RISC-V In Linux 7.0 Brings User-Space CFI & Optimized strlen Assembly
([RISC-V] 4 Hours Ago
Linux 7.0 RISC-V)
- Reference: 0001613832
- News link: https://www.phoronix.com/news/Linux-7.0-RISC-V
- Source link:
The RISC-V architecture updates have been merged for [1]Linux 7.0 with a few items to note.
First up, RISC-V is finally ready to support [2]control-flow integrity "CFI" for user-space applications with Linux 7.0. Complementing control flow integrity with shadow stack handling that has been available on Intel and AMD processors, RISC-V with Linux 7.0 is supporting similar CFI handling. This security feature is for fending off ROP attacks manipulating the control flow of the user-space software to gain control. RISC-V uses the "zicfilp" and "zicfiss" instructions to enforce that all indirect calls land on a landing pad "lpad" instruction or will otherwise raise a software check exception. There are also RISC-V instructions introduced for helping ensure the return flow of software.
RISC-V in Linux 7.0 has also optimized its string length "strlen" implementation in hand-coded Assembly. The loop body drops from 4 instructions to 3 instructions and eliminates an unconditional jump with the new tuned Assembly. There are further Assembly optimizations that may land in a future Linux kernel release.
RISC-V in Linux 7.0 also improves its ptrace behavior around vector registers, enables the ISO-8859-1 code page as built-in for EFI volume mounting, and various code clean-ups.
More details on these now merged RISC-V port changes for Linux 7.0 via [3]this pull .
[1] https://www.phoronix.com/search/Linux+7.0
[2] https://www.phoronix.com/news/RISC-V-User-Space-CFI
[3] https://lore.kernel.org/lkml/c554c02e-a791-5c4a-d329-7632de7a194d@kernel.org/
First up, RISC-V is finally ready to support [2]control-flow integrity "CFI" for user-space applications with Linux 7.0. Complementing control flow integrity with shadow stack handling that has been available on Intel and AMD processors, RISC-V with Linux 7.0 is supporting similar CFI handling. This security feature is for fending off ROP attacks manipulating the control flow of the user-space software to gain control. RISC-V uses the "zicfilp" and "zicfiss" instructions to enforce that all indirect calls land on a landing pad "lpad" instruction or will otherwise raise a software check exception. There are also RISC-V instructions introduced for helping ensure the return flow of software.
RISC-V in Linux 7.0 has also optimized its string length "strlen" implementation in hand-coded Assembly. The loop body drops from 4 instructions to 3 instructions and eliminates an unconditional jump with the new tuned Assembly. There are further Assembly optimizations that may land in a future Linux kernel release.
RISC-V in Linux 7.0 also improves its ptrace behavior around vector registers, enables the ISO-8859-1 code page as built-in for EFI volume mounting, and various code clean-ups.
More details on these now merged RISC-V port changes for Linux 7.0 via [3]this pull .
[1] https://www.phoronix.com/search/Linux+7.0
[2] https://www.phoronix.com/news/RISC-V-User-Space-CFI
[3] https://lore.kernel.org/lkml/c554c02e-a791-5c4a-d329-7632de7a194d@kernel.org/