Re: [RFC PATCH v1 24/28] riscv: select config for shadow stack and landing pad instr support

Thu, 25 Jan 2024 10:04:48 -0800 

On Wed, Jan 24, 2024 at 10:21:49PM -0800, de...@rivosinc.com wrote:
> From: Deepak Gupta <de...@rivosinc.com>
> 
> This patch selects config shadow stack support and landing pad instr
> support. Shadow stack support and landing instr support is hidden behind
> `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path
> to enumerate CPU support and if cpu support exists, kernel will support
> cpu assisted user mode cfi.
> 
> Signed-off-by: Deepak Gupta <de...@rivosinc.com>
> ---
>  arch/riscv/Kconfig | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index 9d386e9edc45..437b2f9abf3e 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -163,6 +163,7 @@ config RISCV
>       select SYSCTL_EXCEPTION_TRACE
>       select THREAD_INFO_IN_TASK
>       select TRACE_IRQFLAGS_SUPPORT
> +     select RISCV_USER_CFI

This select makes no sense to me, it will unconditionally enable
RISCV_USER_CFI. I don't think that that is your intent, since you have a
detailed option below that allows the user to turn it on or off.

If you remove it, the commit message will need to change too FYI.

Thanks,
Conor.

>       select UACCESS_MEMCPY if !MMU
>       select ZONE_DMA32 if 64BIT
>  
> @@ -182,6 +183,20 @@ config HAVE_SHADOW_CALL_STACK
>       # 
> https://github.com/riscv-non-isa/riscv-elf-psabi-doc/commit/a484e843e6eeb51f0cb7b8819e50da6d2444d769
>       depends on $(ld-option,--no-relax-gp)
>  
> +config RISCV_USER_CFI
> +     bool "riscv userspace control flow integrity"
> +     help
> +       Provides CPU assisted control flow integrity to userspace tasks.
> +       Control flow integrity is provided by implementing shadow stack for
> +       backward edge and indirect branch tracking for forward edge in 
> program.
> +       Shadow stack protection is a hardware feature that detects function
> +       return address corruption. This helps mitigate ROP attacks.
> +       Indirect branch tracking enforces that all indirect branches must land
> +       on a landing pad instruction else CPU will fault. This mitigates 
> against
> +       JOP / COP attacks. Applications must be enabled to use it, and old 
> user-
> +       space does not get protection "for free".
> +       default y
> +
>  config ARCH_MMAP_RND_BITS_MIN
>       default 18 if 64BIT
>       default 8
> -- 
> 2.43.0
> 
> 
> _______________________________________________
> linux-riscv mailing list
> linux-ri...@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv

Attachment: signature.asc
Description: PGP signature

Reply via email to