From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3947BC47258 for ; Thu, 25 Jan 2024 18:04:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AFA376B0083; Thu, 25 Jan 2024 13:04:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id AAB4F6B008A; Thu, 25 Jan 2024 13:04:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 923BB6B008C; Thu, 25 Jan 2024 13:04:45 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 7B7A16B0083 for ; Thu, 25 Jan 2024 13:04:45 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4EA3F40E06 for ; Thu, 25 Jan 2024 18:04:45 +0000 (UTC) X-FDA: 81718608930.24.AED8960 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 39BB0C0032 for ; Thu, 25 Jan 2024 18:04:42 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=M8+ilI+r; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of conor@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=conor@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706205883; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vlqeWtHS6tTdju7+Lm+hX2aYTlLF1nAIWUyph35lNCM=; b=d59ZNrb2H+p6DRnpRDFYZfGC/IibAfxTWhm0LewoQ8WKqoSDYrLcYVdbdf1NLMcCkgGz0m CJ9duPYzRwDf5GhauShJklG1wtS0EY2Abdrfl+8L8gYzk4ebNf300kdFnO7b0Z0M/ZbKKl V2DzlsZdZ+q8f5NsDiguhvx4oYm7LNE= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=M8+ilI+r; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of conor@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=conor@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706205883; a=rsa-sha256; cv=none; b=ne9ja0ytpC32K5vu2N4BYlSmiqJwmeMt235rkCAt2x/E92WeaxYLQNWWxjFZpf4ijYBPp7 fBirimPBLcZdvWQNYcerhM9KVzkWrKpSDLet/1cwdpxf2cquRBoGbfZaO2zgHq1g/7OdGk 13qwp8R3NdFmFKEOxG+EhjDsudpJQ2w= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D24A261503; Thu, 25 Jan 2024 18:04:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32A08C433F1; Thu, 25 Jan 2024 18:04:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1706205881; bh=WDKiWZF/CO1jOYkvrWCm5fjBFh98x/VbgkhxOL64aJw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=M8+ilI+rArrGEQzPOKxpm2KS3wnWPXl81DIQIIVlFks4XkUWeCCYLnv2W1QOtXMH7 vxZxdNzGTgI5Ck6OrV+3PtZNm8Cr5WmRLPPVQcrGnWkkUSAu1d3v3XE2hVMJZ0m9He iD1f44ZRSJJgs0xN+T5HI7H5rxVDgR/KYt90fxsf1ZKe9ZQZMRjMC418rbZF1Jcup/ jSkG8NJUt5s3pNBKI69IhDV3sAr3XfzL+Cq4zJGEx4bc4nPpBECZySU7/hCjLo8m9L 32n4SQxsAE7RgeGLlnFvEweH44zMFp5oX7ZMLwG65JW0diChuZZSzVja0gYDOCJ15k mVK8beInkEYYw== Date: Thu, 25 Jan 2024 18:04:26 +0000 From: Conor Dooley To: debug@rivosinc.com Cc: rick.p.edgecombe@intel.com, broonie@kernel.org, Szabolcs.Nagy@arm.com, kito.cheng@sifive.com, keescook@chromium.org, ajones@ventanamicro.com, paul.walmsley@sifive.com, palmer@dabbelt.com, conor.dooley@microchip.com, cleger@rivosinc.com, atishp@atishpatra.org, alex@ghiti.fr, bjorn@rivosinc.com, alexghiti@rivosinc.com, corbet@lwn.net, aou@eecs.berkeley.edu, oleg@redhat.com, akpm@linux-foundation.org, arnd@arndb.de, ebiederm@xmission.com, shuah@kernel.org, brauner@kernel.org, guoren@kernel.org, samitolvanen@google.com, evan@rivosinc.com, xiao.w.wang@intel.com, apatel@ventanamicro.com, mchitale@ventanamicro.com, waylingii@gmail.com, greentime.hu@sifive.com, heiko@sntech.de, jszhang@kernel.org, shikemeng@huaweicloud.com, david@redhat.com, charlie@rivosinc.com, panqinglin2020@iscas.ac.cn, willy@infradead.org, vincent.chen@sifive.com, andy.chiu@sifive.com, gerg@kernel.org, jeeheng.sia@starfivetech.com, mason.huo@starfivetech.com, ancientmodern4@gmail.com, mathis.salmen@matsal.de, cuiyunhui@bytedance.com, bhe@redhat.com, chenjiahao16@huawei.com, ruscur@russell.cc, bgray@linux.ibm.com, alx@kernel.org, baruch@tkos.co.il, zhangqing@loongson.cn, catalin.marinas@arm.com, revest@chromium.org, josh@joshtriplett.org, joey.gouly@arm.com, shr@devkernel.io, omosnace@redhat.com, ojeda@kernel.org, jhubbard@nvidia.com, linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [RFC PATCH v1 24/28] riscv: select config for shadow stack and landing pad instr support Message-ID: <20240125-snitch-boogieman-5b4a0b142e61@spud> References: <20240125062739.1339782-1-debug@rivosinc.com> <20240125062739.1339782-25-debug@rivosinc.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="NUnGWzqhiv75TmQp" Content-Disposition: inline In-Reply-To: <20240125062739.1339782-25-debug@rivosinc.com> X-Rspamd-Queue-Id: 39BB0C0032 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: etuznhkjwgyikoeh7pf4895zx6ucbjpo X-HE-Tag: 1706205882-724162 X-HE-Meta: U2FsdGVkX1+BoFGr74ciYFvIw6Wfu4lCgTVlVpJEnpiHzgyQAioFUqjK2SnWZW5jYHX0Sa2VLd76js0j5Yf0gw+GhLjcga/V9eE6l5mHq6tlya1WweIH2nGMUix4Nzlekjuu62m8VuJ5fP9wAX6QtLIcW7qMAvQfKm4caURpydI7QpGYzyNxRqjlCKA7TCKGl+PGt6jKiyXNufNDWuamjEsKSldpZIaDFRYp3z8I3ayMZRaYhYeWMbqshwOWm5+wbk9/78E00U8ly5BdtN8iURVa1neuekH/onlX5pJbN3L3y6zedCPN0xgOr6OIf5o9kUnNucFjUZ3Vbrx0VIjaOmbeichwdmIvF1NsM2xHfinVExVGHCbf+QOOzn374HBYtMQZZqD5VeFzsEsZfkyhPyCJsi1bZVs/dlex40DPMkifZ/riJ24Vcvh3J472bVS20q+nhqycxoMRsq+Ce6NZZwzgwwy24jtHF2g5eX1TpgKNco5wWJMu5CV9dd0axECXzjcx7x9UowAP/u/WBdFKTi0pKNzXmBiWLXF58efE9oARZ4bRpoyZDXLkG0ZuRpLy/PVuqETU0xm54/fqYq77kd8hDYyNz5nPzXd5iYEEu7KDrwoffAkMPh88fwSAqX3UNDrwnQnfZUEWaq5WBlY5rHSegyXSlJdaOogfP/JGBgipNAyRFPJXp49kSZvVOOfdh7ZlZ+WVu8m1WO+yHzh0IQ4BbfDcAWanDJpceLr1cpRZ8WZvr6THdMfVILw4X1oEgNDXgFHbDL3WykC8OODj2sRpuHR2ta1hIbt4voRN81MS9qiLEeuSWYvSS3dXvs2FbYe5GRPDIgOGyHZSsTPbUiYTd56FOObaNdcoxVNPz/kGjzgQHrbSj5Xvvf98SYAAiiLbp1G0oVZ1l5FqKb65AxVfUS3P0qrqlvaY2QkE/SyZoI/TXHz9N/UK9JkojMgKvnnVEE+MfHlm3ckuy4N 3Xi8cjp1 zI9qJDpu8IesHSEbKtFe8rpEw8pgVN7mH3z2IQsVeKGGUjpdNOF9CcDyBra3qLnZLKUil62xX8i3UhwwNsulvTv3xvdknEEs+OnZqL6FXBjmcQnAVy3xbdQq9ov5AoZkPVJr+uttz96HDbSTTBBK2m+eBQlCjc3yLlKQBg8DiC6kcZ007Ktlc5l017Qe9sxeUUxEoZ7QIldkKExX3K1vI8B/DM2QhLqFxorZgV3JDq9QU9Oxewono9gyZhSag/f3RjlXmRm/HC3BUBhHqxhvu6nTuansaKeA5LQ6upV2iYVfVEbfPFfmEpj3cCe968p4nXj+UajwR55UfDCtohemroTQRvZZ4KVR2fiXTRDl3bLaE/7SMUm1ljffepa5dkJvreNlCG3xllWzazJN51aP79190bE1vmtIUlSOuxjlhLj/Blbo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --NUnGWzqhiv75TmQp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 24, 2024 at 10:21:49PM -0800, debug@rivosinc.com wrote: > From: Deepak Gupta >=20 > This patch selects config shadow stack support and landing pad instr > support. Shadow stack support and landing instr support is hidden behind > `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path > to enumerate CPU support and if cpu support exists, kernel will support > cpu assisted user mode cfi. >=20 > Signed-off-by: Deepak Gupta > --- > arch/riscv/Kconfig | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) >=20 > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index 9d386e9edc45..437b2f9abf3e 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -163,6 +163,7 @@ config RISCV > select SYSCTL_EXCEPTION_TRACE > select THREAD_INFO_IN_TASK > select TRACE_IRQFLAGS_SUPPORT > + select RISCV_USER_CFI This select makes no sense to me, it will unconditionally enable RISCV_USER_CFI. I don't think that that is your intent, since you have a detailed option below that allows the user to turn it on or off. If you remove it, the commit message will need to change too FYI. Thanks, Conor. > select UACCESS_MEMCPY if !MMU > select ZONE_DMA32 if 64BIT > =20 > @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK > # https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e= 6eeb51f0cb7b8819e50da6d2444d769 > depends on $(ld-option,--no-relax-gp) > =20 > +config RISCV_USER_CFI > + bool "riscv userspace control flow integrity" > + help > + Provides CPU assisted control flow integrity to userspace tasks. > + Control flow integrity is provided by implementing shadow stack for > + backward edge and indirect branch tracking for forward edge in progra= m. > + Shadow stack protection is a hardware feature that detects function > + return address corruption. This helps mitigate ROP attacks. > + Indirect branch tracking enforces that all indirect branches must land > + on a landing pad instruction else CPU will fault. This mitigates agai= nst > + JOP / COP attacks. Applications must be enabled to use it, and old us= er- > + space does not get protection "for free". > + default y > + > config ARCH_MMAP_RND_BITS_MIN > default 18 if 64BIT > default 8 > --=20 > 2.43.0 >=20 >=20 > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv --NUnGWzqhiv75TmQp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQRh246EGq/8RLhDjO14tDGHoIJi0gUCZbKiqgAKCRB4tDGHoIJi 0vKGAQDVTVByG7JLLR+gPjsKjLHdPRWsvjnTta2HP7StCen6fgD9Eq3Uv1oej4Qh QiRGb9e3PxfM9z73zB+grxPynuwKxg4= =TScR -----END PGP SIGNATURE----- --NUnGWzqhiv75TmQp--