From patchwork Wed Dec 21 19:55:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 1718475 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=pTuqaa3N; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=rivosinc-com.20210112.gappssmtp.com header.i=@rivosinc-com.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=Yx++IbXG; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Nckhj21LNz1ydd for ; Thu, 22 Dec 2022 06:56:03 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=FyoBqZqKexZueMxvnQYFrVr76hcWuDudLZQ1G6bvoUg=; b=pTuqaa3NfnwSDj MCabJPgnaaXR6GZ5MaZaoDDxpmFHp9FUN9ChqFv7B8kG7sYtDd3BExCFh4yBcXkZmi+0XeyYXK29n XHviFYrH1nALQs4YnxbcEichonczEU1bmnEqUo8rxmJieeCYvZOAT2TCbn5PCpz8UXX2aVbW17Yqn ZXjVS4QcEaD1v3ds3XdeN9Lsto4BozPaDmOqlz4a8bawGiLxs1c6Tcx/fDg2xkErhQI9Xx1bnqWhh eoKldwDmcHU/81aig07jJHtDCg9OeuyuBBqHFKSia30UwARA2XsbXnUaa83M9udmR+RELoAAv+jGp 9M28kruKhUWbnx3wYYqg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p85Bq-001ZrS-9s; Wed, 21 Dec 2022 19:55:46 +0000 Received: from mail-pj1-x102b.google.com ([2607:f8b0:4864:20::102b]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p85Bo-001Zoq-12 for opensbi@lists.infradead.org; Wed, 21 Dec 2022 19:55:45 +0000 Received: by mail-pj1-x102b.google.com with SMTP id n65-20020a17090a2cc700b0021bc5ef7a14so3170087pjd.0 for ; Wed, 21 Dec 2022 11:55:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=hDfzBayAUK/DiP6+rBnWndTJb/B9qazqZjo7k3WDXPY=; b=Yx++IbXGA2Nxj14SIODeRVVa7JdVGi3JJxdWl4JukpFzeaguO3taiHoNYHAttqQbd+ CtVfyvI1c9br3O2RBqRs7tQi6TmiZO07CE0C+m/k++zpDmql2l7gWdiMQvkwnCUYIUYu x6mlJCucZea2c6MUADOA1YxJa/B/8eedTnWUucXFHJbw5AFvw01h/6LTjhxGVqZXBuyK pzSYKJbgGFsNaeWvsUf5LWwilW60gnm0+vkw9EDVIzf0H2pGsN0j2syoNMxcVT0oV3tZ nsty0+QSmm5KzAcQsSvIA4+MDEM3gmyw0hxz+IelDmigpRWkDkSlGDrD3PSnJWZ0W707 vsAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hDfzBayAUK/DiP6+rBnWndTJb/B9qazqZjo7k3WDXPY=; b=RV+9gKONVMc1wNrtEmbIH40Zap1pLzUMu5xULsXRkC4PJ0rneD7OczOJ+4zO1HaOtf 9u+r7Msa6yMwwudNPJL8RjSxdbUsea+tqMvTkbHsXqzDIbEFpjH9SdisWeQ0ww6W6PWJ vqD5+uWpCb46bhSsQ7qz3SBjk3aoiRluGoZfPfWguVKI7AZCkXniJsvfK953K+M+mTEr iy0ckfgKT7bVBOCM4ttRuSid4w9dy72KPrKQtfBzxegfOH38VOXLrwPU+rMMpmmzqyb0 PciETITj53NAtsJ5EEUDR10d5W94k+8icFyGrDzdxRpK9qUzoqqnFi9zARvRAy7MLNpM y2MQ== X-Gm-Message-State: AFqh2krSP3aQy+AZaT1aqXJSelW01XosmTp27lpgbgWxsOjtlTH/1H3B GLW2gk1MzPotSEPsdlwS7bC/mQjZ8XKZOmd+ X-Google-Smtp-Source: AMrXdXtOK1N3V/xsHhED71WJNmOzr6GdZ5G4nQ5PN662S77177r2jqJ+tl0h0lacROABrbn+eBdUDA== X-Received: by 2002:a17:902:da86:b0:187:3921:2b1c with SMTP id j6-20020a170902da8600b0018739212b1cmr4230918plx.55.1671652540601; Wed, 21 Dec 2022 11:55:40 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id a7-20020a170902710700b00177f25f8ab3sm11813534pll.89.2022.12.21.11.55.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Dec 2022 11:55:40 -0800 (PST) From: Deepak Gupta To: opensbi@lists.infradead.org Cc: Deepak Gupta Subject: [PATCH v2 Zisslpcfi 0/2] Support for zisslpcfi in opensbi Date: Wed, 21 Dec 2022 11:55:33 -0800 Message-Id: <20221221195535.2136015-1-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221221_115544_116580_7FFB5F03 X-CRM114-Status: UNSURE ( 6.43 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Zisslpcfi [1] extension extends risc-v architecture to mitigate against control-flow integrity attacks (ROP/JOP/COP). Zisslpcfi uses bits (b23-b29) in (m/s/vs) status CSR for enabling cfi in lesser privileged mode and record cfi state. One such state is expected landing pad (ELP). If forward cfi is enabled, indirect [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:102b listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Zisslpcfi [1] extension extends risc-v architecture to mitigate against control-flow integrity attacks (ROP/JOP/COP). Zisslpcfi uses bits (b23-b29) in (m/s/vs) status CSR for enabling cfi in lesser privileged mode and record cfi state. One such state is expected landing pad (ELP). If forward cfi is enabled, indirect call/jmp updates hart's ELP state (1bit) to true. ELP state is cleared only by a landing pad instruction else trap is delivered with ELP state recorded in sstatus CSR. This two patch series adds following changes to opensbi - Adds support in opensbi to detect zisslpcfi - trap redirection updates ELP state accordingly Qemu implementation for Zisslpcfi can be checked out on github [2] Strawman linux kernel enabling (still very early) can be checked out on github [3] [1] - https://github.com/riscv/riscv-cfi [2] - https://github.com/deepak0414/qemu/tree/gh_Zisslpcfi-0.1 [3] - https://github.com/deepak0414/linux-riscv-cfi/tree/Zisslpcfi-0.1_v6.1-rc2 Deepak Gupta (2): include: adding support for Zisslpcfi encodings lib: sbi: Zisslpcfi detection and elp cfi state reflect back in status include/sbi/riscv_encoding.h | 6 ++++++ include/sbi/sbi_hart.h | 2 ++ lib/sbi/sbi_hart.c | 21 +++++++++++++++++++++ lib/sbi/sbi_trap.c | 18 ++++++++++++++++++ 4 files changed, 47 insertions(+)