From: Mark Brown <broonie@kernel.org>
To: Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Brown <broonie@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 06/10] arm64: bti: Provide Kconfig for kernel mode BTI
Date: Wed, 29 Apr 2020 22:16:37 +0100 [thread overview]
Message-ID: <20200429211641.9279-7-broonie@kernel.org> (raw)
In-Reply-To: <20200429211641.9279-1-broonie@kernel.org>
Now that all the code is in place provide a Kconfig option allowing users
to enable BTI for the kernel if their toolchain supports it, defaulting it
on since this has security benefits. This is a separate configuration
option since we currently don't support secondary CPUs that lack BTI if
the boot CPU supports it.
Code generation issues mean that current GCC 9 versions are not able to
produce usable BTI binaries so we disable support for building with GCC
versions prior to 10, once a fix is backported to GCC 9 the dependencies
will be updated.
Signed-off-by: Mark Brown <broonie@kernel.org>
---
arch/arm64/Kconfig | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 6f199d8146d4..f3de1c115fc0 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1610,6 +1610,24 @@ config ARM64_BTI
BTI, such binaries can still run, but you get no additional
enforcement of branch destinations.
+config ARM64_BTI_KERNEL
+ bool "Use Branch Target Identification for kernel"
+ default y
+ depends on ARM64_BTI
+ depends on ARM64_PTR_AUTH
+ depends on CC_HAS_BRANCH_PROT_PAC_RET_BTI
+ depends on !CC_IS_GCC || GCC_VERSION >= 100000
+ depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)
+ help
+ Build the kernel with Branch Target Identification annotations
+ and enable enforcement of this for kernel code. When this option
+ is enabled and the system supports BTI all kernel code including
+ modular code must have BTI enabled.
+
+config CC_HAS_BRANCH_PROT_PAC_RET_BTI
+ # GCC 9 or later, clang 8 or later
+ def_bool $(cc-option,-mbranch-protection=pac-ret+leaf+bti)
+
config ARM64_E0PD
bool "Enable support for E0PD"
default y
--
2.20.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-04-29 21:22 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 21:16 [PATCH v2 00/10] arm64: BTI kernel and vDSO support Mark Brown
2020-04-29 21:16 ` [PATCH v2 01/10] arm64: bti: Support building kernel C code using BTI Mark Brown
2020-05-05 16:50 ` Dave Martin
2020-05-05 17:31 ` Mark Brown
2020-05-06 12:24 ` Amit Kachhap
2020-04-29 21:16 ` [PATCH v2 02/10] arm64: asm: Override SYM_FUNC_START when building the kernel with BTI Mark Brown
2020-05-05 14:56 ` Will Deacon
2020-05-05 15:18 ` Mark Brown
2020-05-05 16:08 ` Will Deacon
2020-05-05 17:21 ` Mark Brown
2020-05-06 7:10 ` Will Deacon
2020-05-06 10:41 ` Mark Brown
2020-05-06 10:50 ` Will Deacon
2020-05-06 11:43 ` Mark Brown
2020-05-06 12:27 ` Will Deacon
2020-05-06 13:03 ` Mark Brown
2020-05-06 13:40 ` Dave Martin
2020-05-06 14:45 ` Will Deacon
2020-05-06 15:25 ` Mark Brown
2020-05-06 15:48 ` Will Deacon
2020-05-06 15:33 ` Dave Martin
2020-04-29 21:16 ` [PATCH v2 03/10] arm64: Set GP bit in kernel page tables to enable BTI for the kernel Mark Brown
2020-04-29 21:16 ` [PATCH v2 04/10] arm64: bpf: Annotate JITed code for BTI Mark Brown
2020-04-29 21:16 ` [PATCH v2 05/10] arm64: mm: Mark executable text as guarded pages Mark Brown
2020-04-29 21:16 ` Mark Brown [this message]
2020-04-29 21:16 ` [PATCH v2 07/10] arm64: asm: Provide a mechanism for generating ELF note for BTI Mark Brown
2020-05-05 14:58 ` Will Deacon
2020-05-05 16:51 ` Dave Martin
2020-05-05 17:06 ` Mark Brown
2020-05-06 11:26 ` Will Deacon
2020-05-06 12:38 ` Mark Brown
2020-05-06 13:44 ` Will Deacon
2020-05-06 15:39 ` Mark Brown
2020-04-29 21:16 ` [PATCH v2 08/10] arm64: vdso: Annotate " Mark Brown
2020-04-29 21:16 ` [PATCH v2 09/10] arm64: vdso: Force the vDSO to be linked as BTI when built " Mark Brown
2020-04-29 21:16 ` [PATCH v2 10/10] arm64: vdso: Map the vDSO text with guarded pages " Mark Brown
2020-04-30 17:18 ` [PATCH v2 00/10] arm64: BTI kernel and vDSO support Catalin Marinas
2020-04-30 17:23 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200429211641.9279-7-broonie@kernel.org \
--to=broonie@kernel.org \
--cc=Vincenzo.Frascino@arm.com \
--cc=catalin.marinas@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.