Re: [PATCH v24 25/28] riscv: create a config for shadow stack and landing pad instr support

Thu, 04 Dec 2025 14:18:34 -0800 


On 12/4/25 12:04 PM, Deepak Gupta wrote:
> This patch creates a config for shadow stack support and landing pad instr
> support. Shadow stack support and landing instr support can be enabled by
> selecting `CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires
> up path to enumerate CPU support and if cpu support exists, kernel will
> support cpu assisted user mode cfi.
> 
> If CONFIG_RISCV_USER_CFI is selected, select `ARCH_USES_HIGH_VMA_FLAGS`,
> `ARCH_HAS_USER_SHADOW_STACK` and DYNAMIC_SIGFRAME for riscv.
> 
> Reviewed-by: Zong Li <[email protected]>
> Tested-by: Andreas Korb <[email protected]>
> Tested-by: Valentin Haudiquet <[email protected]>
> Signed-off-by: Deepak Gupta <[email protected]>
> ---
>  arch/riscv/Kconfig                  | 22 ++++++++++++++++++++++
>  arch/riscv/configs/hardening.config |  4 ++++
>  2 files changed, 26 insertions(+)
> 
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index 0c6038dc5dfd..f5574c6f66d8 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -1146,6 +1146,28 @@ config RANDOMIZE_BASE
>  
>            If unsure, say N.
>  
> +config RISCV_USER_CFI
> +     def_bool y
> +     bool "riscv userspace control flow integrity"
> +     depends on 64BIT && \
> +             $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss_zicfilp 
> -fcf-protection=full)
> +     depends on RISCV_ALTERNATIVE
> +     select RISCV_SBI
> +     select ARCH_HAS_USER_SHADOW_STACK
> +     select ARCH_USES_HIGH_VMA_FLAGS
> +     select DYNAMIC_SIGFRAME
> +     help
> +       Provides CPU assisted control flow integrity to userspace tasks.

                   CPU-assisted

> +       Control flow integrity is provided by implementing shadow stack for
> +       backward edge and indirect branch tracking for forward edge in 
> program.
> +       Shadow stack protection is a hardware feature that detects function
> +       return address corruption. This helps mitigate ROP attacks.
> +       Indirect branch tracking enforces that all indirect branches must land
> +       on a landing pad instruction else CPU will fault. This mitigates 
> against
> +       JOP / COP attacks. Applications must be enabled to use it, and old 
> user-
> +       space does not get protection "for free".
> +       default y.

          Default is y if hardware supports it.
?

> +
>  endmenu # "Kernel features"


-- 
~Randy
























					Reply via email to