From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: libc-alpha@sourceware.org
Subject: [PATCH v3 00/13] aarch64: branch protection support
Date: Fri, 15 May 2020 15:40:44 +0100 [thread overview]
Message-ID: <cover.1589552054.git.szabolcs.nagy@arm.com> (raw)
Indirect branch target identification (BTI, armv8.5-a) and return
address signing using pointer authentication (PAC-RET, armv8.3-a)
can be used for security hardening against some control flow hijack
attacks.
In gcc these are exposed via -mbranch-protection=bti+pac-ret which
is the same as -mbranch-protection=standard and gcc can be configured
via --enable-standard-branch-protection to use them by default.
BTI requires libc support: it is an opt-in feature per ELF module
via a GNU property note that the dynamic linker has to check and
mprotect the executable pages with PROT_BTI. And libc objects that
are statically linked into user binaries must be BTI compatible
for the GNU property note to be present. (The property note is
handled by linux for static linked executables and for the ld.so.)
PAC-RET does not require libc runtime support, (other than for
_mcount with current -pg code gen), but, just like BTI, it can be
used in libc binaries for security hardening.
v3:
- instead of END_FILE add note in sysdep.h.
- dropped the syscall template patch (END_FILE is not needed).
- PATCH 05: remove END_FILE macros.
- PATCH 05: clarify the GNU_PROPERTY macro and related defines.
- PATCH 09: separate hook for PT_GNU_PROPERTY handling.
- PATCH 09: modified rtld.c and dl-load.c accordingly.
- PATCH 09: rename linkmap->bti_guarded to linkmap->bti.
- PATCH 13: new patch, update _mcount for pac-ret.
- fixed TODOs except for the last two patches, which are written
for current gcc behaviour.
- I'm waiting for a review of PATCH 03 and welcome comments on
the rest of the set, which i consider done unless there are
changes on the gcc or linux side.
v2:
- removed --enable-branch-protection-standard configure option,
branch protection in glibc is enabled based on the compiler default.
- GNU property notes are disabled if compiler/linker has no support.
- pac-ret is enabled based on compiler defaults.
- PATCH 03: cleaner csu/abi-note.c and fix arm/abi-note.S.
- PATCH 04: new (bti config check).
- PATCH 09: drop the umount2 change.
- PATCH 10: use bool instead of int.
- PATCH 10: fix code style and comments.
- PATCH 10: add linux version requirement to description.
- PATCH 11: new (pac-ret config check).
- PATCH 12: only use pac-ret if HAVE_AARCH64_PAC_RET.
- PATCH 12: fix pac-ret use in dl-trampoline.S.
- PATCH 13: use static inline instead of macro, update description.
- addressed some of the reviews from Adhemerval, the remaining ones
are marked as TODO in the descriptions and will require another
test run or agreement on the design.
Ran cross tests in qemu using the linux for-next/bti-user branch of
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
FAIL: elf/tst-audit14
FAIL: elf/tst-audit15
FAIL: elf/tst-audit16
cross test issue. (/dev/stdout is pipe)
FAIL: elf/tst-ldconfig-ld_so_conf-update
cross test issue. (etc/ld.so.cache is missing)
XPASS: elf/tst-protected1a
XPASS: elf/tst-protected1b
UNSUPPORTED: iconv/tst-gconv-init-failure
FAIL: io/ftwtest
cross test issue. (symlink to nfs root)
FAIL: libio/tst-wfile-sync
cross test issue. (stdin is pipe, bug 24668)
UNSUPPORTED: math/test-fesetexcept-traps
UNSUPPORTED: math/test-fexcept-traps
UNSUPPORTED: math/test-nearbyint-except-2
UNSUPPORTED: misc/tst-pkey
FAIL: nptl/test-cond-printers
FAIL: nptl/test-condattr-printers
FAIL: nptl/test-mutex-printers
FAIL: nptl/test-mutexattr-printers
FAIL: nptl/test-rwlock-printers
FAIL: nptl/test-rwlockattr-printers
cross test issue.
FAIL: nptl/tst-cancel7
FAIL: nptl/tst-cancelx7
cross test issue. (racy test, bug 14232)
UNSUPPORTED: posix/tst-spawn4-compat
UNSUPPORTED: resolv/tst-resolv-ai_idn
UNSUPPORTED: resolv/tst-resolv-ai_idn-latin1
Summary of test results:
14 FAIL
4127 PASS
8 UNSUPPORTED
17 XFAIL
2 XPASS
Sudakshina Das (2):
aarch64: Add BTI support to assembly files
aarch64: enable BTI at runtime
Szabolcs Nagy (11):
elf.h: Add PT_GNU_PROPERTY
elf.h: add aarch64 property definitions
Rewrite abi-note.S in C.
aarch64: configure test for BTI support
aarch64: Rename place holder .S files to .c
aarch64: fix swapcontext for BTI
aarch64: fix RTLD_START for BTI
aarch64: configure check for pac-ret code generation
aarch64: Add pac-ret support to assembly files
aarch64: redefine RETURN_ADDRESS to strip PAC
aarch64: fix _mcount for pac-ret
config.h.in | 6 +
csu/{abi-note.S => abi-note.c} | 28 ++--
elf/dl-load.c | 13 ++
elf/elf.h | 7 +
elf/rtld.c | 6 +
sysdeps/aarch64/Makefile | 4 +
.../aarch64/{bsd-_setjmp.S => bsd-_setjmp.c} | 0
.../aarch64/{bsd-setjmp.S => bsd-setjmp.c} | 0
sysdeps/aarch64/configure | 81 ++++++++++
sysdeps/aarch64/configure.ac | 40 +++++
sysdeps/aarch64/crti.S | 10 ++
sysdeps/aarch64/crtn.S | 8 +
sysdeps/aarch64/dl-bti.c | 54 +++++++
sysdeps/aarch64/dl-machine.h | 5 +-
sysdeps/aarch64/dl-prop.h | 145 ++++++++++++++++++
sysdeps/aarch64/dl-tlsdesc.S | 11 ++
sysdeps/aarch64/dl-trampoline.S | 20 +++
sysdeps/aarch64/linkmap.h | 3 +
sysdeps/aarch64/machine-gmon.h | 2 +-
sysdeps/aarch64/{memmove.S => memmove.c} | 0
sysdeps/aarch64/start.S | 1 +
sysdeps/aarch64/sysdep.h | 57 ++++++-
sysdeps/arm/abi-note.S | 8 -
sysdeps/generic/dl-prop.h | 16 +-
sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 +
sysdeps/unix/sysv/linux/aarch64/bits/mman.h | 31 ++++
.../unix/sysv/linux/aarch64/cpu-features.c | 3 +
.../unix/sysv/linux/aarch64/cpu-features.h | 2 +
sysdeps/unix/sysv/linux/aarch64/swapcontext.S | 14 +-
sysdeps/x86/dl-prop.h | 6 +
30 files changed, 554 insertions(+), 28 deletions(-)
rename csu/{abi-note.S => abi-note.c} (88%)
rename sysdeps/aarch64/{bsd-_setjmp.S => bsd-_setjmp.c} (100%)
rename sysdeps/aarch64/{bsd-setjmp.S => bsd-setjmp.c} (100%)
create mode 100644 sysdeps/aarch64/dl-bti.c
create mode 100644 sysdeps/aarch64/dl-prop.h
rename sysdeps/aarch64/{memmove.S => memmove.c} (100%)
delete mode 100644 sysdeps/arm/abi-note.S
create mode 100644 sysdeps/unix/sysv/linux/aarch64/bits/mman.h
--
2.17.1
next reply other threads:[~2020-05-15 14:41 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 14:40 Szabolcs Nagy [this message]
2020-05-15 14:40 ` [PATCH v3 01/13] elf.h: Add PT_GNU_PROPERTY Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 02/13] elf.h: add aarch64 property definitions Szabolcs Nagy
2020-05-18 15:26 ` Florian Weimer via Libc-alpha
2020-05-21 8:57 ` Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 03/13] Rewrite abi-note.S in C Szabolcs Nagy
2020-05-18 15:28 ` Florian Weimer via Libc-alpha
2020-05-20 10:27 ` Szabolcs Nagy
2020-05-20 10:34 ` Florian Weimer via Libc-alpha
2020-05-21 8:54 ` [PATCH v4] " Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 04/13] aarch64: configure test for BTI support Szabolcs Nagy
2020-05-25 18:41 ` Adhemerval Zanella via Libc-alpha
2020-05-25 18:48 ` Adhemerval Zanella via Libc-alpha
2020-05-15 14:40 ` [PATCH v3 05/13] aarch64: Add BTI support to assembly files Szabolcs Nagy
2020-05-25 18:49 ` Adhemerval Zanella via Libc-alpha
2020-05-15 14:40 ` [PATCH v3 06/13] aarch64: Rename place holder .S files to .c Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 07/13] aarch64: fix swapcontext for BTI Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 08/13] aarch64: fix RTLD_START " Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 09/13] aarch64: enable BTI at runtime Szabolcs Nagy
2020-05-25 19:53 ` Adhemerval Zanella via Libc-alpha
2020-05-26 11:20 ` Szabolcs Nagy
2020-05-15 14:40 ` [PATCH v3 10/13] aarch64: configure check for pac-ret code generation Szabolcs Nagy
2020-05-25 21:49 ` Adhemerval Zanella via Libc-alpha
2020-05-15 14:40 ` [PATCH v3 11/13] aarch64: Add pac-ret support to assembly files Szabolcs Nagy
2020-05-26 11:26 ` Adhemerval Zanella via Libc-alpha
2020-05-15 14:40 ` [PATCH v3 12/13] aarch64: redefine RETURN_ADDRESS to strip PAC Szabolcs Nagy
2020-05-26 11:29 ` Adhemerval Zanella via Libc-alpha
2020-05-15 14:40 ` [PATCH v3 13/13] aarch64: fix _mcount for pac-ret Szabolcs Nagy
2020-05-26 11:33 ` Adhemerval Zanella via Libc-alpha
2020-05-26 18:38 ` Szabolcs Nagy
2020-05-26 19:13 ` Adhemerval Zanella via Libc-alpha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1589552054.git.szabolcs.nagy@arm.com \
--to=szabolcs.nagy@arm.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).