|
|
Log in / Subscribe / Register

arm64: return address signing

From:  Amit Daniel Kachhap <amit.kachhap-AT-arm.com>
To:  linux-arm-kernel-AT-lists.infradead.org
Subject:  [PATCH v4 00/17] arm64: return address signing
Date:  Thu, 23 Jan 2020 15:50:22 +0530
Message-ID:  <1579774839-19562-1-git-send-email-amit.kachhap@arm.com>
Cc:  Mark Rutland <mark.rutland-AT-arm.com>, Kees Cook <keescook-AT-chromium.org>, Suzuki K Poulose <suzuki.poulose-AT-arm.com>, Catalin Marinas <catalin.marinas-AT-arm.com>, Kristina Martsenko <kristina.martsenko-AT-arm.com>, Dave Martin <Dave.Martin-AT-arm.com>, Mark Brown <broonie-AT-kernel.org>, James Morse <james.morse-AT-arm.com>, Ramana Radhakrishnan <ramana.radhakrishnan-AT-arm.com>, Amit Daniel Kachhap <amit.kachhap-AT-arm.com>, Vincenzo Frascino <Vincenzo.Frascino-AT-arm.com>, Will Deacon <will-AT-kernel.org>, Ard Biesheuvel <ardb-AT-kernel.org>
Archive-link:  Article

Hi,

This series improves function return address protection for the arm64 kernel, by
compiling the kernel with ARMv8.3 Pointer Authentication instructions (referred
ptrauth hereafter). This should help protect the kernel against attacks using
return-oriented programming.

This series is based on Linux version v5.5-rc7.

High-level changes since v3 [1] (detailed change descriptions are in individual patches):
 - Fixed some clang related compilation issues.
 - Added a new patch "arm64: cpufeature: Fix meta-capability cpufeature check"
 - Dropped the patch "arm64: kprobe: disable probe of ptrauth instruction". This will
   be sent with armv8.6 ptrauth enhanced features patch in future.
 - Several Reviewed-by and Acked-by. 
 - Several fixes suggested by Catalin.

This series do not implement few things:
 - kdump tools may need some rework to work with ptrauth. The kdump
   tools may need the ptrauth information to strip PAC bits. This will
   be sent in a separate patch.
 - Few more ptrauth generic lkdtm tests as requested by Kees Cook.
 - Generate compile time warnings if requested Kconfig feature not 
   supported by compilers.

Feedback welcome!

Thanks,
Amit Daniel

[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/201...

Amit Daniel Kachhap (8):
  arm64: cpufeature: Fix meta-capability cpufeature check
  arm64: create macro to park cpu in an infinite loop
  arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
  arm64: initialize ptrauth keys for kernel booting task
  arm64: mask PAC bits of __builtin_return_address
  arm64: __show_regs: strip PAC from lr in printk
  arm64: suspend: restore the kernel ptrauth keys
  lkdtm: arm64: test kernel pointer authentication

Kristina Martsenko (7):
  arm64: cpufeature: add pointer auth meta-capabilities
  arm64: rename ptrauth key structures to be user-specific
  arm64: install user ptrauth keys at kernel exit time
  arm64: cpufeature: handle conflicts based on capability
  arm64: enable ptrauth earlier
  arm64: initialize and switch ptrauth kernel keys
  arm64: compile the kernel with ptrauth return address signing

Mark Rutland (1):
  arm64: unwind: strip PAC from kernel addresses

Vincenzo Frascino (1):
  kconfig: Add support for 'as-option'

 arch/arm64/Kconfig                        | 27 +++++++++++-
 arch/arm64/Makefile                       | 11 +++++
 arch/arm64/include/asm/asm_pointer_auth.h | 63 ++++++++++++++++++++++++++++
 arch/arm64/include/asm/compiler.h         | 20 +++++++++
 arch/arm64/include/asm/cpucaps.h          |  4 +-
 arch/arm64/include/asm/cpufeature.h       | 34 ++++++++++++---
 arch/arm64/include/asm/pointer_auth.h     | 54 ++++++++++++------------
 arch/arm64/include/asm/processor.h        |  3 +-
 arch/arm64/include/asm/smp.h              | 10 +++++
 arch/arm64/include/asm/stackprotector.h   |  5 +++
 arch/arm64/kernel/asm-offsets.c           | 16 +++++++
 arch/arm64/kernel/cpufeature.c            | 66 +++++++++++++++++++----------
 arch/arm64/kernel/entry.S                 |  6 +++
 arch/arm64/kernel/head.S                  | 28 +++++++------
 arch/arm64/kernel/pointer_auth.c          |  7 +---
 arch/arm64/kernel/process.c               |  5 ++-
 arch/arm64/kernel/ptrace.c                | 16 +++----
 arch/arm64/kernel/sleep.S                 |  8 ++++
 arch/arm64/kernel/smp.c                   | 10 +++++
 arch/arm64/kernel/stacktrace.c            |  3 ++
 arch/arm64/mm/proc.S                      | 69 ++++++++++++++++++++++++++-----
 drivers/misc/lkdtm/bugs.c                 | 36 ++++++++++++++++
 drivers/misc/lkdtm/core.c                 |  1 +
 drivers/misc/lkdtm/lkdtm.h                |  1 +
 include/linux/stackprotector.h            |  2 +-
 scripts/Kconfig.include                   |  4 ++
 26 files changed, 411 insertions(+), 98 deletions(-)
 create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
 create mode 100644 arch/arm64/include/asm/compiler.h

-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds