Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
RISC-V Linux Patches Start On "zisslpcfi" Support For Control-Flow Integrity
A request for comments patch series was posted on Sunday night for getting RISC-V Control-Flow Integrity for U mode working with the zisslpcfi extension. Zisslpcfi amounts to "unprivileged integer shadow stack & landing pad based control-flow integrity."
The Linux kernel has ironed out control-flow integrity support for x86_64 and AArch64 processors while RISC-V developers are now working on the security functionality for their hardware. The tentative zisslpcfi spec is outlined in this GitHub repo. Zisslpcfi also has a dependency on the Zicsr extension for control and status register instructions. Control-flow integrity is fundamentally about preventing software attacks that divert the flow of execution of a program such as with return-oriented programming (ROP) attacks or jump.call oriented programming attacks. Like with the x86_64 and AArch64 CFI, the RISC-V CFI approach relies on a shadow stack and landing pads for indirect calls/jumps.
Those curious about the RISC-V control-flow integrity effort can see this RFC patch series on the Linux kernel mailing list for all the technical details on this early kernel code for enabling this RISC-V extension.