| Message ID | 20241029-v5_user_cfi_series-v7-29-2727ce9936cb@rivosinc.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
by smtp.lore.kernel.org (Postfix) with ESMTP id C303CD7494E
for <linux-mm@archiver.kernel.org>; Tue, 29 Oct 2024 23:45:42 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
id 290F46B00CA; Tue, 29 Oct 2024 19:45:36 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
id 240C46B00CC; Tue, 29 Oct 2024 19:45:36 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
id EEA6E6B00CD; Tue, 29 Oct 2024 19:45:35 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com
[216.40.44.10])
by kanga.kvack.org (Postfix) with ESMTP id D0A966B00CA
for <linux-mm@kvack.org>; Tue, 29 Oct 2024 19:45:35 -0400 (EDT)
Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1])
by unirelay01.hostedemail.com (Postfix) with ESMTP id 910271C618E
for <linux-mm@kvack.org>; Tue, 29 Oct 2024 23:45:35 +0000 (UTC)
X-FDA: 82728273978.29.D5386CB
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
[209.85.210.169])
by imf08.hostedemail.com (Postfix) with ESMTP id ED32916001F
for <linux-mm@kvack.org>; Tue, 29 Oct 2024 23:45:16 +0000 (UTC)
Authentication-Results: imf08.hostedemail.com;
dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
header.b=cKMCNvKF;
dmarc=none;
spf=pass (imf08.hostedemail.com: domain of debug@rivosinc.com designates
209.85.210.169 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730245478; a=rsa-sha256;
cv=none;
b=yzs1ZU8U1z5i1GdopIp63iNzyHlHp2AdrIbRAUjMIAZ+4KiQRXCuWEL9h5Jd9JHynBILqK
kEtqHWJiWs8s4AKrVS+2hffPf1z/kW6xUbfEhWVVTzu1PrCy7XuBSWvK99r0akGRY52MiI
RV0j6UqL7kY8A/HKSEdkB332020qD20=
ARC-Authentication-Results: i=1;
imf08.hostedemail.com;
dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601
header.b=cKMCNvKF;
dmarc=none;
spf=pass (imf08.hostedemail.com: domain of debug@rivosinc.com designates
209.85.210.169 as permitted sender) smtp.mailfrom=debug@rivosinc.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=hostedemail.com;
s=arc-20220608; t=1730245478;
h=from:from:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:dkim-signature;
bh=Ev1Mbj3LeOLd13TT7hxU6pIG2vcpaYTYXYx00sbXeTw=;
b=596RRZV96QlaT+Kl4Si6DPu23a0bSsKmI7afRyt23MBKxGJ+r7jb//JBL5u1hfT3OMJFma
5Xv7qdHqS+6omKy9TyukvRfcVlBfAyni7HYyUm5bkHH18DibqAmXtVqkxaBDdCJpiWE7wu
mCglsm67l+WhOOk+gwUHDR2IHrNV8ZY=
Received: by mail-pf1-f169.google.com with SMTP id
d2e1a72fcca58-71e7086c231so4671875b3a.0
for <linux-mm@kvack.org>; Tue, 29 Oct 2024 16:45:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1730245532;
x=1730850332; darn=kvack.org;
h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
:mime-version:subject:date:from:from:to:cc:subject:date:message-id
:reply-to;
bh=Ev1Mbj3LeOLd13TT7hxU6pIG2vcpaYTYXYx00sbXeTw=;
b=cKMCNvKFKzls9a4RDnBg0lwwzeW/8LVBHhtz/407N0vvZcP3ouvfWjrPcy/XfjFIq8
ouKdOjsXDvUJBkE1KopPc5afa5XAZavFO2LtyZDNPcY47F+sFTwgt0XimP08aTtLRsa0
Ti9N0Pm26INZCyQ/suxeYl7F1PiNAOfAoLmdBr2EEKFluZnywkBPewQRSLbmmgF8ro82
z676bmqUogPlAu9+dEaNyweFffrGHxCiICAY94MAoyW1uXeX/sdE2Gmh67Oz4XuATHQE
4n4dWdPcOBQF2PCzVEP9N2SKwkWTVHnWF9E8iKw0LBMAlzXAtLwZUn4XDQZ/JSLgfMFH
4e+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1730245532; x=1730850332;
h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
:mime-version:subject:date:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=Ev1Mbj3LeOLd13TT7hxU6pIG2vcpaYTYXYx00sbXeTw=;
b=Po5z22+x9w32pK1ThttT9h0FS5cE7ccz5dZg9L845IUAgUni/fKjNEz6xDIvu4Ds/X
3AQpj7H6oW40mVdWLq0n75MRmGbpLz4GsAkwvMowsduP7RD10PoLjq1Se5tZICii9lqm
O4DiP45pSTsWOAd3Lti0U/7v1d5wz9C9zJuWyTbRUdezoeRXKEDoSKowrX9HFbUySGbJ
MS1ZvFIgPv7kxUK9AbGhsz8mVVbFPj8Ihb9DTrNzlEjluEAvZb/BjRg09cMy0wcsVrug
dk9Mq7Ne9E5U7loOFEk/ujkjzVHuUoFTv9tjSrChVxDq/g7/P/Gv8IK4SofIsOgXArNC
rD5Q==
X-Forwarded-Encrypted: i=1;
AJvYcCXFyvDtb6rj/Jebv6QBE5uve8G4KEnVdKNJ2xU9j6YisztxfMO/NGT23ILPjNockp5vKnfTnBhxrQ==@kvack.org
X-Gm-Message-State: AOJu0YxfWCkHAWYQVY9TmPqJuYf3AYTC+B/7xx8mhGw3YBfc1MM/7+BH
49w4paGA7WCMkvu215IP8GDBeSijKpfjB2pTLu0Ax70pbX1VBPvBp1hqsiFXMMI=
X-Google-Smtp-Source:
AGHT+IEfSyF62ivzJTKgFpp0kGdt3sdSzoahMwleruIgutJftkJDtf+kKS4NEl+lwlKC7xKag1P7PQ==
X-Received: by 2002:a05:6a00:18a3:b0:71e:6c65:e7c8 with SMTP id
d2e1a72fcca58-72063093579mr19109726b3a.23.1730245532485;
Tue, 29 Oct 2024 16:45:32 -0700 (PDT)
Received: from debug.ba.rivosinc.com ([64.71.180.162])
by smtp.gmail.com with ESMTPSA id
d2e1a72fcca58-72057921863sm8157643b3a.33.2024.10.29.16.45.30
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 29 Oct 2024 16:45:32 -0700 (PDT)
From: Deepak Gupta <debug@rivosinc.com>
Date: Tue, 29 Oct 2024 16:44:29 -0700
Subject: [PATCH v7 29/32] riscv: create a config for shadow stack and
landing pad instr support
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20241029-v5_user_cfi_series-v7-29-2727ce9936cb@rivosinc.com>
References: <20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com>
In-Reply-To: <20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>,
Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Christian Brauner <brauner@kernel.org>,
Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>,
Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-riscv@lists.infradead.org,
devicetree@vger.kernel.org, linux-arch@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org,
alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com,
andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com,
atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com,
alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org,
rick.p.edgecombe@intel.com, Deepak Gupta <debug@rivosinc.com>
X-Mailer: b4 0.14.0
X-Rspam-User:
X-Rspamd-Queue-Id: ED32916001F
X-Rspamd-Server: rspam01
X-Stat-Signature: txerwbpo3khsi5u5jpsw63itbnqkptmr
X-HE-Tag: 1730245516-523543
X-HE-Meta:
U2FsdGVkX19L5SuDaSHKQYQmR7r1FjDLmC2iWvB8N5gny/u25k/t+sPuQDO6UCCp8vQAJhUHmb5VDhfdjVf2622OqVUgn+jMBrERiZuKpFZzvWc2f4nYGpa7jt4zSMkPyDnBee95iH5L6d8yI43mPkGS0aiGwWbbqtGDolplQjnX2p0sPL6ayjT3bXESeiHt/OiPaiACF1N4kPq0vx0rgAThU0xPIIrRy7hJr5qwqDo8FXwADTM42BiwlGGVq5YjT4UwVi4YgOZNoX5ZS7h2390tGnkQkcNaX2rI0N38ttIp4niucCDjCkbTtGBxamR0qUYxSDavdthq1YmFxLq3xImFxVgk18+bxrM4/ZynFN7pMoRDf891Zuz6ICz5RFxg2apzWbhc/L9C4aSIgu8V3Kjb/5thwdH4EwD9eGVDo1rDDyn0/sAeslTshe+LV4WNMhYYDkap6k3OoilDbMr7uGy++2qeLKJD44mE+U3mPxWGVLmS2SvDxAH0ngftYlc/mW9qz0tBVHdFr/7jxwCRh29t7U1UEwPQR6odKV0AgzHv4/RpLimwG7d2zgIpVw5ld+hUs1/fOSCKb/StouKOm15T2N7C53BGY4pab48B6nOLwunLFJn1vDI7N1G/icCwC+ufaGAYJhMUssWTK9YZi7yplJG/dCjVMw4DSEtiLecrzFGUg2gc3LE60eXeCnxlqdMkVtJuyXtDt4d/yH3btkxHz5OYf20oZuxkLULY1ktwJtnQ7x/HM4/sYjsCRwB9iQbT1YYkZ7M77P2MtsNMpBKKwbnxj4aJ4nRjNBBj6apg1/ikyfM9TSOU1Kyvz+0hqMkXn4P3wzUdlGd0uYtETmU6gUaPEPnaZpCAXKQdj8EHSg/xNtAEjA7YeysK3omwrq6glgC1diytubjxm5x8hzsRvSikvoFtco1LWPW+7qJPD/BM52g4LgrNt9hDyRC7l775hRSJZs/PszJIrS4
FhInAMVf
v1aMvZfzkz9aI64zvuNOjceV/TD//kGi6esi7NfYke29GKCiC1LYfel1YBi2KXH/3W1y+kwcnysM6kf3q5t7L64teKnkOFRaCKareCZISf4SEuwt3V8m3LbR6yVwFsx9RrdfW25HUEBjeMmSq3HGvt6IgrwmsagNi1Z8wlSxXHj0al/kXNIjGVruGA26FnaYO7PgmBNe2PnYsvtRPVIHw1Etdxnd5mWa+uE0Qu4cl2LaEDtBk1pjhajEtQi6QXZHpXOoroh1QMHXxtMhGdTN0qiBCEThpbE76kNmy3rJ2ob9Y+umDSIv8h+jqd1PArSDyEKPHs2Q+ZypSeLXetqJYelElZWuDjqY2vw/rHpcgwE/rvGLr6Pe1yUYOBxFG9mv/dG6G/B5CwBN0fkE4C39wcTMoUx2RnG34OjXzPbce3Qdkk/+snk4ZGOuHkfKgG2UaQVWRSdffL8ziQ/qS2b1gVEpLcyRhwjcS2sNThhojvkR6kYE=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>
|
| Series |
riscv control-flow integrity for usermode
|
expand
|
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 22dc5ea4196c..53f367609c70 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -244,6 +244,26 @@ config ARCH_HAS_BROKEN_DWARF5 # https://github.com/llvm/llvm-project/commit/7ffabb61a5569444b5ac9322e22e5471cc5e4a77 depends on LD_IS_LLD && LLD_VERSION < 180000 +config RISCV_USER_CFI + def_bool y + bool "riscv userspace control flow integrity" + depends on 64BIT && $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss) + depends on RISCV_ALTERNATIVE + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + select DYNAMIC_SIGFRAME + help + Provides CPU assisted control flow integrity to userspace tasks. + Control flow integrity is provided by implementing shadow stack for + backward edge and indirect branch tracking for forward edge in program. + Shadow stack protection is a hardware feature that detects function + return address corruption. This helps mitigate ROP attacks. + Indirect branch tracking enforces that all indirect branches must land + on a landing pad instruction else CPU will fault. This mitigates against + JOP / COP attacks. Applications must be enabled to use it, and old user- + space does not get protection "for free". + default y + config ARCH_MMAP_RND_BITS_MIN default 18 if 64BIT default 8
This patch creates a config for shadow stack support and landing pad instr support. Shadow stack support and landing instr support can be enabled by selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path to enumerate CPU support and if cpu support exists, kernel will support cpu assisted user mode cfi. If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`, `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv. Signed-off-by: Deepak Gupta <debug@rivosinc.com> --- arch/riscv/Kconfig | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)