[PATCH v3 29/29] kselftest/riscv: kselftest for user mode cfi
Deepak Gupta
debug at rivosinc.com
Thu May 9 12:16:29 PDT 2024
On Thu, May 09, 2024 at 11:21:15AM -0700, Charlie Jenkins wrote:
>On Wed, Apr 03, 2024 at 04:35:17PM -0700, Deepak Gupta wrote:
>> +
>> +int main(int argc, char *argv[])
>> +{
>> + int ret = 0;
>> + unsigned long lpad_status = 0, ss_status = 0;
>> +
>> + ksft_print_header();
>> +
>> + ksft_set_plan(RISCV_CFI_SELFTEST_COUNT);
>> +
>> + ksft_print_msg("starting risc-v tests\n");
>> +
>> + /*
>> + * Landing pad test. Not a lot of kernel changes to support landing
>> + * pad for user mode except lighting up a bit in senvcfg via a prctl
>> + * Enable landing pad through out the execution of test binary
>> + */
>> + ret = my_syscall5(__NR_prctl, PR_GET_INDIR_BR_LP_STATUS, &lpad_status, 0, 0, 0);
>
>There is an assumption here that the libc supports setting
>INDIR_BR_LP_STATUS but does not support the standard prctl interface
>defined in <sys/prctl.h>. my_syscall5() is defined to fill in gaps in
>the libc, so this test case should also set the status manually rather
>than relying on the libc.
>
>I don't think it's necessary to define my_syscall5() since every libc
>should have a prctl() definition. However, these CFI prctls are very new
>and glibc does not yet support (correct me if I am wrong) it so these
>prctls should be enabled by the test cases.
In one of my previous patches, it was setting landing pad and shadow stack enabling
directly via handcrafted prctl macro. I changed it to check for status for following reasons
- If this binary is compiled with landing pad and shadow stack option then toolchain being used
already has libc with shadow stack and landing pad enabling
- Currently upstream glibc toolchain dont have support but libc with toolchain has the support.
In case of shadow stack enabling, macro is needed and `prctl` function can't be used.
Because you enter `prctl` function with no shadow stack but exit with shadow stack and will lead to
fault in its epilog.
Due to all these reasons, kselftests have to be compiled with toolchain with cfi codegen and thus libc
should have support to light them up. Here tests only checks if they are already lit up, If not it fails.
Although you're spot on one thing here, since this test is assuming libc already lit-up landing pad and
shadow stack. It doesn't need macro here for status check of feature and can simply use `prctl` syscall
interface.
>
>- Charlie
>
>> + if (ret)
More information about the linux-riscv
mailing list