From: Deepak Gupta <debug@rivosinc.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
llvm@lists.linux.dev, paul.walmsley@sifive.com,
palmer@dabbelt.com, aou@eecs.berkeley.edu, nathan@kernel.org,
ndesaulniers@google.com, morbo@google.com,
justinstitt@google.com, andy.chiu@sifive.com,
hankuan.chen@sifive.com, guoren@kernel.org,
greentime.hu@sifive.com, cleger@rivosinc.com,
apatel@ventanamicro.com, ajones@ventanamicro.com,
conor.dooley@microchip.com, mchitale@ventanamicro.com,
dbarboza@ventanamicro.com, waylingii@gmail.com,
sameo@rivosinc.com, alexghiti@rivosinc.com,
akpm@linux-foundation.org, shikemeng@huaweicloud.com,
rppt@kernel.org, charlie@rivosinc.com, xiao.w.wang@intel.com,
willy@infradead.org, jszhang@kernel.org, leobras@redhat.com,
songshuaishuai@tinylab.org, haxel@fzi.de,
samuel.holland@sifive.com, namcaov@gmail.com, bjorn@rivosinc.com,
cuiyunhui@bytedance.com, wangkefeng.wang@huawei.com,
falcon@tinylab.org, viro@zeniv.linux.org.uk, bhe@redhat.com,
chenjiahao16@huawei.com, hca@linux.ibm.com, arnd@arndb.de,
kent.overstreet@linux.dev, boqun.feng@gmail.com, oleg@redhat.com,
paulmck@kernel.org, broonie@kernel.org,
rick.p.edgecombe@intel.com
Subject: Re: [RFC PATCH 02/12] riscv: add landing pad for asm routines.
Date: Thu, 11 Apr 2024 10:53:39 -0700 [thread overview]
Message-ID: <ZhgjoyObf+nMihA4@debug.ba.rivosinc.com> (raw)
In-Reply-To: <CABCJKuee-6GGDDjvByCkikR02gka2BNhwRVBw6UAwEcmSQposQ@mail.gmail.com>
On Thu, Apr 11, 2024 at 05:15:17PM +0000, Sami Tolvanen wrote:
>On Tue, Apr 9, 2024 at 6:12 AM Deepak Gupta <debug@rivosinc.com> wrote:
>>
>> SYM_* macros are used to define assembly routines. In this patch series,
>> re-define those macros in risc-v arch specific include file to include
>> a landing pad instruction at the beginning. This is done only when the
>> compiler flag for landing pad is enabled (i.e. __riscv_zicfilp).
>>
>> Signed-off-by: Deepak Gupta <debug@rivosinc.com>
>> ---
>> arch/riscv/include/asm/linkage.h | 42 ++++++++++++++++++++++++++++++++
>> 1 file changed, 42 insertions(+)
>>
>> diff --git a/arch/riscv/include/asm/linkage.h b/arch/riscv/include/asm/linkage.h
>> index 9e88ba23cd2b..bb43ae7dadeb 100644
>> --- a/arch/riscv/include/asm/linkage.h
>> +++ b/arch/riscv/include/asm/linkage.h
>> @@ -6,7 +6,49 @@
>> #ifndef _ASM_RISCV_LINKAGE_H
>> #define _ASM_RISCV_LINKAGE_H
>>
>> +#ifdef __ASSEMBLY__
>> +#include <asm/assembler.h>
>> +#endif
>> +
>> #define __ALIGN .balign 4
>> #define __ALIGN_STR ".balign 4"
>>
>> +#ifdef __riscv_zicfilp
>> +/*
>> + * A landing pad instruction is needed at start of asm routines
>> + * re-define macros for asm routines to have a landing pad at
>> + * the beginning of function. Currently use label value of 0x1.
>> + * Eventually, label should be calculated as a hash over function
>> + * signature.
>> + */
>
>I haven't seen the compiler implementation for fine-grained Zicfilp
>yet, but in the kernel at least, this would ideally reuse as much of
>the KCFI plumbing as possible. For example, since only C code has type
>information, we left the type hash computation for the compiler, which
>allows assembly functions to just reference the appropriate
>__kcfi_typeid_* symbol.
Fine-grained compiler support hasn't made it in yet.
For reference, compiler that I've been using
https://github.com/sifive/riscv-gnu-toolchain/tree/cfi-dev
Honestly speaking, I didn't realize that kcfi plumbing has made it into
riscv as well. I realized that just after sending the patches.
In principle, I agree it should converge with software based kcfi scheme
as much as possible. However blocker that I see is `hash` is placed just
before function. This breaks for code mapped as execute only scenarios.
And ideally would like to have immediates at callsites instead of loads
(purely perf reason and not security).
But yes in next version, I'll take a look and try to converge as much as
possible.
>
>Sami
next prev parent reply other threads:[~2024-04-11 17:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 6:10 [RFC PATCH v1] riscv kernel control flow integrity Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 01/12] riscv: zicfiss / zicfilp extension csr and bit definitions Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 02/12] riscv: add landing pad for asm routines Deepak Gupta
2024-04-11 17:15 ` Sami Tolvanen
2024-04-11 17:53 ` Deepak Gupta [this message]
2024-04-11 18:33 ` Sami Tolvanen
2024-04-09 6:10 ` [RFC PATCH 03/12] riscv: after saving expected landing pad (elp), clear elp state Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 04/12] riscv: update asm call sites with label setup Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 05/12] riscv: fix certain indirect jumps for kernel cfi Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 06/12] scs: place init shadow stack in .shadowstack section Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 07/12] riscv/mm: prepare shadow stack for init task for kernel cfi Deepak Gupta
2024-05-12 20:12 ` Alexandre Ghiti
2024-05-13 18:59 ` Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 08/12] riscv: dynamic (zicfiss) shadow call stack support Deepak Gupta
2024-04-11 17:05 ` Sami Tolvanen
2024-04-11 17:30 ` Deepak Gupta
2024-04-11 17:47 ` Sami Tolvanen
2024-04-09 6:10 ` [RFC PATCH 09/12] scs: kernel shadow stack with hardware assistance Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 10/12] riscv/traps: Introduce software check exception Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 11/12] riscv: Kconfig & Makefile for riscv kernel control flow integrity Deepak Gupta
2024-04-09 6:10 ` [RFC PATCH 12/12] riscv: enable kernel shadow stack and landing pad enforcement Deepak Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZhgjoyObf+nMihA4@debug.ba.rivosinc.com \
--to=debug@rivosinc.com \
--cc=ajones@ventanamicro.com \
--cc=akpm@linux-foundation.org \
--cc=alexghiti@rivosinc.com \
--cc=andy.chiu@sifive.com \
--cc=aou@eecs.berkeley.edu \
--cc=apatel@ventanamicro.com \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bjorn@rivosinc.com \
--cc=boqun.feng@gmail.com \
--cc=broonie@kernel.org \
--cc=charlie@rivosinc.com \
--cc=chenjiahao16@huawei.com \
--cc=cleger@rivosinc.com \
--cc=conor.dooley@microchip.com \
--cc=cuiyunhui@bytedance.com \
--cc=dbarboza@ventanamicro.com \
--cc=falcon@tinylab.org \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=hankuan.chen@sifive.com \
--cc=haxel@fzi.de \
--cc=hca@linux.ibm.com \
--cc=jszhang@kernel.org \
--cc=justinstitt@google.com \
--cc=kent.overstreet@linux.dev \
--cc=leobras@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=mchitale@ventanamicro.com \
--cc=morbo@google.com \
--cc=namcaov@gmail.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=oleg@redhat.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=paulmck@kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=sameo@rivosinc.com \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=shikemeng@huaweicloud.com \
--cc=songshuaishuai@tinylab.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=waylingii@gmail.com \
--cc=willy@infradead.org \
--cc=xiao.w.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox