Message ID | 20241029-v5_user_cfi_series-v7-0-2727ce9936cb@rivosinc.com |
---|---|
Headers | show |
Series | riscv control-flow integrity for usermode | expand |
> How to test this series > ======================= I recently built a test environment for RISCV control-flow integrity for usermode using QEMU, referring to the test instructions in the patch. I found several problems during the test, and I hope you can answer them. Thank you. Q1: The CFI-related macro definition values in QEMU(branch: qemu-zicfilp_zicfiss_ratified_master_july11) and Linux(branch: linux-riscv-cfi-vdso_user_cfi_v6.12-rc1) are inconsistent. For example, the definition value of PR_GET_SHADOW_STACK_STATUS in QEMU is 71, but the definition value in Linux is 74. In order to continue the test, I modified the relevant definitions in the QEMU and GUN source codes with reference to the Linux source code, so that the cfi-related macro definitions in the QEMU and GUN source codes are consistent with Linux. Q2: When zicfilp=true is added to the QEMU command to enable landing pad, after cfitests command is executed, a segmentation fault is prompted, software check exception is raised, and the value of xtval is 2. According to the comments in the code, when xtval is 2, there are the following exceptions. * An indirect branch doesn't land on 4 byte aligned PC or `lpad` * instruction or `label` value programmed in `lpad` instr doesn't * match with value setup in `x7`. Why do these software check exceptions exist? What should I do to further troubleshoot or resolve these issues? The software versions I am using are all the versions mentioned in the test instructions, and the zicfiss test is in line with expectations. Can you help me with the above two questions, especially the second one? thank you very much.