From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05A53C3DA6D for ; Fri, 23 May 2025 05:32:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 935796B00BE; Fri, 23 May 2025 01:32:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8E5FA6B00C0; Fri, 23 May 2025 01:32:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7AD186B00C1; Fri, 23 May 2025 01:32:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 590D86B00BE for ; Fri, 23 May 2025 01:32:36 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 101A4140CD2 for ; Fri, 23 May 2025 05:32:36 +0000 (UTC) X-FDA: 83473052712.29.537A766 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by imf28.hostedemail.com (Postfix) with ESMTP id 21710C0007 for ; Fri, 23 May 2025 05:32:33 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=Oe3Q2kzZ; dmarc=none; spf=pass (imf28.hostedemail.com: domain of debug@rivosinc.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747978354; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zd01FxT3OlMOzWqIaODnmoUPnuHtuVmONb+HNJjd/YM=; b=RDJJcVWRq488/3kfc1comBjOpgUz6//xFhqq7nsfGJsq08EsS/CW+xrLYeUEpCyDg9LuzJ q9yiN7J/rfXFv1IY9F80+LC+gL8rakkPubFBZ4OYgSr7cuhomDQmJ4C5LxAA6W5xxfYFyp BKVN+V9v3tH+TV3F9FaRtja3bR1W2ds= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747978354; a=rsa-sha256; cv=none; b=XKn+7Ds4btPd4aEI6O/gjxnLbKML63jomKqrhRvucaIl3ksXVcvT3S4WY43tQp+PGbDce4 oQkDDDcRyJrbfExEYkQf30lvtHd/DbDLFyQnhxx6/T25iVUIWeOvqHRs8tb0Ezfa9SAlhx f5yXIkeRgc/s7Cmm0cw4LUP0qOqk/sk= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=Oe3Q2kzZ; dmarc=none; spf=pass (imf28.hostedemail.com: domain of debug@rivosinc.com designates 209.85.210.180 as permitted sender) smtp.mailfrom=debug@rivosinc.com Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7390d21bb1cso7471285b3a.2 for ; Thu, 22 May 2025 22:32:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1747978353; x=1748583153; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=zd01FxT3OlMOzWqIaODnmoUPnuHtuVmONb+HNJjd/YM=; b=Oe3Q2kzZS23Gy/AwjJstIPiHk5SdCL7dS+mrIMIelZi1CnU6CEGVDThQHQfUuxQyBN 4i7vZaTAoZ/jpYfkpHla0keV9ELgjKvr7oWaR2Yv8bgQd7OxZFMgqYTHPBJs2pRqohxv I2KszDS8eL5YkI0wzx/P/OQ5BNzN1lVuTO8/qvnySbs4W47tKnISzP0C5H61h1jwCR4f ua/JVpeJIuanlpwlAsZqNVBhDDR9kaS3O18wFUFZ9FaDRYJgESdGTTY1Kr6KwTSHae34 qFp/Sjlq4vN4RzSZpOKsdQh3YBdCgvZ2POKPZZ+dcmBIkohMC3kSQ5yDmbHxJANBI8xv B18A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747978353; x=1748583153; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zd01FxT3OlMOzWqIaODnmoUPnuHtuVmONb+HNJjd/YM=; b=Bf5rO7XYk+YZHXSxpFTqH5H6dQ/hfcDRLRiMbCFLXfGJct2Q1LWE/WljxNxC5N7NF0 x4LMeD59mZBw9EDzGv8nD4tp7kzBCvfF6wuQDLiOB374xXCciREuxyiCiEWK3AiZiJ7U 7zrB9uE6MFEratZqT8W8w9UDpt8BPbirb+32whTTq8NfCj8Lf8d+ys+jQkgGuGW+xzQX xcByrznXQy6WZ4Nv6DoeVcdsTi1rSEgzbDuAZvYVZNeIWSTvVNvb1nFc37skA+Ry945s tF+VF+rJ7SUfcbW7sh4uZVSewf5UwA0RfflwPqvuTjrAJlLx7A74B20FYVOjmGGB5liG EaMw== X-Forwarded-Encrypted: i=1; AJvYcCUhnPXL9ZaxriDUrEJUebiERVWC/JvnwDz5iwuHeIoxqfO9MA5rLutwK7qK1UVy287CjOAOhZbnzg==@kvack.org X-Gm-Message-State: AOJu0YwtvGmXR+Ao38efOJvSXQVMIDo/E0/E8HQiHm+AlS+rwTdc5PC8 sPScgqLAU2489pHtDQ0wfHJQmSwl610S/ghOrwzF0ifRbYnkszgNPQCikRBUlrKWE4E= X-Gm-Gg: ASbGncu3lqqV8izeyFztWKjkKU62gHqFLt4G6+SVIpzh09Ulkmrsv6PuVaFMRwqVt5q dC+KqZuYOqXK8HDpAbN8hRnh9IUywHFI6wpgmKUSuDQZkkca1Y2ekMieiUngDHh3ttkdQ2oZpYl RGu6u2Fh1tIITDKrVPV4L430Aq96Y4VglOYRUa9skxbAZ7fdUh0EvWgq5Rfx4IllZin0kzdTpoY 3hwrzT0unSMD8MOittpIUFZdSWiLLbIlOXdopq9BEc5vuiRnwJJpeqH1QCzMPFbSbbV5aXmsTSi 8vpHcURM29TqKv6BGTPU8XV79aLpYIIFAAMVbFuTZuZe3AbyrZ1SBJu0P+Py2hj2oLftIAJA X-Google-Smtp-Source: AGHT+IHiypBZn8GTV0A/2+Gj0eQCyN8j7h3oyPr5Idne7mafOFuM42ePJJ91A987vgZKpCGw+DfvwA== X-Received: by 2002:a05:6a00:2790:b0:737:9b:582a with SMTP id d2e1a72fcca58-742a98de014mr39044316b3a.24.1747978352881; Thu, 22 May 2025 22:32:32 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-742a982a0a4sm12474336b3a.101.2025.05.22.22.32.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 May 2025 22:32:32 -0700 (PDT) From: Deepak Gupta Date: Thu, 22 May 2025 22:31:27 -0700 Subject: [PATCH v16 24/27] riscv: create a config for shadow stack and landing pad instr support MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250522-v5_user_cfi_series-v16-24-64f61a35eee7@rivosinc.com> References: <20250522-v5_user_cfi_series-v16-0-64f61a35eee7@rivosinc.com> In-Reply-To: <20250522-v5_user_cfi_series-v16-0-64f61a35eee7@rivosinc.com> To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Paul Walmsley , Palmer Dabbelt , Albert Ou , Conor Dooley , Rob Herring , Krzysztof Kozlowski , Arnd Bergmann , Christian Brauner , Peter Zijlstra , Oleg Nesterov , Eric Biederman , Kees Cook , Jonathan Corbet , Shuah Khan , Jann Horn , Conor Dooley , Miguel Ojeda , Alex Gaynor , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, rust-for-linux@vger.kernel.org, Zong Li , Deepak Gupta X-Mailer: b4 0.13.0 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 21710C0007 X-Stat-Signature: aft5nsrpxf1inzxtkdwuejorc6ca1ggw X-Rspam-User: X-HE-Tag: 1747978353-904483 X-HE-Meta: U2FsdGVkX1997U9N/izui6n3AXK7lEPekchSDfpxukVdvisk38t3oDmyIfi+nR7h/iOSAr1I2gyNO/V0AJ57njyd2vAzOVH0d3HTn9D8JFCfvekp9CxQDw3JuJcYUoGonsbQNceDV4lmkctjpyctMFJWvSo3qhIMF5oe90zrbWb9VerUWO2njNRTnbcPob5uCucW376S3o97r4iEiG+7BfZgVyPoOZ5Ib79+OJfxlqak8XETz9R5F9RKGy+Y6eborJOKY36MGk2bsKOokAX+D50ljNzWijLpHSdvJS1wjoff03xmQg+H4J4gW8Q/TEr7yWFtgmHJQmgupz5Lau/650JaUayMCD7DxaIyZqxw5CjBvC8niE6H5Z23KvCvufuCwzfbpNxuD/QNIVQMJRO+l0+DUJJ6+1J2aFeUXlsZG7wYhnRc71ZrLUxwgQ/7585npInFkm06ubsB3seys5rvBCXPEVxrCnM2EPZ3fK/yIVGdshZav20pujlS7mXikhl+OM6nHjCkr/DHJ0RpjCIoRB9crL1HQue2ZT78rbxnA/8iKf5fK9JKpkuPxfXTRiaDMunxVIpePNIgU+pgQj7i3jpkSYjK9MB/GW7jJBMhb0cuOCZjRE1hNqLWkbNs3qlj6wr+Ts0fyIXysvecq6hMhU+54TvrF/rgMq3ygkGA607S1VuytH+7OF0PGtlPaE26KcEdJ9kW14QsPFGSBydra1Ee9sJBhqqoP0oiGTkm7eWJMPYkgrFtbzfl2QER/m6UIvs+t9UwZ1KLRPC6Rs/UcYeVdMOn8bLPI0rGJn73bOkUrHeqr1c4XX1PGVlHp/htXIlNAksmrIE3wRk8DsgerLPM9U2k1jCBar4eqt9zdxMv5R1v/VfVt1QaiRjxoT6Eo6mmMXyd3nfOyZfjgeR6foFDdX4M7MIP9SX+RF0WSH6KP6HL1D9K/j9zw+O8czb7Xr1B0638lI0TTorc/mV 0OB1wHFb 1wFDPgaBFvMPTZAogzkpsmr86IhpHaS8T1Ezc0KGYRExO0KzQOQcMVGKGQZSuWDHIfYxbG3B7eJ39zahLC+KeBHQuM/tXRJ26Ios4NwGqHtwWGIyZs0FZjaetQRD49gM9UkIDhpa4P538CZXoroami+Gxlx/2xhirfLOzE794S7yHq+XNFLzEWB54hbLWhKUHDG+d58hEGxA4sw81agn84l7d7Q8MKtpNYdtVjoxOakqMtFNLLaq6Dg4MkMGbnOsA97x+dpFQz2yaGAC0MaWLvvCOKwviNtjQh+1KLt30dXYd24UNku/4kJuGN0mkTMAmWSmW7oDUGnRIzjDT3MsBzZ5RXkMmzVPope7u9BAf5QhrDvloBH5Wb3jaKAkgwTGZDrCGbPRO6YIzECBnMWjDZFXiFHq3sxXfliu1Q+X4gH5lDqGb/vsjAJkCtXTnq1o+El4qbVOvcrYFwBjwxzdwuxZQXyuiFinN14o5SCDa4rYbwxiQ3rY0aDtHhCbtzZi7rSWc90A1TpFrthFX/8GVC07BUb6OyhKfOvt3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This patch creates a config for shadow stack support and landing pad instr support. Shadow stack support and landing instr support can be enabled by selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path to enumerate CPU support and if cpu support exists, kernel will support cpu assisted user mode cfi. If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`, `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv. Reviewed-by: Zong Li Signed-off-by: Deepak Gupta --- arch/riscv/Kconfig | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index bbec87b79309..147ae201823e 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -256,6 +256,27 @@ config ARCH_HAS_BROKEN_DWARF5 # https://github.com/llvm/llvm-project/commit/7ffabb61a5569444b5ac9322e22e5471cc5e4a77 depends on LD_IS_LLD && LLD_VERSION < 180000 +config RISCV_USER_CFI + def_bool n + bool "riscv userspace control flow integrity" + depends on 64BIT && $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss) + depends on RISCV_ALTERNATIVE + select RISCV_SBI + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + select DYNAMIC_SIGFRAME + help + Provides CPU assisted control flow integrity to userspace tasks. + Control flow integrity is provided by implementing shadow stack for + backward edge and indirect branch tracking for forward edge in program. + Shadow stack protection is a hardware feature that detects function + return address corruption. This helps mitigate ROP attacks. + Indirect branch tracking enforces that all indirect branches must land + on a landing pad instruction else CPU will fault. This mitigates against + JOP / COP attacks. Applications must be enabled to use it, and old user- + space does not get protection "for free". + default y + config ARCH_MMAP_RND_BITS_MIN default 18 if 64BIT default 8 -- 2.43.0