All of lore.kernel.org
 help / color / mirror / Atom feed
From: Will Deacon <will@kernel.org>
To: Daniel Kiss <daniel.kiss@arm.com>
Cc: Catalin.Marinas@arm.com, pcc@google.com, Ard.Biesheuvel@arm.com,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/2] arm64: Add ARM64_PTR_AUTH_KERNEL config option
Date: Tue, 26 Jan 2021 13:27:43 +0000	[thread overview]
Message-ID: <20210126132743.GF29702@willie-the-truck> (raw)
In-Reply-To: <20201218115632.59067-2-daniel.kiss@arm.com>

On Fri, Dec 18, 2020 at 12:56:31PM +0100, Daniel Kiss wrote:
> This new option makes possible to build the kernel with pointer
> authentication support for the user space while the kernel is not built
> with the pointer authentication. There is a similar config structure for BTI.
> 
> The default configuration will be the same after this patch.

Please read the "Describe your changes" section of
Documentation/process/submitting-patches.rst for some guidance on writing
commit messages.

> Signed-off-by: Daniel Kiss <daniel.kiss@arm.com>
> ---
>  arch/arm64/Kconfig        | 26 +++++++++++++++++---------
>  arch/arm64/Makefile       |  2 +-
>  drivers/misc/lkdtm/bugs.c |  6 +++---
>  3 files changed, 21 insertions(+), 13 deletions(-)
> 
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 75aefc9990ea..b8af3297425a 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1501,7 +1501,6 @@ config ARM64_PTR_AUTH
>  	# which is only understood by binutils starting with version 2.33.1.
>  	depends on LD_IS_LLD || LD_VERSION >= 233010000 || (CC_IS_GCC && GCC_VERSION < 90100)
>  	depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE

Why do we need to keep all the toolchain checks here if this option doesn't
enable PAC in the kernel?

> -	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
>  	help
>  	  Pointer authentication (part of the ARMv8.3 Extensions) provides
>  	  instructions for signing and authenticating pointers against secret
> @@ -1513,13 +1512,6 @@ config ARM64_PTR_AUTH
>  	  for each process at exec() time, with these keys being
>  	  context-switched along with the process.
>  
> -	  If the compiler supports the -mbranch-protection or
> -	  -msign-return-address flag (e.g. GCC 7 or later), then this option
> -	  will also cause the kernel itself to be compiled with return address
> -	  protection. In this case, and if the target hardware is known to
> -	  support pointer authentication, then CONFIG_STACKPROTECTOR can be
> -	  disabled with minimal loss of protection.
> -
>  	  The feature is detected at runtime. If the feature is not present in
>  	  hardware it will not be advertised to userspace/KVM guest nor will it
>  	  be enabled.
> @@ -1530,6 +1522,22 @@ config ARM64_PTR_AUTH
>  	  but with the feature disabled. On such a system, this option should
>  	  not be selected.
>  
> +config ARM64_PTR_AUTH_KERNEL
> +	bool "Enable support for pointer authentication for kernel"

Maybe "Use pointer authentication for kernel" for parity with the BTI
description.

> +	default y
> +	depends on ARM64_PTR_AUTH
> +	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
> +	help
> +	  Build the kernel with return address protection by
> +	  pointer authentication.

I don't think these two lines add anything ^^

Will

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2021-01-26 13:29 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-07 22:46 arm64: split ARM64_PTR_AUTH option to userspace and kernel configs Daniel Kiss
2020-12-07 22:46 ` [PATCH 1/2] arm64: Add ARM64_PTR_AUTH_KERNEL config option Daniel Kiss
2020-12-07 22:46 ` [PATCH 2/2] arm64: Configure kernel's PTR_AUTH key when it is built with PTR_AUTH Daniel Kiss
2020-12-07 23:07   ` Peter Collingbourne
2020-12-08 11:00     ` Catalin Marinas
2020-12-08 19:33       ` Peter Collingbourne
2020-12-09 10:51         ` Will Deacon
2020-12-09 11:56           ` Daniel Kiss
2020-12-18 11:56             ` arm64: split ARM64_PTR_AUTH option to userspace and kernel Daniel Kiss
2020-12-18 11:56               ` [PATCH v2 1/2] arm64: Add ARM64_PTR_AUTH_KERNEL config option Daniel Kiss
2021-01-26 13:27                 ` Will Deacon [this message]
2021-02-08 14:39                   ` Daniel Kiss
2020-12-18 11:56               ` [PATCH v2 2/2] arm64: Do not configure kernel's PTR_AUTH key when it not needed Daniel Kiss
2021-01-26 13:32                 ` Will Deacon
2021-01-26 13:17               ` arm64: split ARM64_PTR_AUTH option to userspace and kernel Will Deacon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210126132743.GF29702@willie-the-truck \
    --to=will@kernel.org \
    --cc=Ard.Biesheuvel@arm.com \
    --cc=Catalin.Marinas@arm.com \
    --cc=daniel.kiss@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=pcc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.