arm64: Add ARM64_PTR_AUTH_KERNEL config option

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch add the ARM64_PTR_AUTH_KERNEL config and deals with the
build aspect of it.

Userspace support has no dependency on the toolchain therefore all
toolchain checks and build flags are controlled the new config
option.
The default config behavior will not be changed.

Signed-off-by: Daniel Kiss <daniel.kiss@arm.com>
Acked-by: Will Deacon <will@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20210613092632.93591-2-daniel.kiss@arm.com
Signed-off-by: Will Deacon <will@kernel.org>

authored by

Daniel Kiss and committed by

Will Deacon 4 years ago b27a9f41 c4681547

+25 -18

4 changed files

expand all

arch

arm64

Kconfig

Makefile

kernel

asm-offsets.c

drivers

misc

lkdtm

bugs.c

+19 -14

arch/arm64/Kconfig

··· 1481 1481 config ARM64_PTR_AUTH 1482 1482 bool "Enable support for pointer authentication" 1483 1483 default y 1484 - depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC 1485 - # Modern compilers insert a .note.gnu.property section note for PAC 1486 - # which is only understood by binutils starting with version 2.33.1. 1487 - depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100) 1488 - depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE 1489 - depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS) 1490 1484 help 1491 1485 Pointer authentication (part of the ARMv8.3 Extensions) provides 1492 1486 instructions for signing and authenticating pointers against secret ··· 1492 1498 for each process at exec() time, with these keys being 1493 1499 context-switched along with the process. 1494 1500 1495 - If the compiler supports the -mbranch-protection or 1496 - -msign-return-address flag (e.g. GCC 7 or later), then this option 1497 - will also cause the kernel itself to be compiled with return address 1498 - protection. In this case, and if the target hardware is known to 1499 - support pointer authentication, then CONFIG_STACKPROTECTOR can be 1500 - disabled with minimal loss of protection. 1501 - 1502 1501 The feature is detected at runtime. If the feature is not present in 1503 1502 hardware it will not be advertised to userspace/KVM guest nor will it 1504 1503 be enabled. ··· 1501 1514 address auth and the late CPU has then the late CPU will still boot 1502 1515 but with the feature disabled. On such a system, this option should 1503 1516 not be selected. 1517 + 1518 + config ARM64_PTR_AUTH_KERNEL 1519 + bool 1520 + default y 1521 + depends on ARM64_PTR_AUTH 1522 + depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC 1523 + # Modern compilers insert a .note.gnu.property section note for PAC 1524 + # which is only understood by binutils starting with version 2.33.1. 1525 + depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100) 1526 + depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE 1527 + depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS) 1528 + help 1529 + If the compiler supports the -mbranch-protection or 1530 + -msign-return-address flag (e.g. GCC 7 or later), then this option 1531 + will cause the kernel itself to be compiled with return address 1532 + protection. In this case, and if the target hardware is known to 1533 + support pointer authentication, then CONFIG_STACKPROTECTOR can be 1534 + disabled with minimal loss of protection. 1504 1535 1505 1536 This feature works with FUNCTION_GRAPH_TRACER option only if 1506 1537 DYNAMIC_FTRACE_WITH_REGS is enabled. ··· 1611 1606 bool "Use Branch Target Identification for kernel" 1612 1607 default y 1613 1608 depends on ARM64_BTI 1614 - depends on ARM64_PTR_AUTH 1609 + depends on ARM64_PTR_AUTH_KERNEL 1615 1610 depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI 1616 1611 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697 1617 1612 depends on !CC_IS_GCC || GCC_VERSION >= 100100

+1 -1

arch/arm64/Makefile

··· 70 70 # off, this will be overridden if we are using branch protection. 71 71 branch-prot-flags-y += $(call cc-option,-mbranch-protection=none) 72 72 73 - ifeq ($(CONFIG_ARM64_PTR_AUTH),y) 73 + ifeq ($(CONFIG_ARM64_PTR_AUTH_KERNEL),y) 74 74 branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address=all 75 75 # We enable additional protection for leaf functions as there is some 76 76 # narrow potential for ROP protection benefits and no substantial

arch/arm64/kernel/asm-offsets.c

··· 46 46 DEFINE(THREAD_SCTLR_USER, offsetof(struct task_struct, thread.sctlr_user)); 47 47 #ifdef CONFIG_ARM64_PTR_AUTH 48 48 DEFINE(THREAD_KEYS_USER, offsetof(struct task_struct, thread.keys_user)); 49 + #endif 50 + #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL 49 51 DEFINE(THREAD_KEYS_KERNEL, offsetof(struct task_struct, thread.keys_kernel)); 50 52 #endif 51 53 #ifdef CONFIG_ARM64_MTE

+3 -3

drivers/misc/lkdtm/bugs.c

··· 463 463 #ifdef CONFIG_ARM64 464 464 static noinline void change_pac_parameters(void) 465 465 { 466 - if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH)) { 466 + if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) { 467 467 /* Reset the keys of current task */ 468 468 ptrauth_thread_init_kernel(current); 469 469 ptrauth_thread_switch_kernel(current); ··· 477 477 #define CORRUPT_PAC_ITERATE 10 478 478 int i; 479 479 480 - if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH)) 481 - pr_err("FAIL: kernel not built with CONFIG_ARM64_PTR_AUTH\n"); 480 + if (!IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) 481 + pr_err("FAIL: kernel not built with CONFIG_ARM64_PTR_AUTH_KERNEL\n"); 482 482 483 483 if (!system_supports_address_auth()) { 484 484 pr_err("FAIL: CPU lacks pointer authentication feature\n");