From nobody Mon May 25 04:33:49 2026 Received: from mail-108-mta102.mxroute.com (mail-108-mta102.mxroute.com [136.175.108.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62CEB14A8B for ; Mon, 18 May 2026 18:45:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=136.175.108.102 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779129929; cv=none; b=GjjKexuKXcrjuefhfHG5GfTbNaNlfTe3r2bw/qQjNMsJcjP5xK384gwFzOjAKzKe1s1GweqQgi57TaN2T5xTSN6XEVZsNmOABF8IX74TnXnOw8wNGlfXR1zBwoM1kUoavLpxs++oSWf5OtOWIbNlbbL2suC0gKS0gXoA9qvIVy0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779129929; c=relaxed/simple; bh=42TfcMNnmV26s1UbjHYRxQb3o2AReRZYTCKI+U+diRI=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=gIMbZt8GIfZqxc5sljOMYLqEgxIaR5hAb3bc3+xl7HT6dqkl5mf5CNiG8WKiNYZRkQMbrIgG+UQGxqCWbUuRJ81cUjhlyXzZ8Akv2u6ueEo2WKCTn2V/wQI11D8aNujCSmIGHxWK7jJHcu/cx6ExTaDxwcAlNbbpiWX6Jk1GL18= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=wii.dev; spf=pass smtp.mailfrom=wii.dev; dkim=pass (2048-bit key) header.d=wii.dev header.i=@wii.dev header.b=JLKavkVW; arc=none smtp.client-ip=136.175.108.102 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=wii.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=wii.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=wii.dev header.i=@wii.dev header.b="JLKavkVW" Received: from filter006.mxroute.com ([136.175.111.3] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta102.mxroute.com (ZoneMTA) with ESMTPSA id 19e3c63705800067f7.00a for (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Mon, 18 May 2026 18:40:10 +0000 X-Zone-Loop: 515ed66ceeed99c2bb0181180b624736014672128f4e DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wii.dev; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To: From:Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=Gc6e4om4uJVepREiLY2m7U5l7KL9JaLr6L1SAM/U0bo=; b=J LKavkVWGOQ2OxnYcJqJDo+8ezNJq2vKesRKQU0figJfKVtjLucvm2qO9KfKaP7441iz/VQmITI7GA T0mBHgQcaQWMCIi6tREoKeSiRtNP1UWlAMRqsRtNZAaAlygyBHExRv0U/peiDhAcPs7cGbw4ZabTL CRW3uLYn4+YvZmQxva9RfBAKNE7NweT6IBz2X/IsJmRqdHcLGbz4CEtqO4Kq3J2jFoh3o/htSeuOS EPK7Ktxy0wHfwFnVqGKggj6wKHfL/uR9JcMLPvh7CRcPqZsWQYoIp3QzI1B+KXGXMIbn1d4yqtJmU MOaRfJZ9VozvQyOsGouc+c908pqZQOwJw==; From: Richard Patel To: Paul Walmsley , Palmer Dabbelt , Albert Ou Cc: Alexandre Ghiti , Deepak Gupta , Zong Li , Charlie Jenkins , Shuah Khan , linux-riscv@lists.infradead.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Richard Patel Subject: [PATCH] riscv: cfi: reject unknown flags in PR_SET_CFI Date: Mon, 18 May 2026 18:39:18 +0000 Message-ID: <20260518183918.322545-1-ripatel@wii.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Authenticated-Id: ripatel@wii.dev Content-Type: text/plain; charset="utf-8" prctl(PR_SET_CFI,PR_CFI_BRANCH_LANDING_PADS) silently ignored unknown control values. Only PR_CFI_{ENABLE,DISABLE,LOCK} should be permitted. This is a uABI breaking change (fails previously accepted bits with EINVAL). Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to= be more descriptive") Signed-off-by: Richard Patel --- arch/riscv/include/asm/usercfi.h | 1 + arch/riscv/kernel/usercfi.c | 3 +++ tools/testing/selftests/riscv/cfi/cfitests.c | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/arch/riscv/include/asm/usercfi.h b/arch/riscv/include/asm/user= cfi.h index f56966edbf5c..61ee02cee297 100644 --- a/arch/riscv/include/asm/usercfi.h +++ b/arch/riscv/include/asm/usercfi.h @@ -50,6 +50,7 @@ void set_indir_lp_status(struct task_struct *task, bool e= nable); void set_indir_lp_lock(struct task_struct *task, bool lock); =20 #define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK (PR_SHADOW_STACK_ENABLE) +#define PR_CFI_SUPPORTED_STATUS_MASK (PR_CFI_ENABLE | PR_CFI_DISABLE | PR_= CFI_LOCK) =20 #else =20 diff --git a/arch/riscv/kernel/usercfi.c b/arch/riscv/kernel/usercfi.c index cbfb4e495e9f..5a7113d69bad 100644 --- a/arch/riscv/kernel/usercfi.c +++ b/arch/riscv/kernel/usercfi.c @@ -467,6 +467,9 @@ int arch_prctl_set_branch_landing_pad_state(struct task= _struct *t, unsigned long if (!is_user_lpad_enabled()) return -EINVAL; =20 + if (state & ~PR_CFI_SUPPORTED_STATUS_MASK) + return -EINVAL; + /* indirect branch tracking is locked and further can't be modified by us= er */ if (is_indir_lp_locked(t)) return -EINVAL; diff --git a/tools/testing/selftests/riscv/cfi/cfitests.c b/tools/testing/s= elftests/riscv/cfi/cfitests.c index 39d097b6881f..0e3943461e7d 100644 --- a/tools/testing/selftests/riscv/cfi/cfitests.c +++ b/tools/testing/selftests/riscv/cfi/cfitests.c @@ -141,6 +141,12 @@ int main(int argc, char *argv[]) =20 ksft_print_msg("Starting risc-v tests\n"); =20 + /* Test unknown PR_CFI bits */ + ret =3D my_syscall5(__NR_prctl, PR_SET_CFI, PR_CFI_BRANCH_LANDING_PADS, + PR_CFI_ENABLE | 0xffff0, 0, 0); + if (!ret) + ksft_exit_fail_msg("PR_SET_CFI accepted reserved branch landing pad bits= \n"); + /* * Landing pad test. Not a lot of kernel changes to support landing * pads for user mode except lighting up a bit in senvcfg via a prctl. --=20 2.47.3