# Control Flow Integrity on RISC-V Deepak Gupta – debug@rivosinc.com ## Memory safety and control flow integrity - Significant C/C++ code base in vulnerable to memory safety [1], [2] - Implication of memory safety issues → control flow can be subverted - Forward edge: Function pointers or virtual function ptr table live in RW memory - Return edge: Return addresses (on stack) in RW memory <sup>[1]-</sup>https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2019 02 BlueHatIL/2019 01%20-%20BlueHatIL%20-%20Trends%2C%20challenge%2C%20and%20shifts%20in%20software%20vulnerability%20mitigation.pdf <sup>[2]-</sup>https://www.chromium.org/Home/chromium-security/memory-safety/ ## Zicfilp - Protects forward control flow - Zicfilp: Enforces all indirect branches must land on lpad (auipc rd=x0) - Except when rs1 == $(x1 \mid x5 \mid x7)$ - Label setup in x7 must match label encoded in 1pad instruction on target - New exception (cause = 18) software-check exception - \*tval = 2, missing lpad or label didn't match 3 ## **Zicfiss** - Zicfiss: Extends architecture with shadow stack (encoding RWX = b010) - Regular stores not allowed. Regular loads allowed. - Access fault on regular stores. - Shadow stack memory accesses strictly operate on shadow stack memory - SS access on RO memory → store page fault - SS access on RWX or XO memory or RW memory → access fault Linux plumbers conference (RISCV MC) - 2023 - sspopchk can raise software-check exception (\*tval = 3) ``` func_main: | Ipad < label> | Continuous sepush x1 | Continuous push return address on top of shadow stack | Continuous push return address on top of shadow stack | Continuous push return address on top of shadow stack | Continuous push x5 ``` 4 ## Shadow stack & page fault - Shadow stack is a writable memory but needs protection against stray writes. - During fork, it becomes read-only (so that COW can be done later) - For mm any shadow stack access (SS load or SS store) is a COW (thus store) operation - Following fault behavior for SS accesses - Read only memory store page fault - Not present memory store page fault - RW or RWX or X memory access fault - Shadow stack instructions operating on RW\* or X memory indicates fatality - Regular loads to shadow stack memory are allowed: useful for backtrace / debugging - Regular stores to shadow stack memory are access fault: fatal condition and should be SIGSEGV # Runtime control-flow changes and CFI - Text patching - tracing - breakpoints - probes - eBPF - BPF programs JIT codegen must confirm to kernel CFI policies - BPF programs attach to kprobes - Should work as long as kprobes work - \*\*\* Anything missed \*\*\*? # Prolog /w CFI and tracing support ``` prolog prolog indirect call loc: indirect call loc: Ipad <label> Ipad <label> tracing enable direct call loc: direct call loc: auipc x5, <offset trace handler direct call loc> nop nop jalr x5, x5 sspush x1 sspush x1 *** Proposal *** ``` - Currently tracing enable uses jalr x5, x5 ← should work as is - landing pad not expected on target trampoline - Return saved in x5 - Target trampoline uses x5 on return path (rs1 == x5 doesn't require landing pad) - 1pad can't be patched and is always executed 7 # Breakpoints and text patch /w CFI - Setting breakpoint can't patch lpad, subsequent instruction is patched - Normal breakpoint handling is followed ## kprobes and kretprobes ### kprobes Similar to breakpoint handling kretprobe: probes on function returns - Installs a kprobe on function entry - kprobe handler does pt\_regs->ra = arch\_rethook\_trampoline - Saves away original ra - arch\_rethook\_trampoline gets called on return and calls retprobes - Eventually does jr to original ra - None of this violates Zicfilp or Zicfiss ## Shadow stack: protection flags and creation Memory (mmap) protection flags and corresponding VMAs - PROT READ → VM READ - PROT WRITE → (VM READ | VM WRITE) - PROT SHADOWSTACK new protection flag for memory mapping - PROT SHADOWSTACK → Only (VM WRITE) - x86 (and aarch64 too) have introduced VM SHADOW STACK (stealing VM ARCH 5 bit) - On riscv #define VM\_SHADOW\_STACK VM\_WRITE User control on shadow stack creation \*\*\* Proposal \*\*\* - Shadow stack is dedicated to store return addresses. Not worth it to have protection flag exposed to user - x86 already have map\_shadow\_stack in mainline. aarch64 following same. ← RISCV to do same #### LKML discussions on topic - https://lore.kernel.org/lkml/20230822-arm64-gcs-v5-11-9ef181dd6324@kernel.org/https://lore.kernel.org/lkml/20230613001108.3040476-15-rick.p.edgecombe@intel.com/ - https://www.spinics.net/lists/arm-kernel/msg1070930.html - https://lore.kernel.org/lkml/20230613001108.3040476-35-rick.p.edgecombe@intel.com/ ## RISC-V user mode CFI – enabling - Kernel can't assume about inbuilt CFI support in all object files in address space - Decision to enable shadow stack (SS) and landing pad (LP) is left to 1d. so in user mode - Following x86 and aarch64 direction Two paths here \*\*\* chosen direction Id.so starts life without SS and LP invoke prctls to enable CFI if all objects support CFI Id.so starts life with SS and LP invoke prctls to disable CFI if any object doesn't support CFI #### LKML discussions on topic - https://lore.kernel.org/all/20220130211838.8382-1-rick.p.edgecombe@intel.com/https://lkml.iu.edu/hypermail/linux/kernel/2303.1/04556.html - https://lore.kernel.org/lkml/CAHk-=wgP5mk3poVeejw16Asbid0ghDt4okHnWaWKLBkRhQntRA@mail.gmail.com/ # RISC-V user mode CFI – glibc enabling #### Tunability options - Some application may still want to disable CFI - Some applications may want CFI but don't know if all dependent objects have CFI support or not - May want to start application with CFI support but may want to disable if dlopen to non-CFI object file - May want to start application with CFI support and want to exit if dlopen to non-CFI object file #### \*\*\* Proposal \*\*\* - Follow x86 glibc tunables for shadow stack and indirect branch tracking (<a href="https://www.gnu.org/software/libc/manual/html">https://www.gnu.org/software/libc/manual/html</a> node/Hardware-Capability-Tunables.html) - glibc.cpu.riscv\_lp for landing pads and glibc.cpu.riscv\_ss for shadow stack - On → Strict on and any dlopen to a shared library with no cfi support leads to exit - Off → Off irrespective of ELF bit marker or shared libraries - Permissive → Any incoming object in address space with no support will turn the feature off ## Discussion / Q&A