From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, T_DKIMWL_WL_HIGH autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C368C282DC for ; Sun, 2 Jun 2019 15:44:08 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CAA602794C for ; Sun, 2 Jun 2019 15:44:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="kEbJKbPZ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="iRd1qYLw" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CAA602794C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=YN9ULUFX++II+1GoITv3MjFyO6ZjaMwAcxl9lXFYtps=; b=kEbJKbPZS6A98f m8CWOblbtyxmHqBGKU6jeuk91VvE+qGfe/DKXvPcdnPTAEfhx9fhehkjCru8R4BAHhT+CfI3H4tj2 39S0tPVkWVXdkaX6lIwsmFYMkdDJdXPhgxrzORjJ0X98ufCR1fH6QHG2oVcRy2QlS4E3DsUPduDvB iwRQ5ciwgOt0Xw2tsYVJzyntgTX8CpIXCev5E/+FQdOQIE0X6LDpuijfRCL4d7InxS3VakxXlCOHA QENP625sQf/EpgzRgw+pyh6c7kFYuim/WeIB5Kk/2Lu6hmdGSQ4oYma+8wVIL23OjyYd0BDPPcmxj zwUqxCVEfmpkBGp9HSJQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hXSeP-0002BG-R6; Sun, 02 Jun 2019 15:44:01 +0000 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hXSeM-0002Au-CX for linux-arm-kernel@lists.infradead.org; Sun, 02 Jun 2019 15:44:00 +0000 Received: by mail-pg1-x544.google.com with SMTP id h17so6823463pgv.0 for ; Sun, 02 Jun 2019 08:43:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=mlo0gjDzmF7fVZ14XgMkSAL1vi16/ChE8MgpBDwOXFI=; b=iRd1qYLw7xZ/zyDbodOqAQI1Vjgg2n0eyz0xlmpxGMI/gzTPy+kNn1n8SoFUop/O6Q a9Flci437eG14r2J+Cd+NW9AGbXSEqYVKau2LhXDPZqlRZJWxlhIO1OpOit0LBOn392G sYvtC5CCTbhO+Qv66ROnrMfrI5lii9r6tS/l8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=mlo0gjDzmF7fVZ14XgMkSAL1vi16/ChE8MgpBDwOXFI=; b=rw1bOOEcmFgdbZfkoGT4pZn4ilHIJbabCtGFOV8OxFibobEXQSJb7r6Y86hXDH/XrE LhRDooYOrcNJG9W57yiN7hvDf1OTgR/IHrFHXDNKtJGBiBYH9N2/Xjx50r4d21ZyYS8/ HEIuXPkRUk91+SDIdRqtFe0slS9TZQZJAdS7HWvseqaAr123QYF7D8OKN3AGRlg/7gxu 2fjINXmMJjnWklrKc+uVXWnvORbq99WVZJR5iIVOJw/+E84bzOIA8/MjHnuBsopKWVkH vzhlbfs29y60B2Uioe0w9hhJlnXQwJcVusQfGRhM2In7WhhWG0kOgubgx68v2kPa8dzv Ab4g== X-Gm-Message-State: APjAAAXmiJAuNNDdaa5yMXNVBAZ3JZW5dC0bgg4slWeNB9dbdVzZJMQL +TFEmNExpcY+KHxl+bC2Move7g== X-Google-Smtp-Source: APXvYqxDP17fGIONK1n8hjzsU8R8jmikO9E5E1Y15mOb2eWnPzW1g1/nvwWcZPn+u8TYICzFJfPyRA== X-Received: by 2002:a63:1844:: with SMTP id 4mr21236394pgy.402.1559490237756; Sun, 02 Jun 2019 08:43:57 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e5sm9285304pgh.35.2019.06.02.08.43.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 02 Jun 2019 08:43:56 -0700 (PDT) Date: Sun, 2 Jun 2019 08:43:55 -0700 From: Kees Cook To: Will Deacon Subject: Re: [RFC v2 0/7] arm64: return address signing Message-ID: <201906020843.140EC55FB@keescook> References: <20190529190332.29753-1-kristina.martsenko@arm.com> <201905292004.3809FBAA66@keescook> <201905300851.4A68705B0@keescook> <201905301058.CA55245A0@keescook> <20190531092202.GA19208@fuggles.cambridge.arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190531092202.GA19208@fuggles.cambridge.arm.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190602_084358_471810_5F76CE41 X-CRM114-Status: GOOD ( 21.48 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Luke Cheeseman , Diogo Sampaio , Luke Cheeseman , Catalin Marinas , Ard Biesheuvel , Kristina Martsenko , Ramana Radhakrishnan , Amit Kachhap , Kristof Beyls , Christof Douma , Suzuki Poulose , Dave P Martin , "linux-arm-kernel@lists.infradead.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, May 31, 2019 at 10:22:02AM +0100, Will Deacon wrote: > On Thu, May 30, 2019 at 11:05:15AM -0700, Kees Cook wrote: > > On Thu, May 30, 2019 at 04:55:08PM +0000, Luke Cheeseman wrote: > > > The semantics of this attribute are straightforward enough but it > > > raises some questions. One question being why would I want to turn off > > > BTI (also controlled by this option) for one function in a file? Which > > > gets a bit odd. > > > > It's about leaving very early CPU startup functions in the kernel from > > getting marked up (since they are running before or during the PAC setup). > > > > > I don't know if the alternatives have been suggested but it's > > > possible to achieve the result you seem to be after (a function without > > > return address signing) in a couple of ways. First and foremost, > > > separating the function out into it's own file and compiling with > > > -mbranch-protection=none. Alternatively, writing the function in assembly > > > or perhaps even a naked function with inline assembly. > > > > Fair enough. :) Thanks for the clarification. Yeah, split on compilation > > unit could work. (In the future, though, having the attribute flexibility > > would be nice.) > > > > Kristina, would it be feasible to split these functions into a separate > > source file? (There doesn't seem to be a need to inline them, given > > they're not performance sensitive and only used once, etc?) > > Right, and we could call it kernel.c > > Sarcasm aside, please fix this in the toolchain. Moving logically unrelated > functions into one file just because the toolchain doesn't yet support this > feature just messes up the codebase and removes the incentive to get this > implemented properly. After all, you need something to do now that asm goto > is out of the way, right? ;) LLVM tracking bug created... https://bugs.llvm.org/show_bug.cgi?id=42095 -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel