On Fri, May 23, 2025 at 01:34:47AM -0700, Charlie Jenkins wrote: > On Fri, May 23, 2025 at 01:22:01AM -0700, Charlie Jenkins wrote: > > On Thu, May 22, 2025 at 10:31:30PM -0700, Deepak Gupta wrote: > > > Adds kselftest for RISC-V control flow integrity implementation for user > > > mode. There is not a lot going on in kernel for enabling landing pad for > > > user mode. cfi selftest are intended to be compiled with zicfilp and > > > zicfiss enabled compiler. Thus kselftest simply checks if landing pad / > > > shadow stack for the process are enabled or not and executes ptrace > > > selftests on cfi. selftest then register a signal handler for SIGSEGV. > > > Any control flow violation are reported as SIGSEGV with si_code = > > > SEGV_CPERR. Test will fail on receiving any SEGV_CPERR. Shadow stack part > > > has more changes in kernel and thus there are separate tests for that > > > > > > - Exercise `map_shadow_stack` syscall > > > - `fork` test to make sure COW works for shadow stack pages > > > - gup tests > > > Kernel uses FOLL_FORCE when access happens to memory via > > > /proc/<pid>/mem. Not breaking that for shadow stack. > > > - signal test. Make sure signal delivery results in token creation on > > > shadow stack and consumes (and verifies) token on sigreturn > > > - shadow stack protection test. attempts to write using regular store > > > instruction on shadow stack memory must result in access faults > > > - ptrace test: adds landing pad violation, clears ELP and continues > > > > > > In case toolchain doesn't support cfi extension, cfi kselftest wont > > > get built. > > > > > > Test outut > > > ========== > > > > > > """ > > > TAP version 13 > > > 1..5 > > > This is to ensure shadow stack is indeed enabled and working > > > This is to ensure shadow stack is indeed enabled and working > > > ok 1 shstk fork test > > > ok 2 map shadow stack syscall > > > ok 3 shadow stack gup tests > > > ok 4 shadow stack signal tests > > > ok 5 memory protections of shadow stack memory > > > """ > > > > > > Signed-off-by: Deepak Gupta <debug@xxxxxxxxxxxx> > > > Suggested-by: Charlie Jenkins <charlie@xxxxxxxxxxxx> > > > --- > > > tools/testing/selftests/riscv/Makefile | 2 +- > > > tools/testing/selftests/riscv/cfi/.gitignore | 3 + > > > tools/testing/selftests/riscv/cfi/Makefile | 16 + > > > tools/testing/selftests/riscv/cfi/cfi_rv_test.h | 82 +++++ > > > tools/testing/selftests/riscv/cfi/riscv_cfi_test.c | 173 +++++++++ > > > tools/testing/selftests/riscv/cfi/shadowstack.c | 385 +++++++++++++++++++++ > > > tools/testing/selftests/riscv/cfi/shadowstack.h | 27 ++ > > > 7 files changed, 687 insertions(+), 1 deletion(-) > > > > > > diff --git a/tools/testing/selftests/riscv/Makefile b/tools/testing/selftests/riscv/Makefile > > > index 099b8c1f46f8..5671b4405a12 100644 > > > --- a/tools/testing/selftests/riscv/Makefile > > > +++ b/tools/testing/selftests/riscv/Makefile > > > @@ -5,7 +5,7 @@ > > > ARCH ?= $(shell uname -m 2>/dev/null || echo not) > > > > > > ifneq (,$(filter $(ARCH),riscv)) > > > -RISCV_SUBTARGETS ?= abi hwprobe mm sigreturn vector > > > +RISCV_SUBTARGETS ?= abi hwprobe mm sigreturn vector cfi > > > else > > > RISCV_SUBTARGETS := > > > endif > > > diff --git a/tools/testing/selftests/riscv/cfi/.gitignore b/tools/testing/selftests/riscv/cfi/.gitignore > > > new file mode 100644 > > > index 000000000000..82545863bac6 > > > --- /dev/null > > > +++ b/tools/testing/selftests/riscv/cfi/.gitignore > > > @@ -0,0 +1,3 @@ > > > +cfitests > > > +riscv_cfi_test > > > +shadowstack > > > diff --git a/tools/testing/selftests/riscv/cfi/Makefile b/tools/testing/selftests/riscv/cfi/Makefile > > > new file mode 100644 > > > index 000000000000..55165a93845f > > > --- /dev/null > > > +++ b/tools/testing/selftests/riscv/cfi/Makefile > > > @@ -0,0 +1,16 @@ > > > +CFLAGS += -I$(top_srcdir)/tools/include > > > + > > > +CFLAGS += -march=rv64gc_zicfilp_zicfiss -fcf-protection=full > > > + > > > +ifeq ($(shell $(CC) $(CFLAGS) -nostdlib -xc /dev/null -o /dev/null > /dev/null 2>&1; echo $$?),0) > > > +TEST_GEN_PROGS := cfitests > > > + > > > +include ../../lib.mk > > > > I'm sorry, I just realized I messed up this patch :/. This line is > > supposed to be above the ifeq line to get the proper definition of > > $(CC). > > Okay that doesn't work either, this does though. > > From 8aacab45ca9a2402bd6b65e7f5d9529e0bcc184b Mon Sep 17 00:00:00 2001 > From: Charlie Jenkins <charlie@xxxxxxxxxxxx> > Date: Fri, 23 May 2025 01:32:52 -0700 > Subject: [PATCH] kselftest/riscv: Fix cfi selftests again > > Signed-off-by: Charlie Jenkins <charlie@xxxxxxxxxxxx> > --- > tools/testing/selftests/riscv/cfi/Makefile | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/tools/testing/selftests/riscv/cfi/Makefile b/tools/testing/selftests/riscv/cfi/Makefile > index 55165a93845f..41dbb4a263e3 100644 > --- a/tools/testing/selftests/riscv/cfi/Makefile > +++ b/tools/testing/selftests/riscv/cfi/Makefile > @@ -2,6 +2,14 @@ CFLAGS += -I$(top_srcdir)/tools/include > > CFLAGS += -march=rv64gc_zicfilp_zicfiss -fcf-protection=full > > +ifeq ($(LLVM),) > +ifeq ($(CC),cc) > +CC := $(CROSS_COMPILE)gcc > +endif > +else > +CC := $(LLVM_PREFIX)clang$(LLVM_SUFFIX) --target=riscv64-linux-gnu > +endif > + > ifeq ($(shell $(CC) $(CFLAGS) -nostdlib -xc /dev/null -o /dev/null > /dev/null 2>&1; echo $$?),0) > TEST_GEN_PROGS := cfitests > > -- > 2.43.0 Okay another version... Also need to pull in the definitions of LLVM_SUFFIX/LLVM_PREFIX
