linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 00/16] arm64: return address signing
@ 2019-12-16  8:47 Amit Daniel Kachhap
  2019-12-16  8:47 ` [PATCH v3 01/16] arm64: cpufeature: add pointer auth meta-capabilities Amit Daniel Kachhap
                   ` (17 more replies)
  0 siblings, 18 replies; 60+ messages in thread
From: Amit Daniel Kachhap @ 2019-12-16  8:47 UTC (permalink / raw)
  To: linux-arm-kernel
  Cc: Mark Rutland, Kees Cook, Suzuki K Poulose, Catalin Marinas,
	Ard Biesheuvel, Richard Henderson, Kristina Martsenko,
	James Morse, Ramana Radhakrishnan, Amit Daniel Kachhap,
	Mark Brown, Vincenzo Frascino, Will Deacon, Dave Martin

Hi,

This series improves function return address protection for the arm64 kernel, by
compiling the kernel with ARMv8.3 Pointer Authentication instructions (referred
ptrauth hereafter). This should help protect the kernel against attacks using
return-oriented programming.

This series is based on v5.5-rc2.

High-level changes since v2 [1] (detailed changes are in individual patches):
 - Added support to generate randomness for ptrauth keys for early booting task
   in primary core as suggested by Ard.
 - Modified lkdtm ptrauth test-case to change keys to cause crash instead of
   modifying the lr in the stack.
 - Resolved a clang compilation issue.
 - Re-positioned "arm64: rename ptrauth key structures to be user-specific" to
   reduce code churnings.

This series do not implement few things or have known limitations:
 - kdump tools may need some rework to work with ptrauth. The kdump
   tools may need the ptrauth information to strip PAC bits.

Feedback welcome!

Thanks,
Amit Daniel

[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2019-November/695089.html

Amit Daniel Kachhap (8):
  arm64: create macro to park cpu in an infinite loop
  arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
  arm64: initialize ptrauth keys for kernel booting task
  arm64: mask PAC bits of __builtin_return_address
  arm64: __show_regs: strip PAC from lr in printk
  arm64: suspend: restore the kernel ptrauth keys
  arm64: kprobe: disable probe of ptrauth instruction
  lkdtm: arm64: test kernel pointer authentication

Kristina Martsenko (6):
  arm64: cpufeature: add pointer auth meta-capabilities
  arm64: rename ptrauth key structures to be user-specific
  arm64: install user ptrauth keys at kernel exit time
  arm64: enable ptrauth earlier
  arm64: initialize and switch ptrauth kernel keys
  arm64: compile the kernel with ptrauth return address signing

Mark Rutland (1):
  arm64: unwind: strip PAC from kernel addresses

Vincenzo Frascino (1):
  kconfig: Add support for 'as-option'

 arch/arm64/Kconfig                        | 27 +++++++++++-
 arch/arm64/Makefile                       | 11 +++++
 arch/arm64/include/asm/asm_pointer_auth.h | 59 ++++++++++++++++++++++++++
 arch/arm64/include/asm/compiler.h         | 20 +++++++++
 arch/arm64/include/asm/cpucaps.h          |  4 +-
 arch/arm64/include/asm/cpufeature.h       |  6 +--
 arch/arm64/include/asm/insn.h             | 13 +++---
 arch/arm64/include/asm/pointer_auth.h     | 54 ++++++++++++------------
 arch/arm64/include/asm/processor.h        |  3 +-
 arch/arm64/include/asm/smp.h              | 10 +++++
 arch/arm64/include/asm/stackprotector.h   |  5 +++
 arch/arm64/kernel/asm-offsets.c           | 16 +++++++
 arch/arm64/kernel/cpufeature.c            | 30 ++++++++++----
 arch/arm64/kernel/entry.S                 |  6 +++
 arch/arm64/kernel/head.S                  | 47 +++++++++++++++------
 arch/arm64/kernel/insn.c                  |  1 +
 arch/arm64/kernel/pointer_auth.c          |  7 +---
 arch/arm64/kernel/probes/decode-insn.c    |  2 +-
 arch/arm64/kernel/process.c               |  5 ++-
 arch/arm64/kernel/ptrace.c                | 16 +++----
 arch/arm64/kernel/sleep.S                 |  8 ++++
 arch/arm64/kernel/smp.c                   | 10 +++++
 arch/arm64/kernel/stacktrace.c            |  3 ++
 arch/arm64/mm/proc.S                      | 69 ++++++++++++++++++++++++++-----
 drivers/misc/lkdtm/bugs.c                 | 36 ++++++++++++++++
 drivers/misc/lkdtm/core.c                 |  1 +
 drivers/misc/lkdtm/lkdtm.h                |  1 +
 include/linux/stackprotector.h            |  2 +-
 scripts/Kconfig.include                   |  4 ++
 29 files changed, 388 insertions(+), 88 deletions(-)
 create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
 create mode 100644 arch/arm64/include/asm/compiler.h

-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

^ permalink raw reply	[flat|nested] 60+ messages in thread

end of thread, other threads:[~2020-01-21 16:53 UTC | newest]

Thread overview: 60+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-16  8:47 [PATCH v3 00/16] arm64: return address signing Amit Daniel Kachhap
2019-12-16  8:47 ` [PATCH v3 01/16] arm64: cpufeature: add pointer auth meta-capabilities Amit Daniel Kachhap
2020-01-15 12:26   ` Catalin Marinas
2020-01-15 13:52     ` Suzuki Kuruppassery Poulose
2020-01-15 16:01       ` Catalin Marinas
2020-01-16 12:35         ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 02/16] arm64: rename ptrauth key structures to be user-specific Amit Daniel Kachhap
2020-01-15 16:42   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 03/16] arm64: install user ptrauth keys at kernel exit time Amit Daniel Kachhap
2020-01-15 17:02   ` Catalin Marinas
2020-01-16 12:39     ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 04/16] arm64: create macro to park cpu in an infinite loop Amit Daniel Kachhap
2020-01-07 11:13   ` Suzuki Kuruppassery Poulose
2020-01-15 17:03   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 05/16] arm64: ptrauth: Add bootup/runtime flags for __cpu_setup Amit Daniel Kachhap
2020-01-07 11:18   ` Suzuki Kuruppassery Poulose
2020-01-09  8:33     ` Amit Kachhap
2020-01-15 17:30   ` Catalin Marinas
2020-01-16 12:40     ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 06/16] arm64: enable ptrauth earlier Amit Daniel Kachhap
2020-01-07 11:35   ` Suzuki Kuruppassery Poulose
2020-01-09  8:29     ` Amit Kachhap
2020-01-10 10:18       ` Suzuki Kuruppassery Poulose
2020-01-16 16:24   ` Catalin Marinas
2020-01-17 10:43     ` Amit Kachhap
2020-01-17 12:00       ` Catalin Marinas
2020-01-20 14:27         ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 07/16] arm64: initialize and switch ptrauth kernel keys Amit Daniel Kachhap
2020-01-16 18:00   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 08/16] arm64: initialize ptrauth keys for kernel booting task Amit Daniel Kachhap
2020-01-16 17:59   ` Catalin Marinas
2020-01-20 10:50     ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 09/16] arm64: mask PAC bits of __builtin_return_address Amit Daniel Kachhap
2020-01-17 10:14   ` Catalin Marinas
2020-01-20 14:20     ` Amit Kachhap
2020-01-21 16:52       ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 10/16] arm64: unwind: strip PAC from kernel addresses Amit Daniel Kachhap
2020-01-17 10:22   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 11/16] arm64: __show_regs: strip PAC from lr in printk Amit Daniel Kachhap
2020-01-17 10:25   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 12/16] arm64: suspend: restore the kernel ptrauth keys Amit Daniel Kachhap
2020-01-17 10:31   ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 13/16] arm64: kprobe: disable probe of ptrauth instruction Amit Daniel Kachhap
2020-01-17 11:16   ` Catalin Marinas
2020-01-20 14:24     ` Amit Kachhap
2019-12-16  8:47 ` [PATCH v3 14/16] kconfig: Add support for 'as-option' Amit Daniel Kachhap
2019-12-17 11:43   ` Masahiro Yamada
2020-01-17 11:33   ` Catalin Marinas
2020-01-17 17:51     ` Masahiro Yamada
2020-01-20 10:26     ` Vincenzo Frascino
2019-12-16  8:47 ` [PATCH v3 15/16] arm64: compile the kernel with ptrauth return address signing Amit Daniel Kachhap
2020-01-17 11:49   ` Catalin Marinas
2020-01-21 14:37     ` Amit Kachhap
2020-01-21 14:46       ` Vincenzo Frascino
2020-01-21 16:50       ` Catalin Marinas
2019-12-16  8:47 ` [PATCH v3 16/16] lkdtm: arm64: test kernel pointer authentication Amit Daniel Kachhap
2020-01-17 11:53   ` Catalin Marinas
2019-12-16  9:35 ` [RESEND PATCH v3 00/16] arm64: return address signing Amit Daniel Kachhap
2019-12-30 19:09 ` [PATCH " Kees Cook
2020-01-07 11:07   ` Amit Kachhap

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).