* [PATCH 5.6] arm64: Always force a branch protection mode when the compiler has one
@ 2020-04-16 11:24 ` Mark Brown
0 siblings, 0 replies; 4+ messages in thread
From: Mark Brown @ 2020-04-16 11:24 UTC (permalink / raw)
To: stable, gregkh
Cc: linux-arm-kernel, Mark Brown, Szabolcs Nagy, Catalin Marinas
Compilers with branch protection support can be configured to enable it by
default, it is likely that distributions will do this as part of deploying
branch protection system wide. As well as the slight overhead from having
some extra NOPs for unused branch protection features this can cause more
serious problems when the kernel is providing pointer authentication to
userspace but not built for pointer authentication itself. In that case our
switching of keys for userspace can affect the kernel unexpectedly, causing
pointer authentication instructions in the kernel to corrupt addresses.
To ensure that we get consistent and reliable behaviour always explicitly
initialise the branch protection mode, ensuring that the kernel is built
the same way regardless of the compiler defaults.
[This is a reworked version of b8fdef311a0bd9223f1075 ("arm64: Always
force a branch protection mode when the compiler has one") for backport.
Kernels prior to 74afda4016a7 ("arm64: compile the kernel with ptrauth
return address signing") don't have any Makefile machinery for forcing
on pointer auth but still have issues if the compiler defaults it on so
need this reworked version. -- broonie]
Fixes: 7503197562567 (arm64: add basic pointer authentication support)
Reported-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
[catalin.marinas@arm.com: remove Kconfig option in favour of Makefile check]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
---
arch/arm64/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index dca1a97751ab..4e6ce2d9196e 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -65,6 +65,10 @@ stack_protector_prepare: prepare0
include/generated/asm-offsets.h))
endif
+# Ensure that if the compiler supports branch protection we default it
+# off.
+KBUILD_CFLAGS += $(call cc-option,-mbranch-protection=none)
+
ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
KBUILD_CPPFLAGS += -mbig-endian
CHECKFLAGS += -D__AARCH64EB__
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 5.6] arm64: Always force a branch protection mode when the compiler has one
@ 2020-04-16 11:24 ` Mark Brown
0 siblings, 0 replies; 4+ messages in thread
From: Mark Brown @ 2020-04-16 11:24 UTC (permalink / raw)
To: stable, gregkh
Cc: Szabolcs Nagy, Catalin Marinas, Mark Brown, linux-arm-kernel
Compilers with branch protection support can be configured to enable it by
default, it is likely that distributions will do this as part of deploying
branch protection system wide. As well as the slight overhead from having
some extra NOPs for unused branch protection features this can cause more
serious problems when the kernel is providing pointer authentication to
userspace but not built for pointer authentication itself. In that case our
switching of keys for userspace can affect the kernel unexpectedly, causing
pointer authentication instructions in the kernel to corrupt addresses.
To ensure that we get consistent and reliable behaviour always explicitly
initialise the branch protection mode, ensuring that the kernel is built
the same way regardless of the compiler defaults.
[This is a reworked version of b8fdef311a0bd9223f1075 ("arm64: Always
force a branch protection mode when the compiler has one") for backport.
Kernels prior to 74afda4016a7 ("arm64: compile the kernel with ptrauth
return address signing") don't have any Makefile machinery for forcing
on pointer auth but still have issues if the compiler defaults it on so
need this reworked version. -- broonie]
Fixes: 7503197562567 (arm64: add basic pointer authentication support)
Reported-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
[catalin.marinas@arm.com: remove Kconfig option in favour of Makefile check]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
---
arch/arm64/Makefile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index dca1a97751ab..4e6ce2d9196e 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -65,6 +65,10 @@ stack_protector_prepare: prepare0
include/generated/asm-offsets.h))
endif
+# Ensure that if the compiler supports branch protection we default it
+# off.
+KBUILD_CFLAGS += $(call cc-option,-mbranch-protection=none)
+
ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)
KBUILD_CPPFLAGS += -mbig-endian
CHECKFLAGS += -D__AARCH64EB__
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 5.6] arm64: Always force a branch protection mode when the compiler has one
2020-04-16 11:24 ` Mark Brown
@ 2020-04-16 11:39 ` Greg KH
-1 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2020-04-16 11:39 UTC (permalink / raw)
To: Mark Brown; +Cc: stable, linux-arm-kernel, Szabolcs Nagy, Catalin Marinas
On Thu, Apr 16, 2020 at 12:24:30PM +0100, Mark Brown wrote:
> Compilers with branch protection support can be configured to enable it by
> default, it is likely that distributions will do this as part of deploying
> branch protection system wide. As well as the slight overhead from having
> some extra NOPs for unused branch protection features this can cause more
> serious problems when the kernel is providing pointer authentication to
> userspace but not built for pointer authentication itself. In that case our
> switching of keys for userspace can affect the kernel unexpectedly, causing
> pointer authentication instructions in the kernel to corrupt addresses.
>
> To ensure that we get consistent and reliable behaviour always explicitly
> initialise the branch protection mode, ensuring that the kernel is built
> the same way regardless of the compiler defaults.
>
> [This is a reworked version of b8fdef311a0bd9223f1075 ("arm64: Always
> force a branch protection mode when the compiler has one") for backport.
> Kernels prior to 74afda4016a7 ("arm64: compile the kernel with ptrauth
> return address signing") don't have any Makefile machinery for forcing
> on pointer auth but still have issues if the compiler defaults it on so
> need this reworked version. -- broonie]
>
> Fixes: 7503197562567 (arm64: add basic pointer authentication support)
> Reported-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
> Signed-off-by: Mark Brown <broonie@kernel.org>
> Cc: stable@vger.kernel.org
> [catalin.marinas@arm.com: remove Kconfig option in favour of Makefile check]
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> ---
> arch/arm64/Makefile | 4 ++++
> 1 file changed, 4 insertions(+)
Now queued up, thanks!
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 5.6] arm64: Always force a branch protection mode when the compiler has one
@ 2020-04-16 11:39 ` Greg KH
0 siblings, 0 replies; 4+ messages in thread
From: Greg KH @ 2020-04-16 11:39 UTC (permalink / raw)
To: Mark Brown; +Cc: Szabolcs Nagy, Catalin Marinas, linux-arm-kernel, stable
On Thu, Apr 16, 2020 at 12:24:30PM +0100, Mark Brown wrote:
> Compilers with branch protection support can be configured to enable it by
> default, it is likely that distributions will do this as part of deploying
> branch protection system wide. As well as the slight overhead from having
> some extra NOPs for unused branch protection features this can cause more
> serious problems when the kernel is providing pointer authentication to
> userspace but not built for pointer authentication itself. In that case our
> switching of keys for userspace can affect the kernel unexpectedly, causing
> pointer authentication instructions in the kernel to corrupt addresses.
>
> To ensure that we get consistent and reliable behaviour always explicitly
> initialise the branch protection mode, ensuring that the kernel is built
> the same way regardless of the compiler defaults.
>
> [This is a reworked version of b8fdef311a0bd9223f1075 ("arm64: Always
> force a branch protection mode when the compiler has one") for backport.
> Kernels prior to 74afda4016a7 ("arm64: compile the kernel with ptrauth
> return address signing") don't have any Makefile machinery for forcing
> on pointer auth but still have issues if the compiler defaults it on so
> need this reworked version. -- broonie]
>
> Fixes: 7503197562567 (arm64: add basic pointer authentication support)
> Reported-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
> Signed-off-by: Mark Brown <broonie@kernel.org>
> Cc: stable@vger.kernel.org
> [catalin.marinas@arm.com: remove Kconfig option in favour of Makefile check]
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> ---
> arch/arm64/Makefile | 4 ++++
> 1 file changed, 4 insertions(+)
Now queued up, thanks!
greg k-h
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-16 11:40 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-16 11:24 [PATCH 5.6] arm64: Always force a branch protection mode when the compiler has one Mark Brown
2020-04-16 11:24 ` Mark Brown
2020-04-16 11:39 ` Greg KH
2020-04-16 11:39 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.