This commit adds a kernel command line option using which user cfi can be disabled.
Signed-off-by: Deepak Gupta debug@rivosinc.com --- arch/riscv/kernel/usercfi.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c index 40c32258b6ec..d92b49261b58 100644 --- a/arch/riscv/kernel/usercfi.c +++ b/arch/riscv/kernel/usercfi.c @@ -17,6 +17,8 @@ #include <asm/csr.h> #include <asm/usercfi.h>
+bool disable_riscv_usercfi; + #define SHSTK_ENTRY_SIZE sizeof(void *)
bool is_shstk_enabled(struct task_struct *task) @@ -393,6 +395,9 @@ int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) unsigned long size = 0, addr = 0; bool enable_shstk = false;
+ if (disable_riscv_usercfi) + return 0; + if (!cpu_supports_shadow_stack()) return -EINVAL;
@@ -472,6 +477,9 @@ int arch_set_indir_br_lp_status(struct task_struct *t, unsigned long status) { bool enable_indir_lp = false;
+ if (disable_riscv_usercfi) + return 0; + if (!cpu_supports_indirect_br_lp_instr()) return -EINVAL;
@@ -504,3 +512,15 @@ int arch_lock_indir_br_lp_status(struct task_struct *task,
return 0; } + +static int __init setup_global_riscv_enable(char *str) +{ + if (strcmp(str, "true") == 0) + disable_riscv_usercfi = true; + + pr_info("Setting riscv usercfi to be %s\n", (disable_riscv_usercfi ? "disabled" : "enabled")); + + return 1; +} + +__setup("disable_riscv_usercfi=", setup_global_riscv_enable);