From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D8ACC2BA19 for ; Tue, 14 Apr 2020 11:09:36 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6CEDA2072D for ; Tue, 14 Apr 2020 11:09:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="sQ0oJIkT" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6CEDA2072D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=H/yRX33ptO9PqZl5RV6qICRX3B/Mue8+b01yj9VSd9M=; b=sQ0oJIkTpLoUEl FC0d+oa4EkwV4MocVzfGIP7MeaPYMlWhNDuqgUv+dFiC0n+b3fldBkffqaIPpD/6AfZYeDLZ8v7uA GrCtetQFYan9dl4Hs8sNqdrLgF7DeRCsR6gnfO2L00hioLLWY/lNDtgHDxodFvPIxoCIAVWYdJ4wf UUJLTYXxm0OcYglupEX4AxYuGIgL6Y8wevKoEWSTzz3uLCXA73MVYlqlq5mXBQKQSuaAqHq7zykXl s0SyoSi3g99Jh7JWCJKAQjTRZhrYFHgKw8X4+2bEFBpgLR15H1NarfNCVogBfgiyRjk/t5WAC8uz9 EUrBEM/7D4mmNgsvIz8Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOJRa-00026g-Rm; Tue, 14 Apr 2020 11:09:30 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jOJRY-00026J-8n for linux-arm-kernel@lists.infradead.org; Tue, 14 Apr 2020 11:09:29 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CBB741FB; Tue, 14 Apr 2020 04:09:26 -0700 (PDT) Received: from C02TD0UTHF1T.local (unknown [10.57.30.4]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id EF5113F6C4; Tue, 14 Apr 2020 04:09:24 -0700 (PDT) Date: Tue, 14 Apr 2020 12:09:22 +0100 From: Mark Rutland To: Will Deacon Subject: Re: [PATCH] arm64: Optimize ptrauth by enabling it for non-leaf functions Message-ID: <20200414110922.GC2486@C02TD0UTHF1T.local> References: <1586856741-26839-1-git-send-email-amit.kachhap@arm.com> <20200414100033.GA26395@willie-the-truck> <20200414101649.GC1278@C02TD0UTHF1T.local> <20200414110056.GB26395@willie-the-truck> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200414110056.GB26395@willie-the-truck> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200414_040928_352701_380A5734 X-CRM114-Status: GOOD ( 17.25 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , Mark Brown , James Morse , Amit Daniel Kachhap , Vincenzo Frascino , linux-arm-kernel@lists.infradead.org, Daniel Kiss Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Apr 14, 2020 at 12:00:56PM +0100, Will Deacon wrote: > On Tue, Apr 14, 2020 at 11:16:49AM +0100, Mark Rutland wrote: > > On Tue, Apr 14, 2020 at 11:00:33AM +0100, Will Deacon wrote: > > > On Tue, Apr 14, 2020 at 03:02:21PM +0530, Amit Daniel Kachhap wrote: > > > > Compilers are optimized to not store the stack frame record for the leaf > > > > function in the stack so applying pointer authentication in the leaf > > > > function is not useful from security point of view. > > > > > > I'm missing the reasoning here -- why don't we care about leaf functions? > > > > > > Sounds like there's a performance/security trade-off that needs spelling > > > out and justifying with some numbers, or is it clear-cut and I'm missing > > > something? > > > > I believe this is because leaf functions don't store the LR to the stack > > (as they don't create a frame record), so it cannot be modified by a > > stray memory write. > > That makes some sense, but doesn't it also mean you can jump into the middle > of a leaf function and it will happily return to whatever sits in LR? If you can do that, you've already subverted control flow, and can probably do the same for a regular function, since for: | AUTIASP | RET ... you can just jump to the RET instead. I agree that with RETAA/RETAB this would be different. > Perhaps it would make sense to relax to the 'non-leaf' version only if > stack protector is enabled? I'm not sure I follow the rationale for that? What does stack protector help with for leaf functions? Thanks, Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel