From patchwork Thu Feb 9 04:26:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1739787 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=QATaWGhW; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rivosinc-com.20210112.gappssmtp.com header.i=@rivosinc-com.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=uxRVhPpX; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PC3k53M02z23hX for ; Thu, 9 Feb 2023 15:27:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=w8V4d20l16CPoZ4pLq0YwaxbOEl8wpSXyXdgIc1m6Jc=; b=QATaWGhWK4CcWq CohSvD0ZTRaOwCGP1YtrvRS21Lpp1k1saypkcu1wOnV14o64vAqlM38BiHJGZaA7+u18Y3JXJIAtm f0WnoOIE+ZEk0a/Cmzyj9AX7gc7g6loX+2Lr+Wp4yo7TM5PbwUdo5adSEAfyPanu8zVF7O/owq0LT asNHpur/XZjjxxxoJlkQ2C8/sYQK5Dat8RpGuaZTtEICSigGcft8yqMA+SQKcKhpvjBJK/2cfWnFE zGUT9ObUTeAX4iH3eE5Hbmc4+S63Lp2JjmGszDPq1kJYBSD7L3BMpgjSc5zKyOLn2MWYgjJMb/q0Y L4NMxK+UMKkU/XouDCZQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pPyWX-00085Q-OD; Thu, 09 Feb 2023 04:27:05 +0000 Received: from mail-pg1-x536.google.com ([2607:f8b0:4864:20::536]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pPyWT-000845-BQ for opensbi@lists.infradead.org; Thu, 09 Feb 2023 04:27:03 +0000 Received: by mail-pg1-x536.google.com with SMTP id q9so810346pgq.5 for ; Wed, 08 Feb 2023 20:26:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=+Qckj0w115E0bRK6DoM9riZLFv3WqmKqg1FhmqeHDLM=; b=uxRVhPpXVHbbAZSawLJjZ5S30LIT+zweo3rOZaY8sDWfxZXkeZNC+mGpTaIxdaDlzA X2EXoJfHSdmux52qk6A+69gGhMse6c+EQCsk3MpwyvEoNJ/T5hoGx56OwvX6Ci7l9ykt /UMi1RsaNi+qyTocpORT0fy8nF/EibTjqUIBInBG9ZecMERvjZmYUB6iWZQfg8v53KwN 3c0jXk+xjHNbctjIzby3i0gCcblBN5mkQZYsM2FyjCPNZn3x93aEWAbXQ1juRCWFnoKb yE3r+47gpHc2CodoxJqkkN74IFqfJEqE4UWih5+Pk0f1ERerYMlzqwmd7XcKV/ROcFkg g9Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+Qckj0w115E0bRK6DoM9riZLFv3WqmKqg1FhmqeHDLM=; b=gzMfsHVkX/E0pr4YufQqT4dISWynUgqLPswDP+XRNYVeQwCXXIb0bhdbMtbP9R9wpW 0aRp70r99JLKOBtUcXrUUQMHV58eXQ7U62ZNY8DI2LQAxS8Fh7JOV0DOfjg3pZ0chOTT /xYuWzbT1jiSIf7KYOyZqH5yeLDMG2fgmSQcDTX2ofX4EfiQ4iwxoUjxLzK3tBi0qGdc pZsJVqwxgQRqnUtyaDMDSzWrk5Io/aZN4RBOrDSNl5cFFLANbXY+AFVBHoxM3WLmgO4Z UepuU96bEquBCxlzO+QyFvJ8sWPVLGYYiFKX5sPfB/AAsUloWR2hvdJTUkVdFhbz8Ur4 8GBg== X-Gm-Message-State: AO0yUKWiD1quM8M0dni0091TBn1yxwOssIB02lHHwJszpWd03dc5Xsqi EL3bI1ioqMQS6RVVF/uXlbpnIowd+IsSZb58 X-Google-Smtp-Source: AK7set99xlXqbA+BbNKCoI89my5d3EzgVf2ewAl2To/rNJHo2DNW2LK7vGk2b1sMQwjG3X5Ey1UTDg== X-Received: by 2002:a62:1686:0:b0:5a8:51ad:3aba with SMTP id 128-20020a621686000000b005a851ad3abamr1428829pfw.4.1675916818376; Wed, 08 Feb 2023 20:26:58 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id 26-20020aa7921a000000b00593eb3a5e44sm283853pfo.37.2023.02.08.20.26.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Feb 2023 20:26:57 -0800 (PST) From: Deepak Gupta To: opensbi@lists.infradead.org Cc: Deepak Gupta Subject: [PATCH v3 Zisslpcfi 0/2] Support for zisslpcfi in opensbi Date: Wed, 8 Feb 2023 20:26:52 -0800 Message-Id: <20230209042654.3568990-1-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230208_202701_632288_FC542477 X-CRM114-Status: UNSURE ( 6.49 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: zisslpcfi [1] extension extends risc-v architecture to mitigate against control-flow integrity attacks (ROP/JOP/COP). zisslpcfi uses bits (b23-b26) in (m/s/vs) status CSR for enabling cfi in U mode and record cfi state. One such state is expected landing pad (ELP). If forward cfi is enabled, indirect call/jmp updates [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:536 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org zisslpcfi [1] extension extends risc-v architecture to mitigate against control-flow integrity attacks (ROP/JOP/COP). zisslpcfi uses bits (b23-b26) in (m/s/vs) status CSR for enabling cfi in U mode and record cfi state. One such state is expected landing pad (ELP). If forward cfi is enabled, indirect call/jmp updates hart's ELP state (1bit) to true. ELP state is cleared only by a landing pad instruction else trap is delivered with ELP state recorded in sstatus CSR. This two patch series adds following changes to opensbi - Adds support in opensbi to detect zisslpcfi - trap redirection updates ELP state accordingly Qemu implementation for zisslpcfi can be checked out on github [2] Strawman linux kernel enabling (still very early) can be checked out on github [3] [1] - https://github.com/riscv/riscv-cfi [2] - https://github.com/deepak0414/qemu/tree/gh_Zisslpcfi-0.1 [3] - https://github.com/deepak0414/linux-riscv-cfi/tree/Zisslpcfi-0.1_v6.1-rc2 Deepak Gupta (2): include: adding support for Zisslpcfi encodings lib: sbi: Zisslpcfi detection and elp cfi state reflect back in status include/sbi/riscv_encoding.h | 10 ++++++++++ include/sbi/sbi_hart.h | 2 ++ lib/sbi/sbi_hart.c | 23 +++++++++++++++++++++++ lib/sbi/sbi_trap.c | 16 ++++++++++++++++ 4 files changed, 51 insertions(+)