Thread (60 messages) 60 messages, 6 authors, 2020-01-21

Re: [PATCH v3 00/16] arm64: return address signing

From: Amit Kachhap <hidden>
Date: 2020-01-07 11:07:27 

Hi Kees,

On 12/31/19 12:39 AM, Kees Cook wrote:
On Mon, Dec 16, 2019 at 02:17:02PM +0530, Amit Daniel Kachhap wrote:
quoted
This series improves function return address protection for the arm64 kernel, by
compiling the kernel with ARMv8.3 Pointer Authentication instructions (referred
ptrauth hereafter). This should help protect the kernel against attacks using
return-oriented programming.
Exciting! Can this be emulated in qemu yet? I'd like to see more specific
Yes I just checked qemu 4.1 version. ptrauth can be emulated by using 
option -cpu max. Even the lkdtm test provided in this series works fine.

LKDTM tests added for this (similar to the forward-edge CFI tests[1]),
Ok sure I will check on this if I can add more tests.

but I won't be able to do these tests myself since I don't have ARMv8.3
hardware. :) IIUC, the existing lkdtm_CORRUPT_STACK*() tests[2] should trip
with this protection enabled...
Yes lkdtm_CORRUPT_STACK test works fine along ptrauth instructions.

Thanks,
Amit
Thanks!

-Kees

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/misc/lkdtm/cfi.c
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/misc/lkdtm/bugs.c#n114
quoted
This series is based on v5.5-rc2.

High-level changes since v2 [1] (detailed changes are in individual patches):
  - Added support to generate randomness for ptrauth keys for early booting task
    in primary core as suggested by Ard.
  - Modified lkdtm ptrauth test-case to change keys to cause crash instead of
    modifying the lr in the stack.
  - Resolved a clang compilation issue.
  - Re-positioned "arm64: rename ptrauth key structures to be user-specific" to
    reduce code churnings.

This series do not implement few things or have known limitations:
  - kdump tools may need some rework to work with ptrauth. The kdump
    tools may need the ptrauth information to strip PAC bits.

Feedback welcome!

Thanks,
Amit Daniel

[1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2019-November/695089.html

Amit Daniel Kachhap (8):
   arm64: create macro to park cpu in an infinite loop
   arm64: ptrauth: Add bootup/runtime flags for __cpu_setup
   arm64: initialize ptrauth keys for kernel booting task
   arm64: mask PAC bits of __builtin_return_address
   arm64: __show_regs: strip PAC from lr in printk
   arm64: suspend: restore the kernel ptrauth keys
   arm64: kprobe: disable probe of ptrauth instruction
   lkdtm: arm64: test kernel pointer authentication

Kristina Martsenko (6):
   arm64: cpufeature: add pointer auth meta-capabilities
   arm64: rename ptrauth key structures to be user-specific
   arm64: install user ptrauth keys at kernel exit time
   arm64: enable ptrauth earlier
   arm64: initialize and switch ptrauth kernel keys
   arm64: compile the kernel with ptrauth return address signing

Mark Rutland (1):
   arm64: unwind: strip PAC from kernel addresses

Vincenzo Frascino (1):
   kconfig: Add support for 'as-option'

  arch/arm64/Kconfig                        | 27 +++++++++++-
  arch/arm64/Makefile                       | 11 +++++
  arch/arm64/include/asm/asm_pointer_auth.h | 59 ++++++++++++++++++++++++++
  arch/arm64/include/asm/compiler.h         | 20 +++++++++
  arch/arm64/include/asm/cpucaps.h          |  4 +-
  arch/arm64/include/asm/cpufeature.h       |  6 +--
  arch/arm64/include/asm/insn.h             | 13 +++---
  arch/arm64/include/asm/pointer_auth.h     | 54 ++++++++++++------------
  arch/arm64/include/asm/processor.h        |  3 +-
  arch/arm64/include/asm/smp.h              | 10 +++++
  arch/arm64/include/asm/stackprotector.h   |  5 +++
  arch/arm64/kernel/asm-offsets.c           | 16 +++++++
  arch/arm64/kernel/cpufeature.c            | 30 ++++++++++----
  arch/arm64/kernel/entry.S                 |  6 +++
  arch/arm64/kernel/head.S                  | 47 +++++++++++++++------
  arch/arm64/kernel/insn.c                  |  1 +
  arch/arm64/kernel/pointer_auth.c          |  7 +---
  arch/arm64/kernel/probes/decode-insn.c    |  2 +-
  arch/arm64/kernel/process.c               |  5 ++-
  arch/arm64/kernel/ptrace.c                | 16 +++----
  arch/arm64/kernel/sleep.S                 |  8 ++++
  arch/arm64/kernel/smp.c                   | 10 +++++
  arch/arm64/kernel/stacktrace.c            |  3 ++
  arch/arm64/mm/proc.S                      | 69 ++++++++++++++++++++++++++-----
  drivers/misc/lkdtm/bugs.c                 | 36 ++++++++++++++++
  drivers/misc/lkdtm/core.c                 |  1 +
  drivers/misc/lkdtm/lkdtm.h                |  1 +
  include/linux/stackprotector.h            |  2 +-
  scripts/Kconfig.include                   |  4 ++
  29 files changed, 388 insertions(+), 88 deletions(-)
  create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
  create mode 100644 arch/arm64/include/asm/compiler.h

-- 
2.7.4
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help