| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Nov 2021 10:04:51 +0800
From: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
To: Mark Rutland <mark.rutland@....com>, Will Deacon <will@...nel.org>
CC: Catalin Marinas <catalin.marinas@....com>,
Jonathan Corbet <corbet@....net>,
Matthias Brugger <matthias.bgg@...il.com>,
Chinwen Chang (張錦文)
<chinwen.chang@...iatek.com>,
Nicholas Tang (鄭秦輝)
<nicholas.tang@...iatek.com>, <James.Hsu@...iatek.com>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mediatek@...ts.infradead.org"
<linux-mediatek@...ts.infradead.org>, <kuan-ying.lee@...iatek.com>
Subject: Re: [PATCH] arm64: update compiler option for PAC
On Tue, 2021-11-23 at 20:10 +0800, Mark Rutland wrote:
> On Tue, Nov 16, 2021 at 10:11:47AM +0000, Will Deacon wrote:
> > On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote:
> > > We pass -mbranch-protection=pac-ret+leaf to support PAC
> > > when we use GCC 9 or later.
> > >
> > > Before GCC 9, we pass -msign-return-address=all to support
> > > PAC.
> > >
> > > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@...iatek.com>
> > > ---
> > > Documentation/arm64/pointer-authentication.rst | 6 ++++--
> > > 1 file changed, 4 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/Documentation/arm64/pointer-authentication.rst
> > > b/Documentation/arm64/pointer-authentication.rst
> > > index f127666ea3a8..055d08b0d42d 100644
> > > --- a/Documentation/arm64/pointer-authentication.rst
> > > +++ b/Documentation/arm64/pointer-authentication.rst
> > > @@ -54,8 +54,10 @@ virtual address size configured by the kernel.
> > > For example, with a
> > > virtual address size of 48, the PAC is 7 bits wide.
> > >
> > > Recent versions of GCC can compile code with APIAKey-based
> > > return
> > > -address protection when passed the -msign-return-address option.
> > > This
> > > -uses instructions in the HINT space (unless -march=armv8.3-a or
> > > higher
> > > +address protection when passed compiler option as following.
> > > +Pass -msign-return-address when we use GCC 7, 8.
> > > +Pass -mbranch-protection when we use GCC 9 or later.
> > > +This uses instructions in the HINT space (unless -march=armv8.3-
> > > a or higher
> > > is also passed), and such code can run on systems without the
> > > pointer
> > > authentication extension.
> >
> > I think I'd be more inclined to delete this paragraph altogether.
> > It doesn't
> > really document anything to do with the kernel, and trying to
> > document the
> > behaviour of "recent" versions of GCC is futile.
>
> Agreed. I think the only thing we might want to mention is that we
> rely
> on the compiler to use the HINT space instructions (PACIASP and
> AUTIASP)
> so that a kernel built with pointer authentication support works on
> HW
> without the feature.
>
> So replacing that paragraph with something like:
>
> > When ARM64_PTR_AUTH_KERNEL is selected the kernel will be compiled
> > with HINT space pointer authentication instructions protecting
> > function returns. Kernels built with this option will work on
> > hardware with or without pointer authentication support.
>
> ... would make sense to me.
Hi,
Thanks you both for suggestions.
I will rewrite this paragraph in v2.
Thanks,
Kuan-Ying Lee
>
> Thanks,
> Mark.
Powered by blists - more mailing lists