From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: arnd@arndb.de, catalin.marinas@arm.com, cdall@linaro.org,
kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org,
marc.zyngier@arm.com, mark.rutland@arm.com,
suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org, awallis@codeaurora.org
Subject: [PATCHv2 11/12] arm64: enable pointer authentication
Date: Mon, 27 Nov 2017 16:38:05 +0000 [thread overview]
Message-ID: <20171127163806.31435-12-mark.rutland@arm.com> (raw)
In-Reply-To: <20171127163806.31435-1-mark.rutland@arm.com>
Now that all the necessary bits are in place for userspace / KVM guest
pointer authentication, add the necessary Kconfig logic to allow this to
be enabled.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/Kconfig | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a93339f5178f..f7cb4ca8a6fc 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1013,6 +1013,29 @@ config ARM64_PMEM
endmenu
+menu "ARMv8.3 architectural features"
+
+config ARM64_POINTER_AUTHENTICATION
+ bool "Enable support for pointer authentication"
+ default y
+ help
+ Pointer authentication (part of the ARMv8.3 Extensions) provides
+ instructions for signing and authenticating pointers against secret
+ keys, which can be used to mitigate Return Oriented Programming (ROP)
+ and other attacks.
+
+ This option enables these instructions at EL0 (i.e. for userspace).
+
+ Choosing this option will cause the kernel to initialise secret keys
+ for each process at exec() time, with these keys being
+ context-switched along with the process.
+
+ The feature is detected at runtime. If the feature is not present in
+ hardware it will not be advertised to userspace nor will it be
+ enabled.
+
+endmenu
+
config ARM64_SVE
bool "ARM Scalable Vector Extension support"
default y
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org, cdall@linaro.org, arnd@arndb.de,
marc.zyngier@arm.com, catalin.marinas@arm.com, yao.qi@arm.com,
kernel-hardening@lists.openwall.com, will.deacon@arm.com,
linux-kernel@vger.kernel.org, awallis@codeaurora.org,
kvmarm@lists.cs.columbia.edu
Subject: [PATCHv2 11/12] arm64: enable pointer authentication
Date: Mon, 27 Nov 2017 16:38:05 +0000 [thread overview]
Message-ID: <20171127163806.31435-12-mark.rutland@arm.com> (raw)
In-Reply-To: <20171127163806.31435-1-mark.rutland@arm.com>
Now that all the necessary bits are in place for userspace / KVM guest
pointer authentication, add the necessary Kconfig logic to allow this to
be enabled.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/Kconfig | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a93339f5178f..f7cb4ca8a6fc 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1013,6 +1013,29 @@ config ARM64_PMEM
endmenu
+menu "ARMv8.3 architectural features"
+
+config ARM64_POINTER_AUTHENTICATION
+ bool "Enable support for pointer authentication"
+ default y
+ help
+ Pointer authentication (part of the ARMv8.3 Extensions) provides
+ instructions for signing and authenticating pointers against secret
+ keys, which can be used to mitigate Return Oriented Programming (ROP)
+ and other attacks.
+
+ This option enables these instructions at EL0 (i.e. for userspace).
+
+ Choosing this option will cause the kernel to initialise secret keys
+ for each process at exec() time, with these keys being
+ context-switched along with the process.
+
+ The feature is detected at runtime. If the feature is not present in
+ hardware it will not be advertised to userspace nor will it be
+ enabled.
+
+endmenu
+
config ARM64_SVE
bool "ARM Scalable Vector Extension support"
default y
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCHv2 11/12] arm64: enable pointer authentication
Date: Mon, 27 Nov 2017 16:38:05 +0000 [thread overview]
Message-ID: <20171127163806.31435-12-mark.rutland@arm.com> (raw)
In-Reply-To: <20171127163806.31435-1-mark.rutland@arm.com>
Now that all the necessary bits are in place for userspace / KVM guest
pointer authentication, add the necessary Kconfig logic to allow this to
be enabled.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/Kconfig | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a93339f5178f..f7cb4ca8a6fc 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1013,6 +1013,29 @@ config ARM64_PMEM
endmenu
+menu "ARMv8.3 architectural features"
+
+config ARM64_POINTER_AUTHENTICATION
+ bool "Enable support for pointer authentication"
+ default y
+ help
+ Pointer authentication (part of the ARMv8.3 Extensions) provides
+ instructions for signing and authenticating pointers against secret
+ keys, which can be used to mitigate Return Oriented Programming (ROP)
+ and other attacks.
+
+ This option enables these instructions at EL0 (i.e. for userspace).
+
+ Choosing this option will cause the kernel to initialise secret keys
+ for each process at exec() time, with these keys being
+ context-switched along with the process.
+
+ The feature is detected at runtime. If the feature is not present in
+ hardware it will not be advertised to userspace nor will it be
+ enabled.
+
+endmenu
+
config ARM64_SVE
bool "ARM Scalable Vector Extension support"
default y
--
2.11.0
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: arnd@arndb.de, catalin.marinas@arm.com, cdall@linaro.org,
kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org,
marc.zyngier@arm.com, mark.rutland@arm.com,
suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org, awallis@codeaurora.org
Subject: [kernel-hardening] [PATCHv2 11/12] arm64: enable pointer authentication
Date: Mon, 27 Nov 2017 16:38:05 +0000 [thread overview]
Message-ID: <20171127163806.31435-12-mark.rutland@arm.com> (raw)
In-Reply-To: <20171127163806.31435-1-mark.rutland@arm.com>
Now that all the necessary bits are in place for userspace / KVM guest
pointer authentication, add the necessary Kconfig logic to allow this to
be enabled.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
arch/arm64/Kconfig | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index a93339f5178f..f7cb4ca8a6fc 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1013,6 +1013,29 @@ config ARM64_PMEM
endmenu
+menu "ARMv8.3 architectural features"
+
+config ARM64_POINTER_AUTHENTICATION
+ bool "Enable support for pointer authentication"
+ default y
+ help
+ Pointer authentication (part of the ARMv8.3 Extensions) provides
+ instructions for signing and authenticating pointers against secret
+ keys, which can be used to mitigate Return Oriented Programming (ROP)
+ and other attacks.
+
+ This option enables these instructions at EL0 (i.e. for userspace).
+
+ Choosing this option will cause the kernel to initialise secret keys
+ for each process at exec() time, with these keys being
+ context-switched along with the process.
+
+ The feature is detected at runtime. If the feature is not present in
+ hardware it will not be advertised to userspace nor will it be
+ enabled.
+
+endmenu
+
config ARM64_SVE
bool "ARM Scalable Vector Extension support"
default y
--
2.11.0
next prev parent reply other threads:[~2017-11-27 16:39 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 16:37 [PATCHv2 00/12] ARMv8.3 pointer authentication userspace support Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` [PATCHv2 01/12] asm-generic: mm_hooks: allow hooks to be overridden individually Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` [PATCHv2 02/12] arm64: add pointer authentication register bits Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` [PATCHv2 03/12] arm64/cpufeature: add ARMv8.3 id_aa64isar1 bits Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` [PATCHv2 04/12] arm64/cpufeature: detect pointer authentication Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2017-11-27 16:37 ` [PATCHv2 05/12] arm64: Don't trap host pointer auth use to EL2 Mark Rutland
2017-11-27 16:37 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:37 ` Mark Rutland
2018-02-06 12:39 ` Christoffer Dall
2018-02-06 12:39 ` Christoffer Dall
2018-02-12 16:00 ` Mark Rutland
2018-02-12 16:00 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 06/12] arm64: add basic pointer authentication support Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2018-05-22 19:06 ` Adam Wallis
2018-05-22 19:06 ` Adam Wallis
2017-11-27 16:38 ` [PATCHv2 07/12] arm64: expose user PAC bit positions via ptrace Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 08/12] arm64: perf: strip PAC when unwinding userspace Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 09/12] arm64/kvm: preserve host HCR_EL2 value Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2018-02-06 12:39 ` Christoffer Dall
2018-02-06 12:39 ` Christoffer Dall
2018-04-09 14:57 ` Mark Rutland
2018-04-09 14:57 ` Mark Rutland
2018-04-09 19:03 ` Christoffer Dall
2018-04-09 19:03 ` Christoffer Dall
2017-11-27 16:38 ` [PATCHv2 10/12] arm64/kvm: context-switch ptrauth registers Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2018-02-06 12:38 ` Christoffer Dall
2018-02-06 12:38 ` Christoffer Dall
2018-03-09 14:28 ` Mark Rutland
2018-03-09 14:28 ` Mark Rutland
2018-04-09 12:58 ` Christoffer Dall
2018-04-09 12:58 ` Christoffer Dall
2018-04-09 14:37 ` Mark Rutland
2018-04-09 14:37 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland [this message]
2017-11-27 16:38 ` [kernel-hardening] [PATCHv2 11/12] arm64: enable pointer authentication Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 12/12] arm64: docs: document " Mark Rutland
2017-11-27 16:38 ` [kernel-hardening] " Mark Rutland
2017-11-27 16:38 ` Mark Rutland
2017-11-28 15:07 ` Andrew Jones
2017-11-28 15:07 ` [kernel-hardening] " Andrew Jones
2017-11-28 15:07 ` Andrew Jones
2017-12-04 12:39 ` Mark Rutland
2017-12-04 12:39 ` [kernel-hardening] " Mark Rutland
2017-12-04 12:39 ` Mark Rutland
2017-12-04 12:49 ` Andrew Jones
2017-12-04 12:49 ` [kernel-hardening] " Andrew Jones
2017-12-04 12:49 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171127163806.31435-12-mark.rutland@arm.com \
--to=mark.rutland@arm.com \
--cc=arnd@arndb.de \
--cc=awallis@codeaurora.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@linaro.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=yao.qi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.