lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Mar 2020 16:31:03 +0000 From: Catalin Marinas <catalin.marinas@....com> To: Mark Brown <broonie@...nel.org> Cc: Will Deacon <will@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, Paul Elliott <paul.elliott@....com>, Peter Zijlstra <peterz@...radead.org>, Yu-cheng Yu <yu-cheng.yu@...el.com>, Amit Kachhap <amit.kachhap@....com>, Vincenzo Frascino <vincenzo.frascino@....com>, Marc Zyngier <maz@...nel.org>, Eugene Syromiatnikov <esyr@...hat.com>, Szabolcs Nagy <szabolcs.nagy@....com>, "H . J . Lu " <hjl.tools@...il.com>, Andrew Jones <drjones@...hat.com>, Kees Cook <keescook@...omium.org>, Arnd Bergmann <arnd@...db.de>, Jann Horn <jannh@...gle.com>, Richard Henderson <richard.henderson@...aro.org>, Kristina Martšenko <kristina.martsenko@....com>, Thomas Gleixner <tglx@...utronix.de>, Florian Weimer <fweimer@...hat.com>, Sudakshina Das <sudi.das@....com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-fsdevel@...r.kernel.org, Dave Martin <Dave.Martin@....com> Subject: Re: [PATCH v8 03/11] arm64: Basic Branch Target Identification support On Thu, Feb 27, 2020 at 05:44:09PM +0000, Mark Brown wrote: > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 0b30e884e088..e37f4f07b990 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1519,6 +1519,28 @@ endmenu > > menu "ARMv8.5 architectural features" > > +config ARM64_BTI > + bool "Branch Target Identification support" > + default y > + help > + Branch Target Identification (part of the ARMv8.5 Extensions) > + provides a mechanism to limit the set of locations to which computed > + branch instructions such as BR or BLR can jump. > + > + To make use of BTI on CPUs that support it, say Y. > + > + BTI is intended to provide complementary protection to other control > + flow integrity protection mechanisms, such as the Pointer > + authentication mechanism provided as part of the ARMv8.3 Extensions. > + For this reason, it does not make sense to enable this option without > + also enabling support for pointer authentication. Thus, when > + enabling this option you should also select ARM64_PTR_AUTH=y. > + > + Userspace binaries must also be specifically compiled to make use of > + this mechanism. If you say N here or the hardware does not support > + BTI, such binaries can still run, but you get no additional > + enforcement of branch destinations. To keep the series bisectable, I'd move the Kconfig into a separate patch towards the end. It looks like the feature is only partially supported after patch 3, so let's not advertise it here. -- Catalin
Powered by blists - more mailing lists