Sami Tolvanen

Kernel patches for U-mode Zisslpcfi support: https://lore.kernel.org/lkml/[email protected]/ Note that for fine-grained forward-edge CFI we'll still need the compiler to emit landing pad tags.

A lot has changed here since the previous comments. Landing pads were split into the Zicfilp extension, which no longer uses Zimops, and the `lpad` instruction is now in HINT...

> We must have landing pads in all userspace binaries from the beginning. Otherwise, it's going to be challenging to enable the feature later without breaking compatibility with existing apps...

The problem seems to be that the kernel determines `VA_BITS` at runtime (based on `pgtable_l[45]_enabled`) instead of using a Kconfig option, and `mmap_rnd_bits_max` is a constant that can't be changed....

Kernel patches to increase the maximum to 33 with Sv48/57: https://lore.kernel.org/linux-riscv/[email protected]/

> is [torvalds/linux@add2cc6](https://github.com/torvalds/linux/commit/add2cc6b6515f78d3a150f1fbbaf12c28c4bb20a) all we need upstream? No, that patch reduces the size of mmap address space to avoid breaking userspace applications (and should fix the CFI shadow issue I...

The kernel patches were queued up for v6.9: https://lore.kernel.org/linux-riscv/170621822929.6239.356777907601716533.git-patchwork-notify@kernel.org/

Merged: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d7e76ce7b76e104936d0898080b1255a848ea0b1

> Why `md5`: no strong reason for using md5, but one reason is it's available on binutils and llvm already. I would prefer not to add more uses of MD5,...

> xxHash is not a cryptographic hash. xxHash is faster to compute. MD5 is also used by LLVM for CFI. For this purpose I would consider MD5 and xxHash to...