All of lore.kernel.org
 help / color / mirror / Atom feed
From: Amit Daniel Kachhap <amit.kachhap@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
	Kees Cook <keescook@chromium.org>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Will Deacon <will.deacon@arm.com>,
	Kristina Martsenko <kristina.martsenko@arm.com>,
	James Morse <james.morse@arm.com>,
	Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
	Amit Daniel Kachhap <amit.kachhap@arm.com>,
	Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
	Dave Martin <Dave.Martin@arm.com>
Subject: [PATCH 00/11] arm64: return address signing
Date: Thu, 17 Oct 2019 13:44:14 +0530	[thread overview]
Message-ID: <1571300065-10236-1-git-send-email-amit.kachhap@arm.com> (raw)

Hi,

This series improves function return address protection for the arm64 kernel, by
compiling the kernel with ARMv8.3 Pointer Authentication instructions (ptrauth
referred hereafter). This should help protect the kernel against attacks using
return-oriented programming.

Patch 9 and 10 are newly added and hence sent as RFC.

This series is based on v5.4-rc2.

High-level changes since RFC v2 [1] (detailed changes are listed in patches):
 - Moved enabling, key setup and context switch to assembly, to avoid using
   the pointer auth compiler attribute which Clang does not support (thanks
   Suzuki for the initial code!).
 - Added code to restore keys after cpu resume.
 - __builtin_return_address will now mask pac bits.
 - Changed gcc compiler options to add ptrauth instructions in all functions
   and not just non-leaf functions. This may be revisited later due to 
   performance concerns.
 - Rebased onto v5.4-rc2.
 - Added Reviewed-by's.

This series do not implement few things or have known limitations:
 - ftrace function tracer does not work with this series. But after using
   the posted series [2] based on -fpatchable-function-entry, it works fine.
 - kprobes/uprobes and other tracing may need some rework with ptrauth.
 - kdump, other debug may need some rework with ptrauth.
 - Generate some randomness for ptrauth keys during kernel early booting.

Feedback welcome!

Thanks,
Amit Daniel

[1] https://lore.kernel.org/linux-arm-kernel/20190529190332.29753-1-kristina.martsenko@arm.com/
[2] https://patchwork.kernel.org/patch/10803279/

Amit Daniel Kachhap (3):
  arm64: create macro to park cpu in infinite loop
  arm64: suspend: restore the kernel ptrauth keys
  arm64: mask PAC bits of __builtin_return_address

Kristina Martsenko (8):
  arm64: cpufeature: add pointer auth meta-capabilities
  arm64: install user ptrauth keys at kernel exit time
  arm64: cpufeature: handle conflicts based on capability
  arm64: enable ptrauth earlier
  arm64: rename ptrauth key structures to be user-specific
  arm64: initialize and switch ptrauth kernel keys
  arm64: unwind: strip PAC from kernel addresses
  arm64: compile the kernel with ptrauth return address signing

 arch/arm64/Kconfig                        | 21 ++++++++-
 arch/arm64/Makefile                       |  6 +++
 arch/arm64/include/asm/asm_pointer_auth.h | 59 +++++++++++++++++++++++
 arch/arm64/include/asm/compiler.h         | 15 ++++++
 arch/arm64/include/asm/cpucaps.h          |  4 +-
 arch/arm64/include/asm/cpufeature.h       | 33 ++++++++++---
 arch/arm64/include/asm/pointer_auth.h     | 50 ++++++++------------
 arch/arm64/include/asm/processor.h        |  3 +-
 arch/arm64/include/asm/smp.h              |  3 ++
 arch/arm64/kernel/asm-offsets.c           | 15 ++++++
 arch/arm64/kernel/cpufeature.c            | 53 ++++++++++++---------
 arch/arm64/kernel/entry.S                 |  6 +++
 arch/arm64/kernel/head.S                  | 78 +++++++++++++++++++++++++++----
 arch/arm64/kernel/pointer_auth.c          |  7 +--
 arch/arm64/kernel/process.c               |  3 +-
 arch/arm64/kernel/ptrace.c                | 16 +++----
 arch/arm64/kernel/sleep.S                 |  6 +++
 arch/arm64/kernel/smp.c                   |  8 ++++
 arch/arm64/kernel/stacktrace.c            |  3 ++
 19 files changed, 306 insertions(+), 83 deletions(-)
 create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
 create mode 100644 arch/arm64/include/asm/compiler.h

-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

             reply	other threads:[~2019-10-17  8:15 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-17  8:14 Amit Daniel Kachhap [this message]
2019-10-17  8:14 ` [PATCH 01/11] arm64: cpufeature: add pointer auth meta-capabilities Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 02/11] arm64: install user ptrauth keys at kernel exit time Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 03/11] arm64: cpufeature: handle conflicts based on capability Amit Daniel Kachhap
2019-10-17 14:06   ` Suzuki K Poulose
2019-10-18  9:59     ` Amit Kachhap
2019-10-17  8:14 ` [PATCH 04/11] arm64: create macro to park cpu in an infinite loop Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 05/11] arm64: enable ptrauth earlier Amit Daniel Kachhap
2019-10-17 14:13   ` Suzuki K Poulose
2019-10-18 10:07     ` Amit Kachhap
2019-10-23 17:32   ` James Morse
2019-10-30  4:01     ` Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 06/11] arm64: rename ptrauth key structures to be user-specific Amit Daniel Kachhap
2019-10-29 23:27   ` Kees Cook
2019-10-17  8:14 ` [PATCH 07/11] arm64: initialize and switch ptrauth kernel keys Amit Daniel Kachhap
2019-10-23 17:35   ` James Morse
2019-10-30  4:02     ` Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 08/11] arm64: unwind: strip PAC from kernel addresses Amit Daniel Kachhap
2019-10-23 17:36   ` James Morse
2019-10-30  4:02     ` Amit Daniel Kachhap
2019-10-17  8:14 ` [RFC PATCH 09/11] arm64: suspend: restore the kernel ptrauth keys Amit Daniel Kachhap
2019-10-17  8:14 ` [RFC PATCH 10/11] arm64: mask PAC bits of __builtin_return_address Amit Daniel Kachhap
2019-10-17  8:14 ` [PATCH 11/11] arm64: compile the kernel with ptrauth return address signing Amit Daniel Kachhap
2019-10-23 17:31 ` [PATCH 00/11] arm64: " James Morse
2019-10-30  3:59   ` Amit Daniel Kachhap

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1571300065-10236-1-git-send-email-amit.kachhap@arm.com \
    --to=amit.kachhap@arm.com \
    --cc=Dave.Martin@arm.com \
    --cc=Vincenzo.Frascino@arm.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=catalin.marinas@arm.com \
    --cc=james.morse@arm.com \
    --cc=keescook@chromium.org \
    --cc=kristina.martsenko@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=mark.rutland@arm.com \
    --cc=ramana.radhakrishnan@arm.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.