT) Received: from localhost (ip-89-103-73-235.bb.vodafone.cz. [89.103.73.235]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3997f9efe55sm579763f8f.88.2025.03.20.14.25.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Mar 2025 14:25:31 -0700 (PDT) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 20 Mar 2025 22:25:30 +0100 Message-Id: Cc: , , , , , , , , , , , , , , , , , , , , , "Zong Li" , "linux-riscv" To: "Deepak Gupta" , "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , , "H. Peter Anvin" , "Andrew Morton" , "Liam R. Howlett" , "Vlastimil Babka" , "Lorenzo Stoakes" , "Paul Walmsley" , "Palmer Dabbelt" , "Albert Ou" , "Conor Dooley" , "Rob Herring" , "Krzysztof Kozlowski" , "Arnd Bergmann" , "Christian Brauner" , "Peter Zijlstra" , "Oleg Nesterov" , "Eric Biederman" , "Kees Cook" , "Jonathan Corbet" , "Shuah Khan" , "Jann Horn" , "Conor Dooley" From: =?utf-8?q?Radim_Kr=C4=8Dm=C3=A1=C5=99?= Subject: Re: [PATCH v12 25/28] riscv: create a config for shadow stack and landing pad instr support References: <20250314-v5_user_cfi_series-v12-0-e51202b53138@rivosinc.com> <20250314-v5_user_cfi_series-v12-25-e51202b53138@rivosinc.com> In-Reply-To: <20250314-v5_user_cfi_series-v12-25-e51202b53138@rivosinc.com> X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: CCA6D4000B X-Stat-Signature: 1sng13ky6ttsks8xpgfxky68tzrdcga7 X-Rspam-User: X-HE-Tag: 1742505933-559634 X-HE-Meta: U2FsdGVkX18vGUiXIEKTPSE5CqLdzgrz+FGALwAaRa/eX0ScPx6bTvIt3Di5uHCl7qr0fGn3dTwTEQras48Tg1+z0FLLI8lbqqX/9+64lZQtW0hmyd+qv1+byDF66AP/qW7oLshUlo/bml8IeltRi2NL39kUe8S6bLW59qe/0EoSLYH6YiA1n9plvigQ10jeUkRksM0mFYzV664WEqH7yyNi/Np0XM1SuCYVz8aKCMR27cqhRYc9dfLq7GPuPiTgsCYO3bvkNejlZrpPgjqnNhX0UEvKtzuTl6yYhNU/+C/GMsUif7YgihHAu5IYY/8SNuqHHMAH5uA4t/G0fUk1ov7fyF0DiSOfjrdJzFgJ3bxNeNKvYAsg9mim+TU9Ztf5JvXWaK3pR3wa7DOWmZGD42dLyLqPya7hwxrtKi0yblsmcp8Bh1VrdFlde/U5txXwuQJjqoeIq3VqCpNlABw2hSoMKx91+OYkkjkw7Abi2gZ9Bn2bpEgxfjXO3pQy/mAfl+NhRXehdr7X5io1DbP0vZJnNUbAuwPKET06dMqHOa6O6rh/5MH1PSA5ktlCf9kXF0UuJkBY3KA2Mi5Hbuo7YVmlARg+tcXPMvhb8ynLrSijHSKW8l870IuD+S8a7p04zvb5zoVmQ3+lZFIna3x/wT/vu27RvgEM0woMPciCg0gC75RGDFmLHkbtVh0dYjbSWWm57LPsKT08/98CxtOlPfq4v2ZjkHe+gIVNFq259z6FDij1Hj21QVxtSQ5gf2KHeVwMIrCxu2vqwJKwkAtgOIyc/Dx74w2BQhaRsm1yKcX7wZxaMbJbrDmk7v2AaawnY9z8NFG2nuWICS/5CMOP48FLnH+K2dH4lAmZmxyP3jdO/97vvgSvHczAGuGVc96NtYxNMe0jxp1dgDwKzX8m58pJVoPkP3S4UILTI34bNobZ6W+PDyibt45TI7QzyQxzMJH1VCYDb36PbGb5eJD /K1MpxQo CGO6WvExztfgzz0HQbdEWb6bbyFrj7SKnUIxABVm6udu3NglnJgiV8MsBMD/JMnIn2TnQ1lYvOzezjOHzZXBBNxULJG1+A6ax/BqqORQMPlLefT7R9BlFgMX7aGbt2LAE4JzIkfIZ9WIrqXjRhZICbrNpTHfJ0tXVEZJ+UYFQFu0/1OtVWBN852xqTaewvFLxw/qLd29dQV2iMUwT3VuN/mzChQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 2025-03-14T14:39:44-07:00, Deepak Gupta : > This patch creates a config for shadow stack support and landing pad inst= r > support. Shadow stack support and landing instr support can be enabled by > selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wire= s > up path to enumerate CPU support and if cpu support exists, kernel will > support cpu assisted user mode cfi. > > If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`, > `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv. > > Reviewed-by: Zong Li > Signed-off-by: Deepak Gupta > --- > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > @@ -250,6 +250,26 @@ config ARCH_HAS_BROKEN_DWARF5 > +config RISCV_USER_CFI > + def_bool y > + bool "riscv userspace control flow integrity" > + depends on 64BIT && $(cc-option,-mabi=3Dlp64 -march=3Drv64ima_zicfiss) > + depends on RISCV_ALTERNATIVE > + select ARCH_HAS_USER_SHADOW_STACK > + select ARCH_USES_HIGH_VMA_FLAGS > + select DYNAMIC_SIGFRAME > + help > + Provides CPU assisted control flow integrity to userspace tasks. > + Control flow integrity is provided by implementing shadow stack for > + backward edge and indirect branch tracking for forward edge in progra= m. > + Shadow stack protection is a hardware feature that detects function > + return address corruption. This helps mitigate ROP attacks. > + Indirect branch tracking enforces that all indirect branches must lan= d > + on a landing pad instruction else CPU will fault. This mitigates agai= nst > + JOP / COP attacks. Applications must be enabled to use it, and old us= er- > + space does not get protection "for free". > + default y A high level question to kick off my review: Why are landing pads and shadow stacks merged together? Apart from adding build flexibility, we could also split the patches into two isolated series, because the features are independent.