[PATCH v1 RFC Zisslpcfi 19/20] config: adding two new config for control flow integrity

From: Deepak Gupta
Date: Sun Feb 12 2023 - 23:55:28 EST

Next message: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 15/20] sslp prctl: arch-agnostic prctl for shadow stack and landing pad instr"
Previous message: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 13/20] riscv: illegal instruction handler for cfi violations"
In reply to: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 13/20] riscv: illegal instruction handler for cfi violations"
Next in thread: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 15/20] sslp prctl: arch-agnostic prctl for shadow stack and landing pad instr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To maintain control flow integrity of a program, integrity of indirect
control transfers has to be maintained. Almost in all architectures there
are two mechanisms for indirect control transfer
- Indirect call relying on a memory operand.
- Returns which pop an address from stack and return to caller.

Control transfers relying on memory operands are inherently susceptible to
memory corruption bugs and thus allowing attackers to perform code re-use
attacks which eventually is used to inject attacker's payload.

All major architectures (x86, aarch64 and riscv) have introduced hardware
assistance in form of architectural extensions to protect returns (using
alternate shadow/control stack) and forward control flow (by enforcing
all indirect control transfers land on a landing pad instruction)

This patch introduces two new CONFIGs

- CONFIG_USER_SHADOW_STACK
Config to enable kernel support for user mode shadow stacks

- CONFIG_USER_INDIRECT_BR_LP
Config to enable kernel support for enforcing landing pad instruction
on target of an indirect control transfer.

Signed-off-by: Deepak Gupta <debug@xxxxxxxxxxxx>
---
init/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

diff --git a/init/Kconfig b/init/Kconfig
index 44e90b28a30f..8867ea4b074f 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -121,6 +121,25 @@ config THREAD_INFO_IN_TASK
One subtle change that will be needed is to use try_get_task_stack()
and put_task_stack() in save_thread_stack_tsk() and get_wchan().

+config USER_SHADOW_STACK
+ bool
+ help
+ Select this to enable kernel to support user mode shadow stack. Most
+ major architectures now support hardware assisted shadow stack. This
+ allows to enable non-arch specifics related to shadow stack in kernel.
+ Arch specific configuration options may also need to be enabled.
+
+config USER_INDIRECT_BR_LP
+ bool
+ help
+ Select this to allow user mode apps to opt-in to force requirement for
+ a landing pad instruction on indirect jumps or indirect calls in user mode.
+ Most major architectures now support hardware assistance for landing pad
+ instruction on indirect call or a jump. This config option allows non-arch
+ specifics related to landing pad instruction to be enabled separately from
+ arch specific implementations. Arch specific configuration options may also
+ need to be enabled.
+
menu "General setup"

config BROKEN
--
2.25.1

Next message: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 15/20] sslp prctl: arch-agnostic prctl for shadow stack and landing pad instr"
Previous message: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 13/20] riscv: illegal instruction handler for cfi violations"
In reply to: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 13/20] riscv: illegal instruction handler for cfi violations"
Next in thread: Deepak Gupta: "[PATCH v1 RFC Zisslpcfi 15/20] sslp prctl: arch-agnostic prctl for shadow stack and landing pad instr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]