Message ID | 20241029-v5_user_cfi_series-v7-28-2727ce9936cb@rivosinc.com (mailing list archive) |
---|---|
State | New |
Headers | show
Return-Path: <owner-linux-mm@kvack.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65346D7494D for <linux-mm@archiver.kernel.org>; Tue, 29 Oct 2024 23:45:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8FCE96B00C7; Tue, 29 Oct 2024 19:45:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A7E26B00CA; Tue, 29 Oct 2024 19:45:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 770E96B00CB; Tue, 29 Oct 2024 19:45:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 54AE96B00C7 for <linux-mm@kvack.org>; Tue, 29 Oct 2024 19:45:33 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1727F1A054F for <linux-mm@kvack.org>; Tue, 29 Oct 2024 23:45:33 +0000 (UTC) X-FDA: 82728272886.07.1562ED9 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by imf07.hostedemail.com (Postfix) with ESMTP id 3AC2D40008 for <linux-mm@kvack.org>; Tue, 29 Oct 2024 23:44:56 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=VEPefLcK; spf=pass (imf07.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730245450; a=rsa-sha256; cv=none; b=umlODLXiKSBCEzrrGKdVsYmP9u4mm/B5xaZY7/6PqdAeZGkljirm+Y0l+5rVxyiM3Psqgl esGhwksYbTT/4H/rabILEGvp+Ll4uT8iGppnRWCHw1JQfm8ugHWcY5c7oETI8KF8bRIP+L Rd/RtJp8Wg9U/8CKCWRy/bfGHgDAmFQ= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=VEPefLcK; spf=pass (imf07.hostedemail.com: domain of debug@rivosinc.com designates 209.85.215.173 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730245450; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nRy4y69JgL5sB6geChrc5T0OHtDNFkvTlVG645IsDrc=; b=6NO3eI0T7gwNxX/QfDPi/w3hvTJbtfCXTZzrSqZRJxE3rUIY3bSwX/FhwXUkA7ckxRf4tV NaCfEF7feWcvBWPqEHolfDy4+yFEMWDun+x0K2DHk5i+FWZ1EpwKoFhrwnHFBR8WgwKtoB 3/l0iJEJ4GZfrBhrT5uWwCD77L5d1NY= Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-656d8b346d2so4118761a12.2 for <linux-mm@kvack.org>; Tue, 29 Oct 2024 16:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1730245530; x=1730850330; darn=kvack.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=nRy4y69JgL5sB6geChrc5T0OHtDNFkvTlVG645IsDrc=; b=VEPefLcKz50v9c6PJzaKscCPxpjPou1+aiSIWZOK2gV9rRNtIOopFtIaMk9lXe8GIn DI+aEfTywGbeDZP6Zk97LbWtL+yLvKEF6oMS/uasmRUFFBe23dwD7kmjj+KUe0pFDLXl 87d5jZxr3B9ciPov3HwDgDSWBnZNNyV/Z58kcdBsjiCTFKa4QRMsErKCLPf68U/4iRw0 usqaW/qbHXx8uvB9kRpJHCd0VFDiTrsu7t/YV5mcT54fYk850NmMfmQ2TZaIfp7Ah58t HxWa0QByMPa4NklBK8s2H7hkxZ7jpu1lAoo3CI2Sj9zHkXzN7iqRqJPg3fd4Tlzi3nhN uqLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730245530; x=1730850330; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nRy4y69JgL5sB6geChrc5T0OHtDNFkvTlVG645IsDrc=; b=Ct+keSKse0Q6M7hIhEPzYY7fbZEtNXi5pWACfdgTL8aV5jmqOAPCxkhocndXG2qNGF VOQ66C6GzImY3/hYalXdepr5BB5iDVfXfqlRNsDb2H/KuUXDE+qxTT1P4B+dGvwUnUmu 2AY+zKgDFGCHa0YKHRWd3omu0LxV+Sj3D2E8y3nQqm2dHcwsnxP5V711VD6GKWgjWPv6 8UeSBv56XgpajtPfAUTMEpUKOHxGDrClx+zbgFMapdiXgCijX3koP2Hia0sgU9ZSXEtm 9XNpamLxYhqCzqNrqlYaa/Pf5STcr0N9LGUvfMpU+BQwHht6tlkBcKrhXV9InPBYXSo0 G2EA== X-Forwarded-Encrypted: i=1; AJvYcCW9Ti8s/2tMiVfaFH3bcB8L1vhnIFxHiBSMtZklTEANuIJZ8FMVoEPI5Cp3lJVTlR1nWDtJSJVDiQ==@kvack.org X-Gm-Message-State: AOJu0YzldIAYrgOgAR02wWV2Oo+iPiffMMr+kbbXO/0dQaVkyy3NIJr0 AWGzuq6TUB4j1bbckXmn5ThDNr+de/PogQ+16u78UYlVV6EdSUIF6Z1aybi5/Hk= X-Google-Smtp-Source: AGHT+IEJnoB5pjGPkuu5fVIOqNL3hz9Y12W/UY6bmoQpgc9NgKdtyZXYcI4NaGAWLxyKkPpDfpG9Xg== X-Received: by 2002:a05:6a20:e198:b0:1d6:fd8c:fa16 with SMTP id adf61e73a8af0-1d9a850541dmr17895816637.46.1730245530007; Tue, 29 Oct 2024 16:45:30 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72057921863sm8157643b3a.33.2024.10.29.16.45.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Oct 2024 16:45:29 -0700 (PDT) From: Deepak Gupta <debug@rivosinc.com> Date: Tue, 29 Oct 2024 16:44:28 -0700 Subject: [PATCH v7 28/32] riscv: kernel command line option to opt out of user cfi MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20241029-v5_user_cfi_series-v7-28-2727ce9936cb@rivosinc.com> References: <20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com> In-Reply-To: <20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com> To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>, Andrew Morton <akpm@linux-foundation.org>, "Liam R. Howlett" <Liam.Howlett@oracle.com>, Vlastimil Babka <vbabka@suse.cz>, Lorenzo Stoakes <lorenzo.stoakes@oracle.com>, Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Albert Ou <aou@eecs.berkeley.edu>, Conor Dooley <conor@kernel.org>, Rob Herring <robh@kernel.org>, Krzysztof Kozlowski <krzk+dt@kernel.org>, Arnd Bergmann <arnd@arndb.de>, Christian Brauner <brauner@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>, Eric Biederman <ebiederm@xmission.com>, Kees Cook <kees@kernel.org>, Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org> Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, devicetree@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, alistair.francis@wdc.com, richard.henderson@linaro.org, jim.shu@sifive.com, andybnac@gmail.com, kito.cheng@sifive.com, charlie@rivosinc.com, atishp@rivosinc.com, evan@rivosinc.com, cleger@rivosinc.com, alexghiti@rivosinc.com, samitolvanen@google.com, broonie@kernel.org, rick.p.edgecombe@intel.com, Deepak Gupta <debug@rivosinc.com> X-Mailer: b4 0.14.0 X-Stat-Signature: aprnw4k1ynao6shat8s6hapmzdhykqhe X-Rspamd-Queue-Id: 3AC2D40008 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1730245496-194348 X-HE-Meta: U2FsdGVkX1/IsUiSCjSpujxbcpCJO5aZH8Nb23ZUcp0xTdgUDY7sDnTe8Lv0n9H0MrelWFl3WZev5tW+IaJssiI3WKwcA91nW3draxQcC7jXDGNyQ5Wk6MsiIEFnWJ4jRiC+cWoseXyF/8G2W8fDup2rTuNwyBJTzbJdKv5zRfGrSRxiZk310s/OCHGidZDzSh9bWbC1TcmaCLx8Hq4PQI4gTKLcCKs/zwHKv+hXcEFZzPt+wzPycsH2eMdokHfQk+Cr65Zo+klTvJ5ZN9oUbpes8XwaZH1u0QArgDR0PDI8IjHtxcKVToshaIWhIyfH/QK0mt0zggtz4BCep2ftsv82cCSQDeXdjbNbo2k5+bVmMN2qz+jyuaqesc0gSJkqiWBJP3IBUZ2zGcThxvEwf+Ni6h1Cc30FLVDusPoWPy37E+Z4J5GwaWqGkNVEEfAMbN2Ur2a7CQzdTD+1+4Z4ys1SP9bcy/Nrb3Ii2BLeseV6nnLn+FwdXk8K7dDJXUbwzk1TrypIsx2MLC5qy9CxKa3OQEnnN1gVx0XRSoW5WLFAOkOrfZjq19fJ9c2gw9EpJ26yhEAqYhdW+SvMzdaXvlZ0jyJN9kIUQbPvkwEGkkuC89mskiOelbhNsFuUSMwc4608P3N3i4eUVl1mM9pkkQEs0R0tr/V40822qwoh+rK+w+6uQU3ORtBvH4rEmXuWV+O6PhXfPjiqJsnGxAr6m7RV0WLsfDl9jF4hv/k0FWmbmBTTiBAC1HFTQVfcs97eZFIvee3Tiidgup2WJ9nBNif4nKMgoaw0Hms0OFEy3F3qvbypyu1Q6Zun/7S8NVLCkSqNQ+0zIHo9enXooY/FLSiziai4IOsguMCHbaThYvRvG4fyVgFeYAxKDJ5uraUXThPLLRfThqg58jw4fA3VwKAkXnFZ0+EnaA7V6eBuKKSK58KyBiNZzC7ti52EOq3O6kAocQCldxdi/yfmvvj oBaNvoeV 6q1M7sco4eFrai5Y+6kdJu7KmJbU1W56AaQTbXcQgMXN/knUTM/20nou+BZfLPXNdUHCYp3/rBcI1ZTqPkCpVGILAyVTb1ga8ks4jztNgoM9r9QAt4jl8vNWbTbXUhdt7iL6AJx5Nf+h6bYg5Jw/AT7qOqFlZw8GFuQ9Kn4DFvul2giXxjCiEHgQjt35QQqRch4rslsKbYYEL0I8xJWNACGMmYMI9+usEWS7BYwuP4d5sD801skAJ8JcCfyrFq4PxX7Uf31ObH19v8Ue7nAVEs0QxSsqzuRUwGoA9vNwwscXpgalnutSXrQywYn8XsT8Mo/QXnAL1RhFFYK/xWCDBupw+12U3bRPczZqupoL3lUOSbLEt3mTGzoytChC5xG9g8SKB0EZ8wpC7JmU/rJoqRGolGrU4AzZ6mG0bmO4njm3KOYYEuGwOO6B1I+OdGokUD3yDf8ALZQn6KtY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: <linux-mm.kvack.org> List-Subscribe: <mailto:majordomo@kvack.org> List-Unsubscribe: <mailto:majordomo@kvack.org> |
Series |
riscv control-flow integrity for usermode
|
expand
|
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c index 04b0305943b1..223dfa482deb 100644 --- a/arch/riscv/kernel/usercfi.c +++ b/arch/riscv/kernel/usercfi.c @@ -17,6 +17,8 @@ #include <asm/csr.h> #include <asm/usercfi.h> +bool disable_riscv_usercfi; + #define SHSTK_ENTRY_SIZE sizeof(void *) bool is_shstk_enabled(struct task_struct *task) @@ -393,6 +395,9 @@ int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) unsigned long size = 0, addr = 0; bool enable_shstk = false; + if (disable_riscv_usercfi) + return 0; + if (!cpu_supports_shadow_stack()) return -EINVAL; @@ -472,6 +477,9 @@ int arch_set_indir_br_lp_status(struct task_struct *t, unsigned long status) { bool enable_indir_lp = false; + if (disable_riscv_usercfi) + return 0; + if (!cpu_supports_indirect_br_lp_instr()) return -EINVAL; @@ -504,3 +512,15 @@ int arch_lock_indir_br_lp_status(struct task_struct *task, return 0; } + +static int __init setup_global_riscv_enable(char *str) +{ + if (strcmp(str, "true") == 0) + disable_riscv_usercfi = true; + + pr_info("Setting riscv usercfi to be %s\n", (disable_riscv_usercfi ? "disabled" : "enabled")); + + return 1; +} + +__setup("disable_riscv_usercfi=", setup_global_riscv_enable);
This commit adds a kernel command line option using which user cfi can be disabled. Signed-off-by: Deepak Gupta <debug@rivosinc.com> --- arch/riscv/kernel/usercfi.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)