From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, T_DKIMWL_WL_HIGH,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0738DC072B1 for ; Thu, 30 May 2019 07:25:31 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D17D225384 for ; Thu, 30 May 2019 07:25:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="s009zYDA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D17D225384 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=cNCpZVkScUOQH2t2pwyjzQSbJBRw07JgjzKAMxm7DoY=; b=s009zYDAFG1Ltl 1bJCQxjDQxvg3xhLjT9n/AHjsgBXn3xrZ835fi28F1qNLXxfj8+ViHWcT7TAv6TwQPapvUXP7IiWG SaXBGiPY9dHWN46YVoRbm2g+kjch8XdZg1IJlEOsqRBt/hbFNoWILmNgplavtFertKzQa4EqNsKlo 52pWcLPZI2JFsJkuACyeqi351w8dzmascJHv0FcBowMyS6Y4T3LXBWqOXRi43Mh230GaaymmYoHbF njAI50P2vxXAI0+K3t9gHAN8e1PGQtRg3iKfRs2y0WrbH26LW5dggTyrO9GxX7U0H65o2kf1r/F/r F3IpAWUR887NE6tX+/ng==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hWFRD-0006yV-Nj; Thu, 30 May 2019 07:25:23 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hWFRA-0006y4-RW for linux-arm-kernel@lists.infradead.org; Thu, 30 May 2019 07:25:22 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E2E54A78; Thu, 30 May 2019 00:25:19 -0700 (PDT) Received: from brain-police (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 02DCB3F690; Thu, 30 May 2019 00:25:16 -0700 (PDT) Date: Thu, 30 May 2019 08:25:07 +0100 From: Will Deacon To: Kees Cook Subject: Re: [RFC v2 0/7] arm64: return address signing Message-ID: <20190530072507.GA9955@brain-police> References: <20190529190332.29753-1-kristina.martsenko@arm.com> <201905292004.3809FBAA66@keescook> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <201905292004.3809FBAA66@keescook> User-Agent: Mutt/1.9.4 (2018-02-28) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190530_002520_896193_EB5FD77A X-CRM114-Status: GOOD ( 13.92 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , "Diogo N. Sampaio" , Ard Biesheuvel , Catalin Marinas , Luke Cheeseman , Kristina Martsenko , Ramana Radhakrishnan , Amit Kachhap , Suzuki K Poulose , Dave Martin , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, May 29, 2019 at 08:09:23PM -0700, Kees Cook wrote: > On Wed, May 29, 2019 at 08:03:25PM +0100, Kristina Martsenko wrote: > > This series improves function return address protection for the arm64 kernel, by > > compiling the kernel with ARMv8.3 Pointer Authentication instructions. This > > should help protect the kernel against attacks using return-oriented > > programming. > > Can you speak to whether this feature should be enalbed in addition to > or instead of the standard stack canary option? Hmm. That's a really interesting question. Given that PAC is optional in the hardware and behaves as NOPs on older CPUs, I've have thought that we'd need to continue enabling stack canaries regardless. However, that then raises the obvious question as to whether we could patch out the canary code if we detect PAC at runtime, which probably needs compiler help... Then again, perhaps there's benefit in having both features enabled. So I think I agree with your question :) Will _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel