Similar to what has been available on Intel and AMD processors for users with the shadow stack for control-flow integrity, Linux on RISC-V is finally ready to roll-out its user-space control-flow integrity support.

After going through 23 rounds of patches, the Control Flow Integrity “CFI” for user-mode on RISC-V is approaching the mainline kernel. This security feature is for fending off ROP attacks manipulating the control flow of the user-space software to gain control. RISC-V uses the “zicfilp” instruction to enforce that all indirect calls land on a landing pad “lpad” instruction or will otherwise raise a software check exception. There are also RISC-V instructions introduced for helping ensure the return flow of software.