From patchwork Fri Oct 11 15:06:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 11185695 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 995AD1709 for ; Fri, 11 Oct 2019 15:07:25 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 733A7222D4 for ; Fri, 11 Oct 2019 15:07:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="JozRlluG" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 733A7222D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Ri05sWu96J5AUytx7bhfns/sJwWxjEy+WtXlFlFfLWc=; b=JozRlluGT2ejrGU8TvPuXCFpU4 /0moF8jtpiV+vaNqipIDEI4Sny99q2+beCq9xSejef+qTJJ02UkEqQOvt4ENzENhzgL9r47moH1dJ 0VtYuHSaBiDFDyhX9SLQjRJ38tGV5sioxcx8T9hw8neqlv5nUCUfL7TppLiufy6Hsx0zG/n+sEYZ5 vn3eP1NJS9tmTWZtPWSL5263gsnlnMQKDWvc5LM3EQw4MeKh7fpWog7g0Axrfkh9zA0ZUQ1qghpzQ DwCrbiNkMJGW/2rnGSSzpG/e/GJnYJedLqHbbgN3rJxf4hGgnnZ2iaSpWwJsiOem6JP+9rFPzIi7A cC5+v2og==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iIwVm-0000sR-PK; Fri, 11 Oct 2019 15:07:22 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iIwVk-0000rq-2C for linux-arm-kernel@lists.infradead.org; Fri, 11 Oct 2019 15:07:21 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A77B8142F; Fri, 11 Oct 2019 08:07:19 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A59083F68E; Fri, 11 Oct 2019 08:07:16 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Subject: [FIXUP 1/2] squash! arm64: Basic Branch Target Identification support Date: Fri, 11 Oct 2019 16:06:28 +0100 Message-Id: <1570806389-16014-2-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570806389-16014-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-6-git-send-email-Dave.Martin@arm.com> <1570806389-16014-1-git-send-email-Dave.Martin@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191011_080720_145658_4E63085D X-CRM114-Status: GOOD ( 10.60 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paul Elliott , Peter Zijlstra , Catalin Marinas , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Will Deacon , linux-arch@vger.kernel.org, Marc Zyngier , Suzuki Poulose , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart?= =?utf-8?q?=C5=A1enko?= , Mark Brown , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Florian Weimer , Sudakshina Das MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Signed-off-by: Dave Martin --- Changes since v2: * Fix Kconfig typo that claimed that Pointer authentication is part of ARMv8.2. It's v8.3. --- arch/arm64/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 563dec5..6e26b72 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1425,7 +1425,7 @@ config ARM64_BTI This is intended to provide complementary protection to other control flow integrity protection mechanisms, such as the Pointer - authentication mechanism provided as part of the ARMv8.2 Extensions. + authentication mechanism provided as part of the ARMv8.3 Extensions. To make use of BTI on CPUs that support it, say Y. From patchwork Fri Oct 11 15:06:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 11185697 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 558A2912 for ; Fri, 11 Oct 2019 15:07:48 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 25D18206CD for ; Fri, 11 Oct 2019 15:07:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ExFVO75b" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 25D18206CD Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=wAwr1eC3oQaTUN/KQbFqUs6PzAMqiIbJcW9jDGVDqik=; b=ExFVO75bzYyHAy+vONfPQ+DeMH ANalNbt5ru4B/OxJrWJvY9C/X4ba9aKKL/LH5uhHn0tOsSPCn26MH6nWZn1O4DyrfyChupidZb58q DWPECso/wXMBvXlFcYKFvTZ+YlZf4jnHumpfrwdI4NZqJaHy/a8H+yEpdVpgluu+8Ewk0igvA3cKR kukRv5q7LNc1MiOTV7L3WM4DtL1rpRFXHwGaO5rxjY6uQY1srPp/82AMlQhj2ND/Upx7joZXbRKz+ 3mPYvO9xKSl/ikE5N3BHxnqTO/v9+kZGSCFAySI9M06/StG/EhK3t53xHAf+laFOhMpz4NHVFEOWd sQVbAAdQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iIwW2-00017E-Nm; Fri, 11 Oct 2019 15:07:38 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iIwVn-0000sk-7J for linux-arm-kernel@lists.infradead.org; Fri, 11 Oct 2019 15:07:25 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D54291570; Fri, 11 Oct 2019 08:07:22 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id EDF4D3F68E; Fri, 11 Oct 2019 08:07:19 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Subject: [FIXUP 2/2] squash! arm64: Basic Branch Target Identification support Date: Fri, 11 Oct 2019 16:06:29 +0100 Message-Id: <1570806389-16014-3-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570806389-16014-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-6-git-send-email-Dave.Martin@arm.com> <1570806389-16014-1-git-send-email-Dave.Martin@arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191011_080723_365505_D903575D X-CRM114-Status: GOOD ( 13.38 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paul Elliott , Peter Zijlstra , Catalin Marinas , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Will Deacon , linux-arch@vger.kernel.org, Marc Zyngier , Suzuki Poulose , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart?= =?utf-8?q?=C5=A1enko?= , Mark Brown , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Florian Weimer , Sudakshina Das MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org [Add Kconfig dependency on CONFIG_ARM64_PTR_AUTH] Signed-off-by: Dave Martin --- This one could use some discussion. Two conforming hardware implementations containing BTI could nonetheless have incompatible Pointer auth implementations, meaning that we expose BTI to userspace but not Pointer auth. That's stupid hardware design, but the architecture doesn't forbid it today. We _could_ detect this and hide BTI from userspace too, but if a big.LITTLE system contains Pointer auth implementations with mismatched IMP DEF algorithms, we lose -- we have no direct way to detect that. Since BTI still provides some limited value without Pointer auth, disabling it unnecessarily might be regarded as too heavy-handed. Changes since v2: * Depend on CONFIG_ARM64_PTR_AUTH=y. During test hacking, I observed that there are situations where userspace should be entitled to assume that Pointer auth is present if BTI is present. Although the kernel BTI support doesn't require any aspect of Pointer authentication, there are architectural dependencies: * ARMv8.5 requires BTI to be implemented. [1] * BTI requires ARMv8.4-A to be implemented. [1], [2] * ARMv8.4 requires ARMv8.3 to be implemented. [3] * ARMv8.3 requires Pointer authentication to be implemented. [4] i.e., an implementation that supports BTI but not Pointer auth is broken. BTI is also designed to be complementary to Pointer authentication: without Pointer auth, BTI would offer no protection for function returns, seriously undermining the value of the feature. See ARM ARM for ARMv8-A (ARM DDI 0487E.a) Sections: [1] A2.8.1, "Architectural features added by ARMv8.5" [2] A2.2.1, "Permitted implementation of subsets of ARMv8.x and ARMv8.(x+1) architectural features" [3] A2.6.1, "Architectural features added by Armv8.3" [4] A2.6, "The Armv8.3 architecture extension" --- arch/arm64/Kconfig | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 6e26b72..a64d91d 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1418,16 +1418,21 @@ menu "ARMv8.5 architectural features" config ARM64_BTI bool "Branch Target Identification support" default y + depends on ARM64_PTR_AUTH help Branch Target Identification (part of the ARMv8.5 Extensions) provides a mechanism to limit the set of locations to which computed branch instructions such as BR or BLR can jump. - This is intended to provide complementary protection to other control + To make use of BTI on CPUs that support it, say Y. + + BTI is intended to provide complementary protection to other control flow integrity protection mechanisms, such as the Pointer authentication mechanism provided as part of the ARMv8.3 Extensions. + For this reason, it does not make sense to enable this option without + also enabling support for Pointer authentication. - To make use of BTI on CPUs that support it, say Y. + Thus, to enable this option you also need to select ARM64_PTR_AUTH=y. Userspace binaries must also be specifically compiled to make use of this mechanism. If you say N here or the hardware does not support