archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:24:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

riscv: create a Kconfig fragment for shadow stack and landing pad support

Browse source 
This patch creates a Kconfig fragment for shadow stack support and
landing pad instruction support. Shadow stack support and landing pad
instruction support can be enabled by selecting
'CONFIG_RISCV_USER_CFI'. Selecting 'CONFIG_RISCV_USER_CFI' wires up
the path to enumerate CPU support.  If support exists, the kernel will
support CPU-assisted user mode CFI.

If CONFIG_RISCV_USER_CFI is selected, select 'ARCH_USES_HIGH_VMA_FLAGS',
'ARCH_HAS_USER_SHADOW_STACK' and 'DYNAMIC_SIGFRAME' for riscv.

Reviewed-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> # QEMU, custom CVA6
Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-25-b55691eacf4f@rivosinc.com
[pjw@kernel.org: cleaned up patch description, Kconfig text; added CONFIG_MMU exclusion]
Signed-off-by: Paul Walmsley <pjw@kernel.org>
This commit is contained in:
Deepak Gupta 2026-01-25 21:09:56 -07:00 committed by Paul Walmsley
parent ccad8c1336
commit 22c1e263af
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
arch/riscv/Kconfig
View file

@ -1162,6 +1162,28 @@ config RANDOMIZE_BASE
If unsure, say N.
config RISCV_USER_CFI
def_bool y
bool "riscv userspace control flow integrity"
depends on 64BIT && MMU && \
$(cc-option,-mabi=lp64 -march=rv64ima_zicfiss_zicfilp -fcf-protection=full)
depends on RISCV_ALTERNATIVE
select RISCV_SBI
select ARCH_HAS_USER_SHADOW_STACK
select ARCH_USES_HIGH_VMA_FLAGS
select DYNAMIC_SIGFRAME
help
Provides CPU-assisted control flow integrity to userspace tasks.
Control flow integrity is provided by implementing shadow stack for
backward edge and indirect branch tracking for forward edge.
Shadow stack protection is a hardware feature that detects function
return address corruption. This helps mitigate ROP attacks.
Indirect branch tracking enforces that all indirect branches must land
on a landing pad instruction else CPU will fault. This mitigates against
JOP / COP attacks. Applications must be enabled to use it, and old userspace
does not get protection "for free".
default y.
endmenu # "Kernel features"
menu "Boot options"

4
arch/riscv/configs/hardening.config Normal file
View file

@ -0,0 +1,4 @@
# RISCV specific kernel hardening options
# Enable control flow integrity support for usermode.
CONFIG_RISCV_USER_CFI=y