diff mbox series

[v1,RFC,Zisslpcfi,19/20] config: adding two new config for control flow integrity

Message ID 20230213045351.3945824-20-debug@rivosinc.com (mailing list archive)
State RFC
Delegated to: Palmer Dabbelt
Headers show
Series riscv control-flow integrity for U mode | expand

Checks

Context Check Description
conchuod/tree_selection fail Failed to apply to next/pending-fixes or riscv/for-next

Commit Message

Deepak Gupta Feb. 13, 2023, 4:53 a.m. UTC 
To maintain control flow integrity of a program, integrity of indirect
control transfers has to be maintained. Almost in all architectures there
are two mechanisms for indirect control transfer
 - Indirect call relying on a memory operand.
 - Returns which pop an address from stack and return to caller.

Control transfers relying on memory operands are inherently susceptible to
memory corruption bugs and thus allowing attackers to perform code re-use
attacks which eventually is used to inject attacker's payload.

All major architectures (x86, aarch64 and riscv) have introduced hardware
assistance in form of architectural extensions to protect returns (using
alternate shadow/control stack) and forward control flow (by enforcing
all indirect control transfers land on a landing pad instruction)

This patch introduces two new CONFIGs

  - CONFIG_USER_SHADOW_STACK
    Config to enable kernel support for user mode shadow stacks

  - CONFIG_USER_INDIRECT_BR_LP
    Config to enable kernel support for enforcing landing pad instruction
    on target of an indirect control transfer.

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
---
 init/Kconfig | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
diff mbox series

Patch

diff --git a/init/Kconfig b/init/Kconfig
index 44e90b28a30f..8867ea4b074f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -121,6 +121,25 @@  config THREAD_INFO_IN_TASK
 	  One subtle change that will be needed is to use try_get_task_stack()
 	  and put_task_stack() in save_thread_stack_tsk() and get_wchan().
 
+config USER_SHADOW_STACK
+	bool
+	help
+	  Select this to enable kernel to support user mode shadow stack. Most
+	  major architectures now support hardware assisted shadow stack. This
+	  allows to enable non-arch specifics related to shadow stack in kernel.
+	  Arch specific configuration options may also need to be enabled.
+
+config USER_INDIRECT_BR_LP
+	bool
+	help
+	  Select this to allow user mode apps to opt-in to force requirement for
+	  a landing pad instruction on indirect jumps or indirect calls in user mode.
+	  Most major architectures now support hardware assistance for landing pad
+	  instruction on indirect call or a jump. This config option allows non-arch
+	  specifics related to landing pad instruction to be enabled separately from
+	  arch specific implementations. Arch specific configuration options may also
+	  need to be enabled.
+
 menu "General setup"
 
 config BROKEN