On Wed, Jan 24, 2024 at 10:21:49PM -0800, debug@xxxxxxxxxxxx wrote: > From: Deepak Gupta <debug@xxxxxxxxxxxx> > > This patch selects config shadow stack support and landing pad instr > support. Shadow stack support and landing instr support is hidden behind > `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path > to enumerate CPU support and if cpu support exists, kernel will support > cpu assisted user mode cfi. > > Signed-off-by: Deepak Gupta <debug@xxxxxxxxxxxx> > --- > arch/riscv/Kconfig | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index 9d386e9edc45..437b2f9abf3e 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -163,6 +163,7 @@ config RISCV > select SYSCTL_EXCEPTION_TRACE > select THREAD_INFO_IN_TASK > select TRACE_IRQFLAGS_SUPPORT > + select RISCV_USER_CFI This select makes no sense to me, it will unconditionally enable RISCV_USER_CFI. I don't think that that is your intent, since you have a detailed option below that allows the user to turn it on or off. If you remove it, the commit message will need to change too FYI. Thanks, Conor. > select UACCESS_MEMCPY if !MMU > select ZONE_DMA32 if 64BIT > > @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK > # https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769 > depends on $(ld-option,--no-relax-gp) > > +config RISCV_USER_CFI > + bool "riscv userspace control flow integrity" > + help > + Provides CPU assisted control flow integrity to userspace tasks. > + Control flow integrity is provided by implementing shadow stack for > + backward edge and indirect branch tracking for forward edge in program. > + Shadow stack protection is a hardware feature that detects function > + return address corruption. This helps mitigate ROP attacks. > + Indirect branch tracking enforces that all indirect branches must land > + on a landing pad instruction else CPU will fault. This mitigates against > + JOP / COP attacks. Applications must be enabled to use it, and old user- > + space does not get protection "for free". > + default y > + > config ARCH_MMAP_RND_BITS_MIN > default 18 if 64BIT > default 8 > -- > 2.43.0 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/linux-riscv
Attachment:
signature.asc
Description: PGP signature