[PATCH 00/28] ARMv8.3 pointer authentication

2 Sep 2020


      Firstly, this series improves function return address protection for the arm64
kernel, by compiling the kernel with ARMv8.3 Pointer Authentication instructions
(referred ptrauth hereafter). This should help protect the kernel against
attacks using return-oriented programming. Secondly, Suzuki's patches optimize
checking and enabling cpu capabilities. Thirdly, three patches on kernel config
enable ptrauth compiling and fix compile warnings. Finally, two patches of Mark
Rutland and one patch of Marc Zyngier are necessary simplifications and
cleanups.
Amit Daniel Kachhap (9):
  arm64: cpufeature: Fix meta-capability cpufeature check
  arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
  arm64: cpufeature: Move cpu capability helpers inside C file
  arm64: initialize ptrauth keys for kernel booting task
  arm64: mask PAC bits of __builtin_return_address
  arm64: __show_regs: strip PAC from lr in printk
  arm64: suspend: restore the kernel ptrauth keys
  lkdtm: arm64: test kernel pointer authentication
  arm64: Kconfig: ptrauth: Add binutils version check to fix mismatch
Catalin Marinas (1):
  kbuild: Add support for 'as-instr' to be used in Kconfig files
Kristina Martsenko (7):
  arm64: cpufeature: add pointer auth meta-capabilities
  arm64: rename ptrauth key structures to be user-specific
  arm64: install user ptrauth keys at kernel exit time
  arm64: cpufeature: handle conflicts based on capability
  arm64: enable ptrauth earlier
  arm64: initialize and switch ptrauth kernel keys
  arm64: compile the kernel with ptrauth return address signing
Marc Zyngier (1):
  arm64: Drop unnecessary include from asm/smp.h
Mark Rutland (3):
  arm64: unwind: strip PAC from kernel addresses
  arm64: remove ptrauth_keys_install_kernel sync arg
  arm64: simplify ptrauth initialization
Nick Desaulniers (1):
  arm64: Kconfig: verify binutils support for ARM64_PTR_AUTH
Suzuki K Poulose (4):
  arm64: capabilities: Speed up capability lookup
  arm64: capabilities: Optimize this_cpu_has_cap
  arm64: capabilities: Use linear array for detection and verification
  arm64: capabilities: Batch cpu_enable callbacks
Vincenzo Frascino (1):
  kconfig: Add support for 'as-option'
Zheng Zengkai (1):
  config: enable ARM64 pointer authentication configs by default
arch/arm64/Kconfig                        |  38 +++-
 arch/arm64/Makefile                       |  11 +
 arch/arm64/configs/hulk_defconfig         |   7 +
 arch/arm64/configs/openeuler_defconfig    |   7 +
 arch/arm64/include/asm/asm_pointer_auth.h |  98 ++++++++
 arch/arm64/include/asm/compiler.h         |  19 ++
 arch/arm64/include/asm/cpucaps.h          |   4 +-
 arch/arm64/include/asm/cpufeature.h       |  42 ++--
 arch/arm64/include/asm/pointer_auth.h     |  50 ++---
 arch/arm64/include/asm/processor.h        |   3 +-
 arch/arm64/include/asm/stackprotector.h   |   5 +
 arch/arm64/kernel/asm-offsets.c           |  13 ++
 arch/arm64/kernel/cpufeature.c            | 258 ++++++++++++++--------
 arch/arm64/kernel/entry.S                 |   6 +
 arch/arm64/kernel/head.S                  |  10 +
 arch/arm64/kernel/pointer_auth.c          |   7 +-
 arch/arm64/kernel/process.c               |   5 +-
 arch/arm64/kernel/ptrace.c                |  16 +-
 arch/arm64/kernel/sleep.S                 |   1 +
 arch/arm64/kernel/stacktrace.c            |   5 +-
 arch/arm64/mm/proc.S                      |  27 ++-
 drivers/misc/lkdtm/bugs.c                 |  36 +++
 drivers/misc/lkdtm/core.c                 |   1 +
 drivers/misc/lkdtm/lkdtm.h                |   1 +
 include/linux/stackprotector.h            |   2 +-
 scripts/Kconfig.include                   |  10 +
 26 files changed, 513 insertions(+), 169 deletions(-)
 create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
-- 
2.25.1

2024

2023

2022

2021

2020

2019

[PATCH 00/28] ARMv8.3 pointer authentication