Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

arch: riscv: reset global pointer on exception #81155

Merged
merged 3 commits into from
Nov 14, 2024

Conversation

ycsin
Copy link
Member

@ycsin ycsin commented Nov 8, 2024

Reset the gp on exception entry from u-mode to protect the kernel against a possible rogue user thread when global pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y).

Fixes #81372

@ycsin ycsin requested a review from npitre November 8, 2024 18:19
@ycsin
Copy link
Member Author

ycsin commented Nov 8, 2024

cc @cwshu

npitre
npitre previously approved these changes Nov 8, 2024
@rruuaanng rruuaanng added area: RISCV RISCV Architecture (32-bit & 64-bit) area: Architectures labels Nov 9, 2024
Add macros to read / write hardware registers.

Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Reset the gp on exception entry from u-mode to protect the kernel
against a possible rogue user thread.

Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Add a test to make sure that the `gp` global pointer register used for
relative addressing when `CONFIG_RISCV_GP` is enabled can't be
corrupted by a rogue user thread.

Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
@ycsin
Copy link
Member Author

ycsin commented Nov 10, 2024

Added test

@ycsin ycsin marked this pull request as ready for review November 10, 2024 06:36
@ycsin ycsin requested a review from npitre November 10, 2024 06:36
@ycsin ycsin requested a review from cfriedt November 11, 2024 07:06
@ycsin ycsin added the bug The issue is a bug, or the PR is fixing a bug label Nov 11, 2024
@npitre
Copy link
Collaborator

npitre commented Nov 11, 2024 via email

@ycsin ycsin requested a review from ceolin November 12, 2024 05:22
Copy link
Collaborator

@npitre npitre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And yes, this should definitely be tagged as a security fix.

@cfriedt
Copy link
Member

cfriedt commented Nov 13, 2024

Just curious if we back up / restore GP already? If not, we may want to consider doing so.

@npitre
Copy link
Collaborator

npitre commented Nov 13, 2024 via email

@cfriedt cfriedt added Security Review To be reviewed by a security expert area: Security Security and removed Security Review To be reviewed by a security expert labels Nov 13, 2024
@ceolin ceolin added this to the v4.0.0 milestone Nov 14, 2024
@ceolin
Copy link
Member

ceolin commented Nov 14, 2024

And yes, this should definitely be tagged as a security fix.

Agree ! this should be merged ASAP imho.

@ceolin ceolin added the Release Blocker Use this label for justified release blockers label Nov 14, 2024
@ycsin ycsin added the backport v3.7-branch Request backport to the v3.7-branch label Nov 14, 2024
@dkalowsk dkalowsk merged commit 408c151 into zephyrproject-rtos:main Nov 14, 2024
33 checks passed
@ycsin ycsin deleted the pr/reset-gp branch November 14, 2024 03:19
@ycsin ycsin linked an issue Nov 14, 2024 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: Architectures area: RISCV RISCV Architecture (32-bit & 64-bit) area: Security Security backport v3.7-branch Request backport to the v3.7-branch bug The issue is a bug, or the PR is fixing a bug Release Blocker Use this label for justified release blockers
Projects
None yet
Development

Successfully merging this pull request may close these issues.

arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
9 participants