From: Dave Martin <Dave.Martin@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, "H.J. Lu" <hjl.tools@gmail.com>,
"Yu-cheng Yu" <yu-cheng.yu@intel.com>,
"Andrew Jones" <drjones@redhat.com>,
"Paul Elliott" <paul.elliott@arm.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Szabolcs Nagy" <szabolcs.nagy@arm.com>,
"Will Deacon" <will.deacon@arm.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
linux-kernel@vger.kernel.org,
"Kristina Martšenko" <kristina.martsenko@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
"Sudakshina Das" <sudi.das@arm.com>
Subject: [PATCH 0/8] arm64: ARMv8.5-A: Branch Target Identification support
Date: Fri, 24 May 2019 11:25:25 +0100 [thread overview]
Message-ID: <1558693533-13465-1-git-send-email-Dave.Martin@arm.com> (raw)
This patch implements support for ARMv8.5-A Branch Target Identification
(BTI), which is a control flow integrity protection feature introduced
as part of the ARMv8.5-A extensions [1].
The series is based on v5.2-rc1.
Patch 1 is from Yu-Cheng Yu of Intel, providing generic support
for parsing the ELF NT_GNU_PROPERTY_TYPE_0 note. It makes sense to
share this mechanism with x86 rather than reinventing it.
Various things need nailing down before this can be upstreamable:
* Not tested with hugepages yet. (If anyone has any suggestions about
how best to do that, please shout!)
* The NT_GNU_PROPERTY_TYPE_0 ELF note parsing support is not upstream
yet and may be subject to further change.
Todo:
* Add BTI protection in the vDSO, so that user code can no longer
jump to random locations in there. Lack of this protection doesn't
break anything, however.
Tested on the ARM Fast Model.
Notes:
* GCC 9 can compile backwards-compatible BTI-enabled code with
-mbranch-protection=bti or -mbranch-protection=standard.
* Binutils trunk supports the new ELF note, but this isn't in a release
yet.
Creation of a BTI-enabled binary requires _everything_ linked in to
be BTI-enabled. For now ld --force-bti can be used to override this,
but some things may break until the required C library support is in
place.
There is no straightforward way to mark a .s file as BTI-enabled:
scraping the output from gcc -S works as a quick hack for now.
readelf -n can be used to examing the program properties in an ELF
file.
* Runtime mmap() and mprotect() can be used to enable BTI on a
page-by-page basis using the new PROT_BTI_GUARDED, but the code in
the affected pages still needs to be written or compiled to contain
the appopriate BTI landing pads.
Dave Martin (7):
mm: Reserve asm-generic prot flag 0x10 for arch use
arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1
arm64: Basic Branch Target Identification support
elf: Parse program properties before destroying the old process
elf: Allow arch to tweak initial mmap prot flags
arm64: elf: Enable BTI at exec based on ELF program properties
arm64: BTI: Decode BYTPE bits when printing PSTATE
Yu-cheng Yu (1):
binfmt_elf: Extract .note.gnu.property from an ELF file
Documentation/arm64/cpu-feature-registers.txt | 18 +-
Documentation/arm64/elf_hwcaps.txt | 4 +
arch/arm64/Kconfig | 26 ++
arch/arm64/include/asm/cpucaps.h | 3 +-
arch/arm64/include/asm/cpufeature.h | 6 +
arch/arm64/include/asm/elf.h | 28 ++
arch/arm64/include/asm/esr.h | 2 +-
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/mman.h | 33 +++
arch/arm64/include/asm/pgtable-hwdef.h | 1 +
arch/arm64/include/asm/pgtable.h | 2 +-
arch/arm64/include/asm/ptrace.h | 3 +
arch/arm64/include/asm/sysreg.h | 2 +
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/include/uapi/asm/mman.h | 9 +
arch/arm64/include/uapi/asm/ptrace.h | 1 +
arch/arm64/kernel/cpufeature.c | 17 ++
arch/arm64/kernel/cpuinfo.c | 1 +
arch/arm64/kernel/entry.S | 11 +
arch/arm64/kernel/process.c | 64 ++++-
arch/arm64/kernel/ptrace.c | 2 +-
arch/arm64/kernel/signal.c | 5 +
arch/arm64/kernel/syscall.c | 1 +
arch/arm64/kernel/traps.c | 7 +
fs/Kconfig.binfmt | 7 +
fs/Makefile | 1 +
fs/binfmt_elf.c | 31 ++-
fs/gnu_property.c | 363 ++++++++++++++++++++++++++
include/linux/elf.h | 32 +++
include/linux/mm.h | 3 +
include/uapi/asm-generic/mman-common.h | 1 +
include/uapi/linux/elf.h | 14 +
32 files changed, 684 insertions(+), 16 deletions(-)
create mode 100644 arch/arm64/include/asm/mman.h
create mode 100644 arch/arm64/include/uapi/asm/mman.h
create mode 100644 fs/gnu_property.c
--
2.1.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2019-05-24 10:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-24 10:25 Dave Martin [this message]
2019-05-24 10:25 ` [PATCH 1/8] binfmt_elf: Extract .note.gnu.property from an ELF file Dave Martin
2019-05-24 10:25 ` [PATCH 2/8] mm: Reserve asm-generic prot flag 0x10 for arch use Dave Martin
2019-05-24 10:25 ` [PATCH 3/8] arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 Dave Martin
2019-05-24 10:25 ` [PATCH 4/8] arm64: Basic Branch Target Identification support Dave Martin
2019-05-24 13:02 ` Mark Rutland
2019-05-24 14:53 ` Dave Martin
2019-05-24 15:38 ` Mark Rutland
2019-05-24 16:12 ` Dave Martin
2019-05-24 17:19 ` Mark Rutland
2019-05-28 10:52 ` Dave P Martin
2019-06-06 17:11 ` Catalin Marinas
2019-06-06 17:23 ` Dave Martin
2019-06-06 17:34 ` Yu-cheng Yu
2019-06-06 17:56 ` Dave Martin
2019-05-24 10:25 ` [PATCH 5/8] elf: Parse program properties before destroying the old process Dave Martin
2019-05-24 10:25 ` [PATCH 6/8] elf: Allow arch to tweak initial mmap prot flags Dave Martin
2019-05-24 10:25 ` [PATCH 7/8] arm64: elf: Enable BTI at exec based on ELF program properties Dave Martin
2019-05-24 10:25 ` [PATCH 8/8] arm64: BTI: Decode BYTPE bits when printing PSTATE Dave Martin
2019-06-05 21:12 ` [PATCH 0/8] arm64: ARMv8.5-A: Branch Target Identification support Richard Henderson
2019-06-06 9:34 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1558693533-13465-1-git-send-email-Dave.Martin@arm.com \
--to=dave.martin@arm.com \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=drjones@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=kristina.martsenko@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.elliott@arm.com \
--cc=richard.henderson@linaro.org \
--cc=sudi.das@arm.com \
--cc=szabolcs.nagy@arm.com \
--cc=will.deacon@arm.com \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).