lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Nov 2021 12:10:55 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     Will Deacon <will@...nel.org>
Cc:     Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Jonathan Corbet <corbet@....net>,
        Matthias Brugger <matthias.bgg@...il.com>,
        chinwen.chang@...iatek.com, nicholas.tang@...iatek.com,
        james.hsu@...iatek.com, linux-arm-kernel@...ts.infradead.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-mediatek@...ts.infradead.org
Subject: Re: [PATCH] arm64: update compiler option for PAC

On Tue, Nov 16, 2021 at 10:11:47AM +0000, Will Deacon wrote:
> On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote:
> > We pass -mbranch-protection=pac-ret+leaf to support PAC
> > when we use GCC 9 or later.
> > 
> > Before GCC 9, we pass -msign-return-address=all to support
> > PAC.
> > 
> > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
> > ---
> >  Documentation/arm64/pointer-authentication.rst | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/Documentation/arm64/pointer-authentication.rst b/Documentation/arm64/pointer-authentication.rst
> > index f127666ea3a8..055d08b0d42d 100644
> > --- a/Documentation/arm64/pointer-authentication.rst
> > +++ b/Documentation/arm64/pointer-authentication.rst
> > @@ -54,8 +54,10 @@ virtual address size configured by the kernel. For example, with a
> >  virtual address size of 48, the PAC is 7 bits wide.
> >  
> >  Recent versions of GCC can compile code with APIAKey-based return
> > -address protection when passed the -msign-return-address option. This
> > -uses instructions in the HINT space (unless -march=armv8.3-a or higher
> > +address protection when passed compiler option as following.
> > +Pass -msign-return-address when we use GCC 7, 8.
> > +Pass -mbranch-protection when we use GCC 9 or later.
> > +This uses instructions in the HINT space (unless -march=armv8.3-a or higher
> >  is also passed), and such code can run on systems without the pointer
> >  authentication extension.
> 
> I think I'd be more inclined to delete this paragraph altogether. It doesn't
> really document anything to do with the kernel, and trying to document the
> behaviour of "recent" versions of GCC is futile.

Agreed. I think the only thing we might want to mention is that we rely
on the compiler to use the HINT space instructions (PACIASP and AUTIASP)
so that a kernel built with pointer authentication support works on HW
without the feature.

So replacing that paragraph with something like:

| When ARM64_PTR_AUTH_KERNEL is selected the kernel will be compiled
| with HINT space pointer authentication instructions protecting
| function returns. Kernels built with this option will work on
| hardware with or without pointer authentication support.

... would make sense to me.

Thanks,
Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ