[v7,00/17] arm64: return address signing

Message ID	1584090304-18043-1-git-send-email-amit.kachhap@arm.com (mailing list archive)
Headers	show Return-Path: <SRS0=lxme=46=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 961D020746 From: Amit Daniel Kachhap <amit.kachhap@arm.com> To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v7 00/17] arm64: return address signing Date: Fri, 13 Mar 2020 14:34:47 +0530 Message-Id: <1584090304-18043-1-git-send-email-amit.kachhap@arm.com> summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [217.140.110.172 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record Precedence: list Cc: Mark Rutland <mark.rutland@arm.com>, Kees Cook <keescook@chromium.org>, Suzuki K Poulose <suzuki.poulose@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Kristina Martsenko <kristina.martsenko@arm.com>, Dave Martin <Dave.Martin@arm.com>, Mark Brown <broonie@kernel.org>, James Morse <james.morse@arm.com>, Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>, Amit Daniel Kachhap <amit.kachhap@arm.com>, Vincenzo Frascino <Vincenzo.Frascino@arm.com>, Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	arm64: return address signing \| expand [v7,00/17] arm64: return address signing [v7,01/17] arm64: cpufeature: Fix meta-capability cpufeature check [v7,02/17] arm64: cpufeature: add pointer auth meta-capabilities [v7,03/17] arm64: rename ptrauth key structures to be user-specific [v7,04/17] arm64: install user ptrauth keys at kernel exit time [v7,05/17] arm64: ptrauth: Add bootup/runtime flags for __cpu_setup [v7,06/17] arm64: cpufeature: Move cpu capability helpers inside C file [v7,07/17] arm64: cpufeature: handle conflicts based on capability [v7,08/17] arm64: enable ptrauth earlier [v7,09/17] arm64: initialize and switch ptrauth kernel keys [v7,10/17] arm64: initialize ptrauth keys for kernel booting task [v7,11/17] arm64: mask PAC bits of __builtin_return_address [v7,12/17] arm64: unwind: strip PAC from kernel addresses [v7,13/17] arm64: __show_regs: strip PAC from lr in printk [v7,14/17] arm64: suspend: restore the kernel ptrauth keys [v7,15/17] kconfig: Add support for 'as-option' [v7,16/17] arm64: compile the kernel with ptrauth return address signing [v7,17/17] lkdtm: arm64: test kernel pointer authentication

Message ID

1584090304-18043-1-git-send-email-amit.kachhap@arm.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 961D020746
From: Amit Daniel Kachhap <amit.kachhap@arm.com>
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v7 00/17] arm64: return address signing
Date: Fri, 13 Mar 2020 14:34:47 +0530
Message-Id: <1584090304-18043-1-git-send-email-amit.kachhap@arm.com>
Precedence: list
Cc: Mark Rutland <mark.rutland@arm.com>, Kees Cook <keescook@chromium.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Kristina Martsenko <kristina.martsenko@arm.com>,
 Dave Martin <Dave.Martin@arm.com>, Mark Brown <broonie@kernel.org>,
 James Morse <james.morse@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Amit Daniel Kachhap <amit.kachhap@arm.com>,
 Vincenzo Frascino <Vincenzo.Frascino@arm.com>, Will Deacon <will@kernel.org>,
 Ard Biesheuvel <ardb@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

arm64: return address signing | expand

Message

Amit Daniel Kachhap March 13, 2020, 9:04 a.m. UTC

Hi,

This series improves function return address protection for the arm64 kernel, by
compiling the kernel with ARMv8.3 Pointer Authentication instructions (referred
ptrauth hereafter). This should help protect the kernel against attacks using
return-oriented programming.

Changes since v6 [1]:
 - Dropped patch "arm64: create macro to park cpu in an infinite loop" as this
   clean up patch is not relevant for this series.
 - Fixed backtrace when Function graph tracer is used as pointed by James.
 - Added DYNAMIC_FTRACE_WITH_REGS config dependency as pointed by James.
 - Several minor comments from Vincenzo.
 - Added Reviewed-bys from James and Vincenzo.
 - Rebased the patch series to v5.6-rc5.

Changes since v5 [2]:
 - Added a new patch(arm64: cpufeature: Move cpu capability..) to move cpucapability
   type helpers in cpufeature.c file. This makes adding new cpucapability easier.
 - Moved kernel key restore to function __cpu_setup(proc.S) as suggested by Catalin.
 - More comments for as-option Kconfig option for concerns raised by Masahiro.
 - Clarified comments for -march=armv8.3-a non-integrated assembler option.

Some additional work not implemented below will be taken up separately:
 - kdump tools may need some rework to work with ptrauth. The kdump
   tools may need the ptrauth information to strip PAC bits. This will
   be sent in a separate patch.
 - Few more ptrauth generic lkdtm tests as requested by Kees Cook.
 - Generate compile time warnings if requested Kconfig feature not 
   supported by compilers.
 - KVM host will now need just APIA key to be saved and restored. Userpace
   should also behave according to it. More details here [3].

This complete series can be found at (git://linux-arm.org/linux-ak.git PAC_mainline_v7)
for reference.

Patch 5 in this series "arm64: ptrauth: Add bootup/runtime flags for __cpu_setup" will
have minor conflict with Ionela's commit "87a1f063464afd9 (arm64: trap to EL1 accesses to
AMU counters from EL0)" in -next.

Feedback welcome!

Thanks,
Amit Daniel

[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2020-March/716268.html
[2]: http://lists.infradead.org/pipermail/linux-arm-kernel/2020-February/711699.html
[3]: http://lists.infradead.org/pipermail/linux-arm-kernel/2020-March/717847.html


Amit Daniel Kachhap (8):
  arm64: cpufeature: Fix meta-capability cpufeature check
  arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
  arm64: cpufeature: Move cpu capability helpers inside C file
  arm64: initialize ptrauth keys for kernel booting task
  arm64: mask PAC bits of __builtin_return_address
  arm64: __show_regs: strip PAC from lr in printk
  arm64: suspend: restore the kernel ptrauth keys
  lkdtm: arm64: test kernel pointer authentication

Kristina Martsenko (7):
  arm64: cpufeature: add pointer auth meta-capabilities
  arm64: rename ptrauth key structures to be user-specific
  arm64: install user ptrauth keys at kernel exit time
  arm64: cpufeature: handle conflicts based on capability
  arm64: enable ptrauth earlier
  arm64: initialize and switch ptrauth kernel keys
  arm64: compile the kernel with ptrauth return address signing

Mark Rutland (1):
  arm64: unwind: strip PAC from kernel addresses

Vincenzo Frascino (1):
  kconfig: Add support for 'as-option'

 arch/arm64/Kconfig                        | 31 ++++++++++-
 arch/arm64/Makefile                       | 11 ++++
 arch/arm64/include/asm/asm_pointer_auth.h | 65 +++++++++++++++++++++
 arch/arm64/include/asm/compiler.h         | 24 ++++++++
 arch/arm64/include/asm/cpucaps.h          |  4 +-
 arch/arm64/include/asm/cpufeature.h       | 39 +++++++------
 arch/arm64/include/asm/pointer_auth.h     | 50 ++++++++---------
 arch/arm64/include/asm/processor.h        |  3 +-
 arch/arm64/include/asm/smp.h              | 12 ++++
 arch/arm64/include/asm/stackprotector.h   |  5 ++
 arch/arm64/kernel/asm-offsets.c           | 16 ++++++
 arch/arm64/kernel/cpufeature.c            | 93 +++++++++++++++++++++++--------
 arch/arm64/kernel/entry.S                 |  6 ++
 arch/arm64/kernel/head.S                  |  2 +
 arch/arm64/kernel/pointer_auth.c          |  7 +--
 arch/arm64/kernel/process.c               |  5 +-
 arch/arm64/kernel/ptrace.c                | 16 +++---
 arch/arm64/kernel/sleep.S                 |  2 +
 arch/arm64/kernel/smp.c                   |  8 +++
 arch/arm64/kernel/stacktrace.c            |  5 +-
 arch/arm64/mm/proc.S                      | 71 +++++++++++++++++++----
 drivers/misc/lkdtm/bugs.c                 | 36 ++++++++++++
 drivers/misc/lkdtm/core.c                 |  1 +
 drivers/misc/lkdtm/lkdtm.h                |  1 +
 include/linux/stackprotector.h            |  2 +-
 scripts/Kconfig.include                   |  6 ++
 26 files changed, 422 insertions(+), 99 deletions(-)
 create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
 create mode 100644 arch/arm64/include/asm/compiler.h

Comments

Catalin Marinas March 18, 2020, 2:32 p.m. UTC | #1

On Fri, Mar 13, 2020 at 02:34:47PM +0530, Amit Daniel Kachhap wrote:
> Amit Daniel Kachhap (8):
>   arm64: cpufeature: Fix meta-capability cpufeature check
>   arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
>   arm64: cpufeature: Move cpu capability helpers inside C file
>   arm64: initialize ptrauth keys for kernel booting task
>   arm64: mask PAC bits of __builtin_return_address
>   arm64: __show_regs: strip PAC from lr in printk
>   arm64: suspend: restore the kernel ptrauth keys
>   lkdtm: arm64: test kernel pointer authentication
> 
> Kristina Martsenko (7):
>   arm64: cpufeature: add pointer auth meta-capabilities
>   arm64: rename ptrauth key structures to be user-specific
>   arm64: install user ptrauth keys at kernel exit time
>   arm64: cpufeature: handle conflicts based on capability
>   arm64: enable ptrauth earlier
>   arm64: initialize and switch ptrauth kernel keys
>   arm64: compile the kernel with ptrauth return address signing
> 
> Mark Rutland (1):
>   arm64: unwind: strip PAC from kernel addresses
> 
> Vincenzo Frascino (1):
>   kconfig: Add support for 'as-option'

Queued for 5.7. Thanks.