lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211116101147.GB9851@willie-the-truck>
Date:   Tue, 16 Nov 2021 10:11:47 +0000
From:   Will Deacon <will@...nel.org>
To:     Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Jonathan Corbet <corbet@....net>,
        Matthias Brugger <matthias.bgg@...il.com>,
        chinwen.chang@...iatek.com, nicholas.tang@...iatek.com,
        james.hsu@...iatek.com, linux-arm-kernel@...ts.infradead.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mediatek@...ts.infradead.org, mark.rutland@....com
Subject: Re: [PATCH] arm64: update compiler option for PAC

On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote:
> We pass -mbranch-protection=pac-ret+leaf to support PAC
> when we use GCC 9 or later.
> 
> Before GCC 9, we pass -msign-return-address=all to support
> PAC.
> 
> Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
> ---
>  Documentation/arm64/pointer-authentication.rst | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/arm64/pointer-authentication.rst b/Documentation/arm64/pointer-authentication.rst
> index f127666ea3a8..055d08b0d42d 100644
> --- a/Documentation/arm64/pointer-authentication.rst
> +++ b/Documentation/arm64/pointer-authentication.rst
> @@ -54,8 +54,10 @@ virtual address size configured by the kernel. For example, with a
>  virtual address size of 48, the PAC is 7 bits wide.
>  
>  Recent versions of GCC can compile code with APIAKey-based return
> -address protection when passed the -msign-return-address option. This
> -uses instructions in the HINT space (unless -march=armv8.3-a or higher
> +address protection when passed compiler option as following.
> +Pass -msign-return-address when we use GCC 7, 8.
> +Pass -mbranch-protection when we use GCC 9 or later.
> +This uses instructions in the HINT space (unless -march=armv8.3-a or higher
>  is also passed), and such code can run on systems without the pointer
>  authentication extension.

I think I'd be more inclined to delete this paragraph altogether. It doesn't
really document anything to do with the kernel, and trying to document the
behaviour of "recent" versions of GCC is futile.

Will

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ