[PATCH v3 00/16] arm64: return address signing

Amit Kachhap amit.kachhap at arm.com
Tue Jan 7 03:07:15 PST 2020


Hi Kees,

On 12/31/19 12:39 AM, Kees Cook wrote:
> On Mon, Dec 16, 2019 at 02:17:02PM +0530, Amit Daniel Kachhap wrote:
>> This series improves function return address protection for the arm64 kernel, by
>> compiling the kernel with ARMv8.3 Pointer Authentication instructions (referred
>> ptrauth hereafter). This should help protect the kernel against attacks using
>> return-oriented programming.
> 
> Exciting! Can this be emulated in qemu yet? I'd like to see more specific

Yes I just checked qemu 4.1 version. ptrauth can be emulated by using 
option -cpu max. Even the lkdtm test provided in this series works fine.

> LKDTM tests added for this (similar to the forward-edge CFI tests[1]),

Ok sure I will check on this if I can add more tests.

> but I won't be able to do these tests myself since I don't have ARMv8.3
> hardware. :) IIUC, the existing lkdtm_CORRUPT_STACK*() tests[2] should trip
> with this protection enabled...

Yes lkdtm_CORRUPT_STACK test works fine along ptrauth instructions.

Thanks,
Amit
> 
> Thanks!
> 
> -Kees
> 
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/misc/lkdtm/cfi.c
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/misc/lkdtm/bugs.c#n114
> 
>>
>> This series is based on v5.5-rc2.
>>
>> High-level changes since v2 [1] (detailed changes are in individual patches):
>>   - Added support to generate randomness for ptrauth keys for early booting task
>>     in primary core as suggested by Ard.
>>   - Modified lkdtm ptrauth test-case to change keys to cause crash instead of
>>     modifying the lr in the stack.
>>   - Resolved a clang compilation issue.
>>   - Re-positioned "arm64: rename ptrauth key structures to be user-specific" to
>>     reduce code churnings.
>>
>> This series do not implement few things or have known limitations:
>>   - kdump tools may need some rework to work with ptrauth. The kdump
>>     tools may need the ptrauth information to strip PAC bits.
>>
>> Feedback welcome!
>>
>> Thanks,
>> Amit Daniel
>>
>> [1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2019-November/695089.html
>>
>> Amit Daniel Kachhap (8):
>>    arm64: create macro to park cpu in an infinite loop
>>    arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
>>    arm64: initialize ptrauth keys for kernel booting task
>>    arm64: mask PAC bits of __builtin_return_address
>>    arm64: __show_regs: strip PAC from lr in printk
>>    arm64: suspend: restore the kernel ptrauth keys
>>    arm64: kprobe: disable probe of ptrauth instruction
>>    lkdtm: arm64: test kernel pointer authentication
>>
>> Kristina Martsenko (6):
>>    arm64: cpufeature: add pointer auth meta-capabilities
>>    arm64: rename ptrauth key structures to be user-specific
>>    arm64: install user ptrauth keys at kernel exit time
>>    arm64: enable ptrauth earlier
>>    arm64: initialize and switch ptrauth kernel keys
>>    arm64: compile the kernel with ptrauth return address signing
>>
>> Mark Rutland (1):
>>    arm64: unwind: strip PAC from kernel addresses
>>
>> Vincenzo Frascino (1):
>>    kconfig: Add support for 'as-option'
>>
>>   arch/arm64/Kconfig                        | 27 +++++++++++-
>>   arch/arm64/Makefile                       | 11 +++++
>>   arch/arm64/include/asm/asm_pointer_auth.h | 59 ++++++++++++++++++++++++++
>>   arch/arm64/include/asm/compiler.h         | 20 +++++++++
>>   arch/arm64/include/asm/cpucaps.h          |  4 +-
>>   arch/arm64/include/asm/cpufeature.h       |  6 +--
>>   arch/arm64/include/asm/insn.h             | 13 +++---
>>   arch/arm64/include/asm/pointer_auth.h     | 54 ++++++++++++------------
>>   arch/arm64/include/asm/processor.h        |  3 +-
>>   arch/arm64/include/asm/smp.h              | 10 +++++
>>   arch/arm64/include/asm/stackprotector.h   |  5 +++
>>   arch/arm64/kernel/asm-offsets.c           | 16 +++++++
>>   arch/arm64/kernel/cpufeature.c            | 30 ++++++++++----
>>   arch/arm64/kernel/entry.S                 |  6 +++
>>   arch/arm64/kernel/head.S                  | 47 +++++++++++++++------
>>   arch/arm64/kernel/insn.c                  |  1 +
>>   arch/arm64/kernel/pointer_auth.c          |  7 +---
>>   arch/arm64/kernel/probes/decode-insn.c    |  2 +-
>>   arch/arm64/kernel/process.c               |  5 ++-
>>   arch/arm64/kernel/ptrace.c                | 16 +++----
>>   arch/arm64/kernel/sleep.S                 |  8 ++++
>>   arch/arm64/kernel/smp.c                   | 10 +++++
>>   arch/arm64/kernel/stacktrace.c            |  3 ++
>>   arch/arm64/mm/proc.S                      | 69 ++++++++++++++++++++++++++-----
>>   drivers/misc/lkdtm/bugs.c                 | 36 ++++++++++++++++
>>   drivers/misc/lkdtm/core.c                 |  1 +
>>   drivers/misc/lkdtm/lkdtm.h                |  1 +
>>   include/linux/stackprotector.h            |  2 +-
>>   scripts/Kconfig.include                   |  4 ++
>>   29 files changed, 388 insertions(+), 88 deletions(-)
>>   create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
>>   create mode 100644 arch/arm64/include/asm/compiler.h
>>
>> -- 
>> 2.7.4
>>
> 



More information about the linux-arm-kernel mailing list