tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

riscv: create a Kconfig fragment for shadow stack and landing pad support

This patch creates a Kconfig fragment for shadow stack support and
landing pad instruction support. Shadow stack support and landing pad
instruction support can be enabled by selecting
'CONFIG_RISCV_USER_CFI'. Selecting 'CONFIG_RISCV_USER_CFI' wires up
the path to enumerate CPU support. If support exists, the kernel will
support CPU-assisted user mode CFI.

If CONFIG_RISCV_USER_CFI is selected, select 'ARCH_USES_HIGH_VMA_FLAGS',
'ARCH_HAS_USER_SHADOW_STACK' and 'DYNAMIC_SIGFRAME' for riscv.

Reviewed-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> # QEMU, custom CVA6
Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-25-b55691eacf4f@rivosinc.com
[pjw@kernel.org: cleaned up patch description, Kconfig text; added CONFIG_MMU exclusion]
Signed-off-by: Paul Walmsley <pjw@kernel.org>

authored by

Deepak Gupta and committed by
Paul Walmsley 22c1e263 ccad8c13

+26
+22
arch/riscv/Kconfig
··· 1162 1162 1163 1163 If unsure, say N. 1164 1164 1165 + config RISCV_USER_CFI 1166 + def_bool y 1167 + bool "riscv userspace control flow integrity" 1168 + depends on 64BIT && MMU && \ 1169 + $(cc-option,-mabi=lp64 -march=rv64ima_zicfiss_zicfilp -fcf-protection=full) 1170 + depends on RISCV_ALTERNATIVE 1171 + select RISCV_SBI 1172 + select ARCH_HAS_USER_SHADOW_STACK 1173 + select ARCH_USES_HIGH_VMA_FLAGS 1174 + select DYNAMIC_SIGFRAME 1175 + help 1176 + Provides CPU-assisted control flow integrity to userspace tasks. 1177 + Control flow integrity is provided by implementing shadow stack for 1178 + backward edge and indirect branch tracking for forward edge. 1179 + Shadow stack protection is a hardware feature that detects function 1180 + return address corruption. This helps mitigate ROP attacks. 1181 + Indirect branch tracking enforces that all indirect branches must land 1182 + on a landing pad instruction else CPU will fault. This mitigates against 1183 + JOP / COP attacks. Applications must be enabled to use it, and old userspace 1184 + does not get protection "for free". 1185 + default y. 1186 + 1165 1187 endmenu # "Kernel features" 1166 1188 1167 1189 menu "Boot options"
+4
arch/riscv/configs/hardening.config
··· 1 + # RISCV specific kernel hardening options 2 + 3 + # Enable control flow integrity support for usermode. 4 + CONFIG_RISCV_USER_CFI=y