From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Andrew Jones" <drjones@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Florian Weimer" <fweimer@redhat.com>,
"Sudakshina Das" <sudi.das@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
"Dave Martin" <Dave.Martin@arm.com>
Subject: Re: [PATCH v9 13/13] arm64: BTI: Add Kconfig entry for userspace BTI
Date: Thu, 12 Mar 2020 17:01:47 -0700 [thread overview]
Message-ID: <202003121700.9260E027@keescook> (raw)
In-Reply-To: <20200311192608.40095-14-broonie@kernel.org>
On Wed, Mar 11, 2020 at 07:26:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> Now that the code for userspace BTI support is in the kernel add the
> Kconfig entry so that it can be built and used.
>
> [Split out of "arm64: Basic Branch Target Identification support" --
> broonie]
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 8a15bc68dadd..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1522,6 +1522,28 @@ endmenu
>
> menu "ARMv8.5 architectural features"
>
> +config ARM64_BTI
> + bool "Branch Target Identification support"
> + default y
> + help
> + Branch Target Identification (part of the ARMv8.5 Extensions)
> + provides a mechanism to limit the set of locations to which computed
> + branch instructions such as BR or BLR can jump.
> +
> + To make use of BTI on CPUs that support it, say Y.
> +
> + BTI is intended to provide complementary protection to other control
> + flow integrity protection mechanisms, such as the Pointer
> + authentication mechanism provided as part of the ARMv8.3 Extensions.
> + For this reason, it does not make sense to enable this option without
> + also enabling support for pointer authentication. Thus, when
> + enabling this option you should also select ARM64_PTR_AUTH=y.
> +
> + Userspace binaries must also be specifically compiled to make use of
> + this mechanism. If you say N here or the hardware does not support
> + BTI, such binaries can still run, but you get no additional
> + enforcement of branch destinations.
> +
> config ARM64_E0PD
> bool "Enable support for E0PD"
> default y
> --
> 2.20.1
>
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Catalin Marinas" <catalin.marinas@arm.com>,
"Will Deacon" <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Andrew Jones" <drjones@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Florian Weimer" <fweimer@redhat.com>
Subject: Re: [PATCH v9 13/13] arm64: BTI: Add Kconfig entry for userspace BTI
Date: Thu, 12 Mar 2020 17:01:47 -0700 [thread overview]
Message-ID: <202003121700.9260E027@keescook> (raw)
In-Reply-To: <20200311192608.40095-14-broonie@kernel.org>
On Wed, Mar 11, 2020 at 07:26:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> Now that the code for userspace BTI support is in the kernel add the
> Kconfig entry so that it can be built and used.
>
> [Split out of "arm64: Basic Branch Target Identification support" --
> broonie]
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 8a15bc68dadd..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1522,6 +1522,28 @@ endmenu
>
> menu "ARMv8.5 architectural features"
>
> +config ARM64_BTI
> + bool "Branch Target Identification support"
> + default y
> + help
> + Branch Target Identification (part of the ARMv8.5 Extensions)
> + provides a mechanism to limit the set of locations to which computed
> + branch instructions such as BR or BLR can jump.
> +
> + To make use of BTI on CPUs that support it, say Y.
> +
> + BTI is intended to provide complementary protection to other control
> + flow integrity protection mechanisms, such as the Pointer
> + authentication mechanism provided as part of the ARMv8.3 Extensions.
> + For this reason, it does not make sense to enable this option without
> + also enabling support for pointer authentication. Thus, when
> + enabling this option you should also select ARM64_PTR_AUTH=y.
> +
> + Userspace binaries must also be specifically compiled to make use of
> + this mechanism. If you say N here or the hardware does not support
> + BTI, such binaries can still run, but you get no additional
> + enforcement of branch destinations.
> +
> config ARM64_E0PD
> bool "Enable support for E0PD"
> default y
> --
> 2.20.1
>
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Mark Brown <broonie@kernel.org>
Cc: "Paul Elliott" <paul.elliott@arm.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Andrew Jones" <drjones@redhat.com>,
"Amit Kachhap" <amit.kachhap@arm.com>,
"Vincenzo Frascino" <vincenzo.frascino@arm.com>,
"Will Deacon" <will@kernel.org>,
linux-arch@vger.kernel.org, "Marc Zyngier" <maz@kernel.org>,
"Eugene Syromiatnikov" <esyr@redhat.com>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"Dave Martin" <Dave.Martin@arm.com>,
"H . J . Lu " <hjl.tools@gmail.com>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Arnd Bergmann" <arnd@arndb.de>, "Jann Horn" <jannh@google.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Thomas Gleixner" <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
"Florian Weimer" <fweimer@redhat.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
"Sudakshina Das" <sudi.das@arm.com>
Subject: Re: [PATCH v9 13/13] arm64: BTI: Add Kconfig entry for userspace BTI
Date: Thu, 12 Mar 2020 17:01:47 -0700 [thread overview]
Message-ID: <202003121700.9260E027@keescook> (raw)
In-Reply-To: <20200311192608.40095-14-broonie@kernel.org>
On Wed, Mar 11, 2020 at 07:26:08PM +0000, Mark Brown wrote:
> From: Dave Martin <Dave.Martin@arm.com>
>
> Now that the code for userspace BTI support is in the kernel add the
> Kconfig entry so that it can be built and used.
>
> [Split out of "arm64: Basic Branch Target Identification support" --
> broonie]
>
> Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/Kconfig | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 8a15bc68dadd..d65d226a77ec 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1522,6 +1522,28 @@ endmenu
>
> menu "ARMv8.5 architectural features"
>
> +config ARM64_BTI
> + bool "Branch Target Identification support"
> + default y
> + help
> + Branch Target Identification (part of the ARMv8.5 Extensions)
> + provides a mechanism to limit the set of locations to which computed
> + branch instructions such as BR or BLR can jump.
> +
> + To make use of BTI on CPUs that support it, say Y.
> +
> + BTI is intended to provide complementary protection to other control
> + flow integrity protection mechanisms, such as the Pointer
> + authentication mechanism provided as part of the ARMv8.3 Extensions.
> + For this reason, it does not make sense to enable this option without
> + also enabling support for pointer authentication. Thus, when
> + enabling this option you should also select ARM64_PTR_AUTH=y.
> +
> + Userspace binaries must also be specifically compiled to make use of
> + this mechanism. If you say N here or the hardware does not support
> + BTI, such binaries can still run, but you get no additional
> + enforcement of branch destinations.
> +
> config ARM64_E0PD
> bool "Enable support for E0PD"
> default y
> --
> 2.20.1
>
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-03-13 0:01 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-11 19:25 [PATCH v9 00/13] arm64: Branch Target Identification support Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` [PATCH v9 01/13] ELF: UAPI and Kconfig additions for ELF program properties Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` [PATCH v9 02/13] ELF: Add ELF program property parsing support Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-12 23:59 ` Kees Cook
2020-03-12 23:59 ` Kees Cook
2020-03-12 23:59 ` Kees Cook
2020-03-13 11:55 ` Mark Brown
2020-03-13 11:55 ` Mark Brown
2020-03-13 11:55 ` Mark Brown
2020-03-11 19:25 ` [PATCH v9 03/13] arm64: Basic Branch Target Identification support Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` [PATCH v9 04/13] elf: Allow arch to tweak initial mmap prot flags Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:25 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 05/13] arm64: elf: Enable BTI at exec based on ELF program properties Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 06/13] arm64: BTI: Decode BYTPE bits when printing PSTATE Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 07/13] arm64: unify native/compat instruction skipping Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 08/13] arm64: traps: Shuffle code to eliminate forward declarations Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-14 11:18 ` Catalin Marinas
2020-03-14 11:18 ` Catalin Marinas
2020-03-14 11:18 ` Catalin Marinas
2020-03-11 19:26 ` [PATCH v9 09/13] arm64: BTI: Reset BTYPE when skipping emulated instructions Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 10/13] KVM: " Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 11/13] arm64: mm: Display guarded pages in ptdump Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` [PATCH v9 12/13] mm: smaps: Report arm64 guarded pages in smaps Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-13 0:00 ` Kees Cook
2020-03-13 0:00 ` Kees Cook
2020-03-13 0:00 ` Kees Cook
2020-03-11 19:26 ` [PATCH v9 13/13] arm64: BTI: Add Kconfig entry for userspace BTI Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-11 19:26 ` Mark Brown
2020-03-13 0:01 ` Kees Cook [this message]
2020-03-13 0:01 ` Kees Cook
2020-03-13 0:01 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003121700.9260E027@keescook \
--to=keescook@chromium.org \
--cc=Dave.Martin@arm.com \
--cc=amit.kachhap@arm.com \
--cc=arnd@arndb.de \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=drjones@redhat.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=jannh@google.com \
--cc=kristina.martsenko@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=paul.elliott@arm.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=sudi.das@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.