arm64: Add ARM64_PTR_AUTH_KERNEL config option
This patch add the ARM64_PTR_AUTH_KERNEL config and deals with the build aspect of it. Userspace support has no dependency on the toolchain therefore all toolchain checks and build flags are controlled the new config option. The default config behavior will not be changed. Signed-off-by: Daniel Kiss <daniel.kiss@arm.com> Acked-by: Will Deacon <will@kernel.org> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Link: https://lore.kernel.org/r/20210613092632.93591-2-daniel.kiss@arm.com Signed-off-by: Will Deacon <will@kernel.org>
This commit is contained in:
Daniel Kiss
Will Deacon
parent
c4681547bc
commit
b27a9f4119
|
|
@ -1481,12 +1481,6 @@ menu "ARMv8.3 architectural features"
|
|||
config ARM64_PTR_AUTH
|
||||
bool "Enable support for pointer authentication"
|
||||
default y
|
||||
depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC
|
||||
# Modern compilers insert a .note.gnu.property section note for PAC
|
||||
# which is only understood by binutils starting with version 2.33.1.
|
||||
depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100)
|
||||
depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE
|
||||
depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
|
||||
help
|
||||
Pointer authentication (part of the ARMv8.3 Extensions) provides
|
||||
instructions for signing and authenticating pointers against secret
|
||||
|
|
@ -1498,13 +1492,6 @@ config ARM64_PTR_AUTH
|
|||
for each process at exec() time, with these keys being
|
||||
context-switched along with the process.
|
||||
|
||||
If the compiler supports the -mbranch-protection or
|
||||
-msign-return-address flag (e.g. GCC 7 or later), then this option
|
||||
will also cause the kernel itself to be compiled with return address
|
||||
protection. In this case, and if the target hardware is known to
|
||||
support pointer authentication, then CONFIG_STACKPROTECTOR can be
|
||||
disabled with minimal loss of protection.
|
||||
|
||||
The feature is detected at runtime. If the feature is not present in
|
||||
hardware it will not be advertised to userspace/KVM guest nor will it
|
||||
be enabled.
|
||||
|
|
@ -1515,6 +1502,24 @@ config ARM64_PTR_AUTH
|
|||
but with the feature disabled. On such a system, this option should
|
||||
not be selected.
|
||||
|
||||
config ARM64_PTR_AUTH_KERNEL
|
||||
bool
|
||||
default y
|
||||
depends on ARM64_PTR_AUTH
|
||||
depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC
|
||||
# Modern compilers insert a .note.gnu.property section note for PAC
|
||||
# which is only understood by binutils starting with version 2.33.1.
|
||||
depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100)
|
||||
depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE
|
||||
depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
|
||||
help
|
||||
If the compiler supports the -mbranch-protection or
|
||||
-msign-return-address flag (e.g. GCC 7 or later), then this option
|
||||
will cause the kernel itself to be compiled with return address
|
||||
protection. In this case, and if the target hardware is known to
|
||||
support pointer authentication, then CONFIG_STACKPROTECTOR can be
|
||||
disabled with minimal loss of protection.
|
||||
|
||||
This feature works with FUNCTION_GRAPH_TRACER option only if
|
||||
DYNAMIC_FTRACE_WITH_REGS is enabled.
|
||||
|
||||
|
|
@ -1606,7 +1611,7 @@ config ARM64_BTI_KERNEL
|
|||
bool "Use Branch Target Identification for kernel"
|
||||
default y
|
||||
depends on ARM64_BTI
|
||||
depends on ARM64_PTR_AUTH
|
||||
depends on ARM64_PTR_AUTH_KERNEL
|
||||
depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
|
||||
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697
|
||||
depends on !CC_IS_GCC || GCC_VERSION >= 100100
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ endif
|
|||
# off, this will be overridden if we are using branch protection.
|
||||
branch-prot-flags-y += $(call cc-option,-mbranch-protection=none)
|
||||
|
||||
ifeq ($(CONFIG_ARM64_PTR_AUTH),y)
|
||||
ifeq ($(CONFIG_ARM64_PTR_AUTH_KERNEL),y)
|
||||
branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address=all
|
||||
# We enable additional protection for leaf functions as there is some
|
||||
# narrow potential for ROP protection benefits and no substantial
|
||||
|
|
|
|||
|
|
@ -46,6 +46,8 @@ int main(void)
|
|||
DEFINE(THREAD_SCTLR_USER, offsetof(struct task_struct, thread.sctlr_user));
|
||||
#ifdef CONFIG_ARM64_PTR_AUTH
|
||||
DEFINE(THREAD_KEYS_USER, offsetof(struct task_struct, thread.keys_user));
|
||||
#endif
|
||||
#ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
|
||||
DEFINE(THREAD_KEYS_KERNEL, offsetof(struct task_struct, thread.keys_kernel));
|
||||
#endif
|
||||
#ifdef CONFIG_ARM64_MTE
|
||||
|
|
|
|||
|
|
@ -463,7 +463,7 @@ void lkdtm_DOUBLE_FAULT(void)
|
|||
#ifdef CONFIG_ARM64
|
||||
static noinline void change_pac_parameters(void)
|
||||
{
|
||||
if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH)) {
|
||||
if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) {
|
||||
/* Reset the keys of current task */
|
||||
ptrauth_thread_init_kernel(current);
|
||||
ptrauth_thread_switch_kernel(current);
|
||||
|
|
@ -477,8 +477,8 @@ noinline void lkdtm_CORRUPT_PAC(void)
|
|||
#define CORRUPT_PAC_ITERATE 10
|
||||
int i;
|
||||
|
||||
if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH))
|
||||
pr_err("FAIL: kernel not built with CONFIG_ARM64_PTR_AUTH\n");
|
||||
if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL))
|
||||
pr_err("FAIL: kernel not built with CONFIG_ARM64_PTR_AUTH_KERNEL\n");
|
||||
|
||||
if (!system_supports_address_auth()) {
|
||||
pr_err("FAIL: CPU lacks pointer authentication feature\n");
|
||||
|
|
|
|||
Loading…
Reference in New Issue