* [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI
@ 2026-05-18 18:39 Richard Patel
2026-06-04 22:40 ` Paul Walmsley
0 siblings, 1 reply; 3+ messages in thread
From: Richard Patel @ 2026-05-18 18:39 UTC (permalink / raw)
To: Paul Walmsley, Palmer Dabbelt, Albert Ou
Cc: Alexandre Ghiti, Deepak Gupta, Zong Li, Charlie Jenkins,
Shuah Khan, linux-riscv, linux-kselftest, linux-kernel,
Richard Patel
prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored
unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should
be permitted.
This is a uABI breaking change (fails previously accepted bits
with EINVAL).
Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to be more descriptive")
Signed-off-by: Richard Patel <ripatel@wii.dev>
---
arch/riscv/include/asm/usercfi.h | 1 +
arch/riscv/kernel/usercfi.c | 3 +++
tools/testing/selftests/riscv/cfi/cfitests.c | 6 ++++++
3 files changed, 10 insertions(+)
diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/usercfi.h
index f56966edbf5c..61ee02cee297 100644
--- a/arch/riscv/include/asm/usercfi.h
+++ b/arch/riscv/include/asm/usercfi.h
@@ -50,6 +50,7 @@ void set_indir_lp_status(struct task_struct *task, bool enable);
void set_indir_lp_lock(struct task_struct *task, bool lock);
#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE)
+#define PR_CFI_SUPPORTED_STATUS_MASK (PR_CFI_ENABLE | PR_CFI_DISABLE | PR_CFI_LOCK)
#else
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c
index cbfb4e495e9f..5a7113d69bad 100644
--- a/arch/riscv/kernel/usercfi.c
+++ b/arch/riscv/kernel/usercfi.c
@@ -467,6 +467,9 @@ int arch_prctl_set_branch_landing_pad_state(struct task_struct *t, unsigned long
if (!is_user_lpad_enabled())
return -EINVAL;
+ if (state & ~PR_CFI_SUPPORTED_STATUS_MASK)
+ return -EINVAL;
+
/* indirect branch tracking is locked and further can't be modified by user */
if (is_indir_lp_locked(t))
return -EINVAL;
diff --git a/tools/testing/selftests/riscv/cfi/cfitests.c b/tools/testing/selftests/riscv/cfi/cfitests.c
index 39d097b6881f..0e3943461e7d 100644
--- a/tools/testing/selftests/riscv/cfi/cfitests.c
+++ b/tools/testing/selftests/riscv/cfi/cfitests.c
@@ -141,6 +141,12 @@ int main(int argc, char *argv[])
ksft_print_msg("Starting risc-v tests\n");
+ /* Test unknown PR_CFI bits */
+ ret = my_syscall5(__NR_prctl, PR_SET_CFI, PR_CFI_BRANCH_LANDING_PADS,
+ PR_CFI_ENABLE | 0xffff0, 0, 0);
+ if (!ret)
+ ksft_exit_fail_msg("PR_SET_CFI accepted reserved branch landing pad bits\n");
+
/*
* Landing pad test. Not a lot of kernel changes to support landing
* pads for user mode except lighting up a bit in senvcfg via a prctl.
--
2.47.3
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI
2026-05-18 18:39 [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI Richard Patel
@ 2026-06-04 22:40 ` Paul Walmsley
2026-06-05 15:10 ` Richard Patel
0 siblings, 1 reply; 3+ messages in thread
From: Paul Walmsley @ 2026-06-04 22:40 UTC (permalink / raw)
To: Richard Patel
Cc: Paul Walmsley, Palmer Dabbelt, Albert Ou, Alexandre Ghiti,
Deepak Gupta, Zong Li, Charlie Jenkins, Shuah Khan, linux-riscv,
linux-kselftest, linux-kernel
Hi,
On Mon, 18 May 2026, Richard Patel wrote:
> prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored
> unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should
> be permitted.
<
> This is a uABI breaking change (fails previously accepted bits
> with EINVAL).
Thanks for the patch. However, I'm not convinced that this actually
breaks anything. The behavior of the interface changes when unknown flags
are specified, but I'm not aware of anything that relies on this specific
behavior.
Does that match your understanding?
- Paul
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI
2026-06-04 22:40 ` Paul Walmsley
@ 2026-06-05 15:10 ` Richard Patel
0 siblings, 0 replies; 3+ messages in thread
From: Richard Patel @ 2026-06-05 15:10 UTC (permalink / raw)
To: Paul Walmsley
Cc: Palmer Dabbelt, Albert Ou, Alexandre Ghiti, Deepak Gupta, Zong Li,
Charlie Jenkins, Shuah Khan, linux-riscv, linux-kselftest,
linux-kernel
On Thu, Jun 04, 2026 at 04:40:31PM -0600, Paul Walmsley wrote:
> Hi,
>
> On Mon, 18 May 2026, Richard Patel wrote:
>
> > prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored
> > unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should
> > be permitted.
> <
> > This is a uABI breaking change (fails previously accepted bits
> > with EINVAL).
>
> Thanks for the patch. However, I'm not convinced that this actually
> breaks anything. The behavior of the interface changes when unknown flags
> are specified, but I'm not aware of anything that relies on this specific
> behavior.
>
> Does that match your understanding?
I agree, yes, happy to rephrase the commit message.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-06-05 15:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-18 18:39 [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI Richard Patel
2026-06-04 22:40 ` Paul Walmsley
2026-06-05 15:10 ` Richard Patel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox