[PATCH v2 1/2] arm64: Add ARM64_PTR_AUTH_KERNEL config option
Daniel.Kiss at arm.com
Mon Feb 8 09:39:03 EST 2021
> On 26 Jan 2021, at 14:27, Will Deacon <will at kernel.org> wrote:
> On Fri, Dec 18, 2020 at 12:56:31PM +0100, Daniel Kiss wrote:
>> This new option makes possible to build the kernel with pointer
>> authentication support for the user space while the kernel is not built
>> with the pointer authentication. There is a similar config structure for BTI.
>> The default configuration will be the same after this patch.
> Please read the "Describe your changes" section of
> Documentation/process/submitting-patches.rst for some guidance on writing
> commit messages.
WIll do, thanks.
I’ll send a new patch series according to it with the fixes.
>> Signed-off-by: Daniel Kiss <daniel.kiss at arm.com>
>> arch/arm64/Kconfig | 26 +++++++++++++++++---------
>> arch/arm64/Makefile | 2 +-
>> drivers/misc/lkdtm/bugs.c | 6 +++---
>> 3 files changed, 21 insertions(+), 13 deletions(-)
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index 75aefc9990ea..b8af3297425a 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -1501,7 +1501,6 @@ config ARM64_PTR_AUTH
>> # which is only understood by binutils starting with version 2.33.1.
>> depends on LD_IS_LLD || LD_VERSION >= 233010000 || (CC_IS_GCC && GCC_VERSION < 90100)
>> depends on !CC_IS_CLANG || AS_HAS_CFI_NEGATE_RA_STATE
> Why do we need to keep all the toolchain checks here if this option doesn't
> enable PAC in the kernel?
No need for that, can be moved to under ARM64_PTR_AUTH_KERNEL.
>> - depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
>> Pointer authentication (part of the ARMv8.3 Extensions) provides
>> instructions for signing and authenticating pointers against secret
>> @@ -1513,13 +1512,6 @@ config ARM64_PTR_AUTH
>> for each process at exec() time, with these keys being
>> context-switched along with the process.
>> - If the compiler supports the -mbranch-protection or
>> - -msign-return-address flag (e.g. GCC 7 or later), then this option
>> - will also cause the kernel itself to be compiled with return address
>> - protection. In this case, and if the target hardware is known to
>> - support pointer authentication, then CONFIG_STACKPROTECTOR can be
>> - disabled with minimal loss of protection.
>> The feature is detected at runtime. If the feature is not present in
>> hardware it will not be advertised to userspace/KVM guest nor will it
>> be enabled.
>> @@ -1530,6 +1522,22 @@ config ARM64_PTR_AUTH
>> but with the feature disabled. On such a system, this option should
>> not be selected.
>> +config ARM64_PTR_AUTH_KERNEL
>> + bool "Enable support for pointer authentication for kernel"
> Maybe "Use pointer authentication for kernel" for parity with the BTI
>> + default y
>> + depends on ARM64_PTR_AUTH
>> + depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
>> + help
>> + Build the kernel with return address protection by
>> + pointer authentication.
> I don't think these two lines add anything ^^
More information about the linux-arm-kernel