| Message ID | 20230629234244.1752366-8-samitolvanen@google.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp9988000vqr;
Thu, 29 Jun 2023 16:51:44 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlHSky8ilxaH0ukvWRz6QOSVkoav5x9oeaVNrSvUf0IOc3Prr/AFW4dXz7n9ptlEoEvaU55D
X-Received: by 2002:a05:6a00:1f90:b0:675:8627:a291 with SMTP id
bg16-20020a056a001f9000b006758627a291mr1431450pfb.3.1688082703930;
Thu, 29 Jun 2023 16:51:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1688082703; cv=none;
d=google.com; s=arc-20160816;
b=X2eG65cSV0pnqSafwki/poLLMd0E79Ci7THW46y1uOxLClBmmJEhlkcFowBuqhgMhL
ipx3fvGxWTBLCA4O57eRYyZ2Dz3N1/OnnuP0vpaVVdGwc7YqjEKoKJhi7mAzIJ4u7+Ex
SMHDPSrTf5pVzowhTCOKz8tJuzXnxaFzFb6/k8wCCHUcBmmB/iwSTiX9mRHgfW5rusnu
iM2FzSehqzaeaGnHGQLd1HYTVEiK57rpE6IJVrtIJjl4YO0W9PJwUNsft9iQcrBbi7jO
E2qWHmgSTpZLzGX2KHaeWTF6cErMFYBDeYA3xdskk54l7ECXCFdD2Sath4LbyuSVLtVw
Qddg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:mime-version:date
:dkim-signature;
bh=UqxiJ+wxeOup3g+v1VHpaHDKWQztxMxqi0mk+NuRGI0=;
fh=/LjJBqwDCI+CjB/GmW2IdnTfBsdKoHfwRpT4gTGTja0=;
b=VwxpxPRLcU7AR+fPrUp2iGwZy3r1cfkq/5iDAUv89UhGbMFOoj+hMXUTmPey9J8wnS
8riCZPWShkWXLl1rDqEqaAUspmzX/B8KyBao0XPhZMnw488IMzBhWBqrRl9+q4m5I+A3
KTqlwI0Q/HzidrwEG2HQNQZaonKqQ1PRpsu9tjE7D7i+pwLj+lBssmIm02vz69IyplP+
1IctXPNmXAZscysuzi/MNhrFqHZPLvcSf7GBKSebmbRyC6dlbAVjyV29Nl2vo+XLuXdV
3zHkfv+BTYvXvmswhQn4eUBka69A+4Fzbp+lBxhrpbfuB9bsdQqOe+utB7zVr+RYPA6f
bWNA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=JFJLqtpj;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
u11-20020a056a00158b00b006797c2c00besi8157256pfk.144.2023.06.29.16.51.31;
Thu, 29 Jun 2023 16:51:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=JFJLqtpj;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231855AbjF2Xmw (ORCPT <rfc822;ivan.orlov0322@gmail.com>
+ 99 others); Thu, 29 Jun 2023 19:42:52 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36594 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229459AbjF2Xmv (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 29 Jun 2023 19:42:51 -0400
Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com
[IPv6:2607:f8b0:4864:20::549])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DA45EC
for <linux-kernel@vger.kernel.org>;
Thu, 29 Jun 2023 16:42:50 -0700 (PDT)
Received: by mail-pg1-x549.google.com with SMTP id
41be03b00d2f7-53f06f7cc74so751966a12.1
for <linux-kernel@vger.kernel.org>;
Thu, 29 Jun 2023 16:42:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20221208; t=1688082169; x=1690674169;
h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
:date:message-id:reply-to;
bh=UqxiJ+wxeOup3g+v1VHpaHDKWQztxMxqi0mk+NuRGI0=;
b=JFJLqtpj9HP+j2cx8ibkcKdNPfiT4hV/vniOYA+lGlaubKwrgLdo+IqDliWWwLVCXX
4qew4YCgpeJ+l4vse/+P1GvQa9jQXWVMLPPTY3qpJN27Hmlq9pzgTTZEY2+pn0z1Aj8p
79cdHWQKV0ftUG/JgX3DNIHwG8NSV5ICPDKYxyHYfpwN4H/eVvGqmtkgalPEpyICaibJ
0c+7yff/jYz47CVInUbsucKWyflvKPxTnOQMV+WuJ2Z++mVSI7L2HmleoB3tBQ10iaV7
MRMwpvNfl3kbYyTuBd31uPvUplw64d49c+MrqsgTUd5I9XF4J3ViZ/E2QrStaqYWMsm+
9Iow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1688082169; x=1690674169;
h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=UqxiJ+wxeOup3g+v1VHpaHDKWQztxMxqi0mk+NuRGI0=;
b=EMbgrzEsf1lGRkXkTMROyWs4Ev5lVmz7zR6DPfLKvPvyW0ZvyfMXuuzLE3xCsLVj19
SK7vgJgfZablkQ0cIeUFfqRnhPW09aoLHdTtJOBf3eUS2WZLHR60Vq/hjAPIHBGP3OZb
IhZKy7dX2J4orwfePwV0lOHtWcuVJJhREjPSSOjFvqmglyTHleW6N7VJc+M+df1oXjzf
/2xGVe74wQlqaNqHqMYSkjg3E+dq9YNGCpFhkJZ2wENOxh0x0N/XWj1mk/UzAnjekShR
QblDCbLhFdUipHekPDgm8PRaUQvKY47vyivKgD8b/kKACSvkNt3ZdWybc/ILG/bPHoc2
CmGw==
X-Gm-Message-State: AC+VfDxmDhM+dtV4mpxTH//e60ibXY7vlkrp3px2jzWuRt5ynq5AAL//
0hMFezMnUq+et4n7EbE3bRHTEJsuAroq6CEXzTQ=
X-Received: from samitolvanen.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:4f92])
(user=samitolvanen job=sendgmr) by 2002:a63:5264:0:b0:55b:4410:aafb with SMTP
id s36-20020a635264000000b0055b4410aafbmr800040pgl.3.1688082169612; Thu, 29
Jun 2023 16:42:49 -0700 (PDT)
Date: Thu, 29 Jun 2023 23:42:45 +0000
Mime-Version: 1.0
X-Developer-Key: i=samitolvanen@google.com; a=openpgp;
fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE
X-Developer-Signature: v=1; a=openpgp-sha256; l=3098;
i=samitolvanen@google.com;
h=from:subject; bh=P9om0lNdUWwXNFZNNgw3dgHTOqlhC0p07z6I9F32sio=;
b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBknhb0iAHV/FdV5QB/CkNhg1kTCcn5k/bF4Y9dp
ECoQTCJMMqJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCZJ4W9AAKCRBMtfaEi7xW
7i3FC/9JJjrQvfbLQqh+/oUlKPBRc4ccqjtDtqPRPN/vvj/gmo24gT4SK4QiKLSQOxPwvm1UYRc
rK/IByu9EOG9Amh2WhwDzJ1nZYo2pgbyx2XJANKacsIKE5HIGPVj0yiD542YbVQqh0XWYsYek/H
ZRc06Ds03/YmsEuHZcdu4MOGWxg6lOkQioXBZJILg52my7uo56gX00XNbros1ISh0dOmzpYI2sI
vhHY/HaOmJhMvCombyTLDqHjPjrVtYq/Em7SZFf2q/REezKhd+Z9hwTtquIG2+4QwUFw4Df/qte
wXI8fR+3YoCmQewZNZXGh85dQI+D7vwL6sG67LjmVtNmiSQuO9b/2AYH2ev3X8o5bkX9w7Wrprg
WCLz2/XvMdKNiNDO0+b1C0Aabc87+JeYRFjsHUJAk7cQtHTF81tldyVFJ1j+qCNqUQbMBOrsDF2
WWkOlKAn+fRlG+AC1RuBn0hFhfbL5MTzy1vwk61Ofy/VmNnAJnSk8aurKOLWLlBhgAA58=
X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog
Message-ID: <20230629234244.1752366-8-samitolvanen@google.com>
Subject: [PATCH 0/6] riscv: KCFI support
From: Sami Tolvanen <samitolvanen@google.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Kees Cook <keescook@chromium.org>
Cc: Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
linux-kernel@vger.kernel.org,
Sami Tolvanen <samitolvanen@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1770083009475655186?=
X-GMAIL-MSGID: =?utf-8?q?1770083009475655186?=
|
| Series | riscv: KCFI support | |
Message
Sami Tolvanen
June 29, 2023, 11:42 p.m. UTC
This series adds KCFI support for RISC-V. KCFI is a fine-grained forward-edge control-flow integrity scheme supported in Clang >=16, which ensures indirect calls in instrumented code can only branch to functions whose type matches the function pointer type, thus making code reuse attacks more difficult. Patch 1 implements a pt_regs based syscall wrapper to address function pointer type mismatches in syscall handling. Patches 2 and 3 annotate indirectly called assembly functions with CFI types. Patch 4 implements error handling for indirect call checks. Patch 5 disables CFI for arch/riscv/purgatory. Patch 6 finally allows CONFIG_CFI_CLANG to be enabled for RISC-V. Note that Clang 16 has a generic architecture-agnostic KCFI implementation, which does work with the kernel, but doesn't produce a stable code sequence for indirect call checks, which means potential failures just trap and won't result in informative error messages. Clang 17 includes a RISC-V specific back-end implementation for KCFI, which emits a predictable code sequence for the checks and a .kcfi_traps section with locations of the traps, which patch 5 uses to produce more useful errors. The type mismatch fixes and annotations in the first three patches also become necessary in future if the kernel decides to support fine-grained CFI implemented using the hardware landing pad feature proposed in the in-progress Zicfisslp extension. Once the specification is ratified and hardware support emerges, implementing runtime patching support that replaces KCFI instrumentation with Zicfisslp landing pads might also be feasible (similarly to KCFI to FineIBT patching on x86_64), allowing distributions to ship a unified kernel binary for all devices. Sami Tolvanen (6): riscv: Implement syscall wrappers riscv: Add types to indirectly called assembly functions riscv: Add ftrace_stub_graph riscv: Add CFI error handling riscv/purgatory: Disable CFI riscv: Allow CONFIG_CFI_CLANG to be selected arch/riscv/Kconfig | 3 + arch/riscv/include/asm/cfi.h | 22 ++++++ arch/riscv/include/asm/insn.h | 10 +++ arch/riscv/include/asm/syscall.h | 5 +- arch/riscv/include/asm/syscall_wrapper.h | 87 ++++++++++++++++++++++++ arch/riscv/kernel/Makefile | 2 + arch/riscv/kernel/cfi.c | 77 +++++++++++++++++++++ arch/riscv/kernel/compat_syscall_table.c | 8 ++- arch/riscv/kernel/mcount.S | 9 ++- arch/riscv/kernel/suspend_entry.S | 5 +- arch/riscv/kernel/sys_riscv.c | 6 ++ arch/riscv/kernel/syscall_table.c | 8 ++- arch/riscv/kernel/traps.c | 4 +- arch/riscv/purgatory/Makefile | 4 ++ 14 files changed, 238 insertions(+), 12 deletions(-) create mode 100644 arch/riscv/include/asm/cfi.h create mode 100644 arch/riscv/include/asm/syscall_wrapper.h create mode 100644 arch/riscv/kernel/cfi.c base-commit: c6b0271053e7a5ae57511363213777f706b60489
Comments
Hey Sami, On Thu, Jun 29, 2023 at 11:42:45PM +0000, Sami Tolvanen wrote: > This series adds KCFI support for RISC-V. KCFI is a fine-grained > forward-edge control-flow integrity scheme supported in Clang >=16, > which ensures indirect calls in instrumented code can only branch to > functions whose type matches the function pointer type, thus making > code reuse attacks more difficult. > base-commit: c6b0271053e7a5ae57511363213777f706b60489 Could you please rebase this on top of v6.5-rc1 when that comes out? This base-commit is some random commit from Linus' tree, that because we are currently in the merge window has is not in the RISC-V trees yet, and means the series wasn't applied by our CI stuff. Cheers, Conor.
On Fri, Jun 30, 2023 at 07:48:23PM +0100, Conor Dooley wrote: > Hey Sami, > > On Thu, Jun 29, 2023 at 11:42:45PM +0000, Sami Tolvanen wrote: > > This series adds KCFI support for RISC-V. KCFI is a fine-grained > > forward-edge control-flow integrity scheme supported in Clang >=16, > > which ensures indirect calls in instrumented code can only branch to > > functions whose type matches the function pointer type, thus making > > code reuse attacks more difficult. > > > base-commit: c6b0271053e7a5ae57511363213777f706b60489 > > Could you please rebase this on top of v6.5-rc1 when that comes out? > This base-commit is some random commit from Linus' tree, that because we > are currently in the merge window has is not in the RISC-V trees yet, > and means the series wasn't applied by our CI stuff. In other news, I gave it a go with 03b118c7e456 ("[SLP] Fix crash on attempt to access on invalid iterator state.") & have been running it for a bit. All seems in order so far, nice :)
Hi Sami, On Thu, Jun 29, 2023 at 11:42:45PM +0000, Sami Tolvanen wrote: > This series adds KCFI support for RISC-V. KCFI is a fine-grained > forward-edge control-flow integrity scheme supported in Clang >=16, > which ensures indirect calls in instrumented code can only branch to > functions whose type matches the function pointer type, thus making > code reuse attacks more difficult. > > Patch 1 implements a pt_regs based syscall wrapper to address > function pointer type mismatches in syscall handling. Patches 2 and 3 > annotate indirectly called assembly functions with CFI types. Patch 4 > implements error handling for indirect call checks. Patch 5 disables > CFI for arch/riscv/purgatory. Patch 6 finally allows CONFIG_CFI_CLANG > to be enabled for RISC-V. > > Note that Clang 16 has a generic architecture-agnostic KCFI > implementation, which does work with the kernel, but doesn't produce > a stable code sequence for indirect call checks, which means > potential failures just trap and won't result in informative error > messages. Clang 17 includes a RISC-V specific back-end implementation > for KCFI, which emits a predictable code sequence for the checks and a > .kcfi_traps section with locations of the traps, which patch 5 uses to > produce more useful errors. > > The type mismatch fixes and annotations in the first three patches > also become necessary in future if the kernel decides to support > fine-grained CFI implemented using the hardware landing pad > feature proposed in the in-progress Zicfisslp extension. Once the > specification is ratified and hardware support emerges, implementing > runtime patching support that replaces KCFI instrumentation with > Zicfisslp landing pads might also be feasible (similarly to KCFI to > FineIBT patching on x86_64), allowing distributions to ship a unified > kernel binary for all devices. I boot tested ARCH=riscv defconfig + CONFIG_CFI_CLANG=y with both clang 16.0.6 and a recent LLVM 17.0.0 from tip of tree and saw no issues while booting. I can confirm that both kernels panic when running the CFI_FORWARD_PROTO LKDTM test. LLVM 17.0.0: [ 100.722815] lkdtm: Performing direct entry CFI_FORWARD_PROTO [ 100.723061] lkdtm: Calling matched prototype ... [ 100.723217] lkdtm: Calling mismatched prototype ... [ 100.723861] CFI failure at lkdtm_indirect_call+0x22/0x32 (target: lkdtm_increment_int+0x0/0x18; expected type: 0x3ad55aca) [ 100.724191] Kernel BUG [#1] [ 100.724226] Modules linked in: [ 100.724343] CPU: 0 PID: 42 Comm: sh Not tainted 6.4.0-08887-ga68cded684a2 #1 [ 100.724450] Hardware name: riscv-virtio,qemu (DT) [ 100.724552] epc : lkdtm_indirect_call+0x22/0x32 [ 100.724586] ra : lkdtm_CFI_FORWARD_PROTO+0x40/0x74 [ 100.724603] epc : ffffffff805ee84c ra : ffffffff805ee6de sp : ff200000001a3cb0 [ 100.724617] gp : ffffffff8130ab70 tp : ff60000001b9d240 t0 : ff200000001a3b38 [ 100.724631] t1 : 000000003ad55aca t2 : 000000007e0c52a5 s0 : ff200000001a3cc0 [ 100.724644] s1 : 0000000000000001 a0 : ffffffff8130edc8 a1 : ffffffff805ee876 [ 100.724658] a2 : b5352d9a12ee0700 a3 : ffffffff8122e5c8 a4 : 0000000000000fff [ 100.724671] a5 : 0000000000000004 a6 : 00000000000000b4 a7 : 0000000000000000 [ 100.724683] s2 : ff200000001a3e38 s3 : ffffffffffffffea s4 : 0000000000000012 [ 100.724696] s5 : ff6000000804c000 s6 : 0000000000000006 s7 : ffffffff80e8ca88 [ 100.724709] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff812bfd10 [ 100.724722] s11: ffffffff812bfd10 t3 : 0000000000000003 t4 : 0000000000000000 [ 100.724735] t5 : ff60000001858000 t6 : ff60000001858f00 [ 100.724746] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 100.724825] [<ffffffff805ee84c>] lkdtm_indirect_call+0x22/0x32 [ 100.724886] [<ffffffff805ee6de>] lkdtm_CFI_FORWARD_PROTO+0x40/0x74 [ 100.724898] [<ffffffff805eabbe>] lkdtm_do_action+0x22/0x32 [ 100.724908] [<ffffffff805eab78>] direct_entry+0x124/0x136 [ 100.724918] [<ffffffff8034af5a>] full_proxy_write+0x58/0xb2 [ 100.724930] [<ffffffff801e139e>] vfs_write+0x14c/0x350 [ 100.724941] [<ffffffff801e16fc>] ksys_write+0x64/0xd4 [ 100.724951] [<ffffffff801e1782>] __riscv_sys_write+0x16/0x22 [ 100.724961] [<ffffffff80005cec>] syscall_handler+0x4c/0x58 [ 100.724973] [<ffffffff809355ac>] do_trap_ecall_u+0x3e/0x88 [ 100.724996] [<ffffffff80003678>] ret_from_exception+0x0/0x64 [ 100.725150] Code: 0513 5945 a303 ffc5 53b7 7e0c 839b 2a53 0363 0073 (9002) 9582 [ 100.731204] ---[ end trace 0000000000000000 ]--- [ 100.731327] Kernel panic - not syncing: Fatal exception in interrupt [ 100.731910] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- LLVM 16.0.6: [ 10.227530] lkdtm: Performing direct entry CFI_FORWARD_PROTO [ 10.227755] lkdtm: Calling matched prototype ... [ 10.227900] lkdtm: Calling mismatched prototype ... [ 10.228721] Oops - illegal instruction [#1] [ 10.228856] Modules linked in: [ 10.228978] CPU: 0 PID: 1 Comm: sh Not tainted 6.4.0-08887-ga68cded684a2 #1 [ 10.229077] Hardware name: riscv-virtio,qemu (DT) [ 10.229160] epc : lkdtm_indirect_call+0x2c/0x32 [ 10.229242] ra : lkdtm_CFI_FORWARD_PROTO+0x40/0x74 [ 10.229259] epc : ffffffff805ef190 ra : ffffffff805ef018 sp : ff2000000000bcb0 [ 10.229272] gp : ffffffff8130a958 tp : ff600000018c8000 t0 : ff2000000000bb38 [ 10.229285] t1 : ff2000000000baa8 t2 : 0000000000000018 s0 : ff2000000000bcc0 [ 10.229298] s1 : 0000000000000001 a0 : 000000003ad55aca a1 : ffffffff805ef1b0 [ 10.229310] a2 : 000000007e0c52a5 a3 : ffffffff8122e548 a4 : 0000000000000fff [ 10.229322] a5 : 0000000000000004 a6 : 00000000000000b4 a7 : 0000000000000000 [ 10.229335] s2 : ff2000000000be38 s3 : ffffffffffffffea s4 : 0000000000000012 [ 10.229347] s5 : ff6000000802f000 s6 : 0000000000000006 s7 : ffffffff80e8ca88 [ 10.229360] s8 : 0000000000000008 s9 : 0000000000000002 s10: ffffffff812bfc90 [ 10.229372] s11: ffffffff812bfc90 t3 : 0000000000000003 t4 : 0000000000000000 [ 10.229385] t5 : ff60000001858000 t6 : ff60000001858f00 [ 10.229396] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000002 [ 10.229478] [<ffffffff805ef190>] lkdtm_indirect_call+0x2c/0x32 [ 10.229538] [<ffffffff805ef018>] lkdtm_CFI_FORWARD_PROTO+0x40/0x74 [ 10.229550] [<ffffffff805eb4d4>] lkdtm_do_action+0x20/0x34 [ 10.229560] [<ffffffff805eb490>] direct_entry+0x124/0x136 [ 10.229570] [<ffffffff80349cf0>] full_proxy_write+0x56/0xb2 [ 10.229582] [<ffffffff801e0620>] vfs_write+0x14a/0x34e [ 10.229593] [<ffffffff801e097e>] ksys_write+0x64/0xd4 [ 10.229602] [<ffffffff801e0a04>] __riscv_sys_write+0x16/0x22 [ 10.229611] [<ffffffff800056fe>] syscall_handler+0x4a/0x58 [ 10.229622] [<ffffffff80936428>] do_trap_ecall_u+0x3e/0x88 [ 10.229649] [<ffffffff80003678>] ret_from_exception+0x0/0x64 [ 10.229860] Code: 00c5 1517 00d2 0513 c4a5 9582 60a2 6402 0141 8082 (0000) 52a5 [ 10.235769] ---[ end trace 0000000000000000 ]--- [ 10.235892] Kernel panic - not syncing: Fatal exception in interrupt [ 10.236488] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- Tested-by: Nathan Chancellor <nathan@kernel.org> Cheers, Nathan
Hi Conor, On Fri, Jun 30, 2023 at 11:48 AM Conor Dooley <conor@kernel.org> wrote: > > Hey Sami, > > On Thu, Jun 29, 2023 at 11:42:45PM +0000, Sami Tolvanen wrote: > > This series adds KCFI support for RISC-V. KCFI is a fine-grained > > forward-edge control-flow integrity scheme supported in Clang >=16, > > which ensures indirect calls in instrumented code can only branch to > > functions whose type matches the function pointer type, thus making > > code reuse attacks more difficult. > > > base-commit: c6b0271053e7a5ae57511363213777f706b60489 > > Could you please rebase this on top of v6.5-rc1 when that comes out? > This base-commit is some random commit from Linus' tree, that because we > are currently in the merge window has is not in the RISC-V trees yet, > and means the series wasn't applied by our CI stuff. Sure, I'll send v2 rebased on top of -rc1 once it's out. The random commit was the ToT at the time this series was sent out. Sami