Message ID | 62a4294111ba2d06fdc1772fee65960e1cc02e5d.1593612309.git.szabolcs.nagy@arm.com |
---|---|
State | Committed |
Headers |
Return-Path: <libc-alpha-bounces@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 10BE63860C3D; Wed, 1 Jul 2020 14:41:38 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2068.outbound.protection.outlook.com [40.107.22.68]) by sourceware.org (Postfix) with ESMTPS id 9C3583857007 for <libc-alpha@sourceware.org>; Wed, 1 Jul 2020 14:41:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 9C3583857007 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=rP+IN8ibG3XBQjlEwfwg9u3g+SQnBR+5B6dT56CptfakKGPyEMBL4EsKMyiYjCcFaHVu46bz3IqXKv8COKFD07lQauSLD9WrJkzs0u4XkEP2ZG32MZ6c0umZzOB8ER6l9dgyT3G8DOEG5ZghLNVdsIlnG2JjhW/wUW/bL0fioKk= Received: from DB6PR0202CA0033.eurprd02.prod.outlook.com (2603:10a6:4:a5::19) by VE1PR08MB5152.eurprd08.prod.outlook.com (2603:10a6:803:109::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Wed, 1 Jul 2020 14:41:30 +0000 Received: from DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:a5:cafe::e1) by DB6PR0202CA0033.outlook.office365.com (2603:10a6:4:a5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.20 via Frontend Transport; Wed, 1 Jul 2020 14:41:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT044.mail.protection.outlook.com (10.152.21.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 1 Jul 2020 14:41:30 +0000 Received: ("Tessian outbound 4e683f4039d5:v62"); Wed, 01 Jul 2020 14:41:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 56f962702a4ecfcc X-CR-MTA-TID: 64aa7808 Received: from d24c9e65ae9a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7655F9EA-F5C9-4C5E-A445-74272A36A3E5.1; Wed, 01 Jul 2020 14:41:24 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d24c9e65ae9a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 01 Jul 2020 14:41:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xc86BkXTx6jY0SIc+94vhLvVe/r/okUdnD7Z2dxfNAINnjliZUXFendsqsL2dKGx03J0QcL7TCpR2Xsj1T7MF0ZYPwS8Ep2HqUU+ejmHtHt0MnaNZikhiQR8LDGY2PuFGgXdXaoxCgGPwg9Pbnb1zeu/yle4bkV7rLKxKWCSCi3kk4WCZCCw5hxjY8QBgvqQq+BQvAk5xupPm1K5KTkT1Oyyt02ZX7LXaH4j1EmCbmWn7x+Kqj1r2aaMCbrKERiH+L2Ka1HgR4BUqHo2xY1sJx1UbPhVYIKPgi7+Fown4JSOVwsy+AIyG/BnOopfE0Z8VKquqvkQjoXeCYTYKq8WTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=SjTdbyvPIALz2gCnaXe5LTYDX6O7tyOnctJEJ/sSHcuFeCaycznTdYNO/FXla6FHDdTncjsyEPLtymYXSGsPEKPP/monfZ5bygDRZw/jRgyatCKSBqT6dsGyJNl8gG+Y+iP0Km9ekxC5cO/5dK3p01GMNjX1GE0fMU/qGvjZAofejMNUHti9xkSbICgEnL8sqzxl2g4qzTNzahyEd4h6vkopG+YAbo69mBTTZK6VWcm+3+okGPpoRZM/wEur2E6cMSjXVMCFj8OmxpZHc2GoMadU+w1rlgOZdMER6tg1ZWgOve8DIf2Rn+rC0+KHa0ChLMu1KJFocPwScaTqBEuL7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=rP+IN8ibG3XBQjlEwfwg9u3g+SQnBR+5B6dT56CptfakKGPyEMBL4EsKMyiYjCcFaHVu46bz3IqXKv8COKFD07lQauSLD9WrJkzs0u4XkEP2ZG32MZ6c0umZzOB8ER6l9dgyT3G8DOEG5ZghLNVdsIlnG2JjhW/wUW/bL0fioKk= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB3879.eurprd08.prod.outlook.com (2603:10a6:20b:8c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.24; Wed, 1 Jul 2020 14:41:23 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3131.033; Wed, 1 Jul 2020 14:41:23 +0000 From: Szabolcs Nagy <szabolcs.nagy@arm.com> To: libc-alpha@sourceware.org Subject: [PATCH v6 14/14] aarch64: add NEWS entry about branch protection support Date: Wed, 1 Jul 2020 15:41:11 +0100 Message-Id: <62a4294111ba2d06fdc1772fee65960e1cc02e5d.1593612309.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <cover.1593612309.git.szabolcs.nagy@arm.com> References: <cover.1593612309.git.szabolcs.nagy@arm.com> Content-Type: text/plain X-ClientProxiedBy: SN6PR04CA0089.namprd04.prod.outlook.com (2603:10b6:805:f2::30) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by SN6PR04CA0089.namprd04.prod.outlook.com (2603:10b6:805:f2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.23 via Frontend Transport; Wed, 1 Jul 2020 14:41:21 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 775bf7c1-f65f-463c-5482-08d81dccd798 X-MS-TrafficTypeDiagnostic: AM6PR08MB3879:|VE1PR08MB5152: X-Microsoft-Antispam-PRVS: <VE1PR08MB515285025149DAF1FEFF5503ED6C0@VE1PR08MB5152.eurprd08.prod.outlook.com> x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 04519BA941 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: LhPYkJ7gszT5RSkKJpiC9IEAjsai29LfbIQPxQ8s8Uebk+grHw13xKT2wTf1AReqL8pguQzp5MP7n7VmoV3EEeMQJxgX1iGtlS5LTlSDroDEDItp0OBnvqrl8Ho3MzxBRpST1iuI3bADOu7wOUssoVWAvNkQDg2VvhiVCbGtKJ6cOVqJH41J1diSkgcVZmZmzkFLCeVWYExeUzeS5ygKWzMJTda6haRNlp2CB1DzMM5dqqJ6sXLv1/p3f8RlVFLmcRvfDOTA456VyqCCnQpSr0Ib5HMoEKeu79yEqqtJIriyqLAcedp4QCFMTVaoNVlyZFr3L3h4ro+m15nzdgGqQel1MPAH/mmzk6fjB9KUt5P2ueq/mb48SNkfbe1c4elttE63WA8JR6vZUcEP0uqiXriLkY3qsKFDuN+0cPc6QcM= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(186003)(2906002)(52116002)(478600001)(36756003)(956004)(2616005)(6916009)(6512007)(66946007)(66476007)(44832011)(6666004)(66556008)(6486002)(69590400007)(83380400001)(5660300002)(26005)(6506007)(16526019)(86362001)(8936002)(316002)(8676002)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: sw9GIUgXRgQL5I91CoRXFFKUsGhTcLkes3JS5bIf0IIFV7FFpir0DrwkVdlTBl6TuNw88P2kWHuAJVGZvJI+TkYcj8dnxHB9R41JDAkBp6TXjfrgz2Vtbmarthwf13agofsyAzfHSG8pbRuuNM7/SGHUfc7woPwNymGlBg0zokgw9wHx3ffpkiuhp5R0QRU1wCZUh6gowVoxzui7gMMYUETTg0N6LxKdUgizB+nJfBRxB/emIl8QAzi0y76xPlG7e9dq6xC2OZgKxFLzfHpcJLmHTAlD2mETZIwuGAjGB23UC+Z046f0nmMv2jTon18yZrmIQ10r1vbBnJ+aaq7nonSChf255X3QcEDyfpZCfOmautdBpuBzQ8eq+3lhO+bcxHKj34E9DxEKiW6bUxoE/yl9x7FW2Wx7+aNW9eL4Guc2VYkcJ5M6+Eu7lgxeG6vOQruCCxz1qjDyIUfcvcuvJgSAr+mlilkqs9AGx5kXFME= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3879 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(46966005)(69590400007)(8676002)(70586007)(47076004)(6916009)(356005)(186003)(82740400003)(2616005)(6506007)(2906002)(6666004)(16526019)(956004)(316002)(26005)(81166007)(44832011)(36756003)(8936002)(478600001)(70206006)(86362001)(5660300002)(336012)(82310400002)(6486002)(83380400001)(6512007)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: 2c0b9cf1-403c-4d7e-47e3-08d81dccd31d X-Forefront-PRVS: 04519BA941 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BUC2xnSylVcFxGd+AJID2dFkdglRuVhl4OlbrvhaK+crUDeWDB3vnkU+L4OcVfKyRRwCurm9y0DcPEAr/HJrz7bfYun+1ZkVxng5FuglgzILbD+ZL0FFA+6f6SZPylzTMxP+9ldp8EpX3RaiBViOl1zMW/hWZMEx4Rdj4KYnzISv2ywXyZ+V3V8yL79BwR5bvHibqX6YmDx04qbja4t4glGBSRDjyfEsxSlbZzLnSE01n3t+BtNOvhrw2XX0H89dT/PGXl9Sv6A5pyQE8FPhBcy5Q0qIxP1X0eT0V2KekdNTcMFqIW5qjjae79nDSLB0y56HKyJXARA04ayy+JJFsVgvfAKEfiktQAj0etkcYOFNh7Zfuylgxy1IM7rG0KFlZwhQ6zGzYgElhGKqYDFIVo/2/UffQERXOWd2O+jyg6TlUoG5Ad4I5MUPkHjoqUvm8sEXlRK+CakMpOUsYdCs4g== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2020 14:41:30.0393 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 775bf7c1-f65f-463c-5482-08d81dccd798 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5152 X-Spam-Status: No, score=-16.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org> |
Series |
aarch64: branch protection support
|
|
Commit Message
Szabolcs Nagy
July 1, 2020, 2:41 p.m. UTC
This is a new security feature that relies on architecture extensions and needs glibc to be built with a gcc configured with branch protection. --- NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+)
Comments
On 01/07/2020 11:41, Szabolcs Nagy wrote: > This is a new security feature that relies on architecture > extensions and needs glibc to be built with a gcc configured > with branch protection. > --- > NEWS | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/NEWS b/NEWS > index a660fc59a8..7d0ca3f520 100644 > --- a/NEWS > +++ b/NEWS > @@ -31,6 +31,18 @@ Major new features: > pthread_attr_getsigmask_np have been added. They allow applications > to specify the signal mask of a thread created with pthread_create. > > +* AArch64 now supports standard branch protection security hardening > + in glibc when it is built with a GCC that is configured with > + --enable-standard-branch-protection. This includes branch target Should we state that user can also set the required flags on compiler specification as well (CC='gcc -mbranch-protection=pac-ret+bti -O2)? > + identification (BTI) and pointer authentication for return addresses > + (PAC-RET). They require armv8.5-a and armv8.3-a architecture Two space after period. > + extensions respectively for the protection to be effective, > + otherwise the used instructions are nops. User code can use PAC-RET > + without libc support, but BTI requires a libc that is built with BTI > + support, otherwise runtime objects linked into user code will not be > + BTI compatible. It is recommended to use GCC 10 or newer when > + building glibc with branch protection. Should we extend why gcc 10 is required here? This statement without much explanation might raise some questioning. > + > Deprecated and removed features, and other changes affecting compatibility: > > * The deprecated <sys/sysctl.h> header and the sysctl function have been >
The 07/06/2020 15:41, Adhemerval Zanella wrote: > On 01/07/2020 11:41, Szabolcs Nagy wrote: > > > > +* AArch64 now supports standard branch protection security hardening > > + in glibc when it is built with a GCC that is configured with > > + --enable-standard-branch-protection. This includes branch target > > Should we state that user can also set the required flags on compiler > specification as well (CC='gcc -mbranch-protection=pac-ret+bti -O2)? the gcc config option is the preferred way, explicit CC setting may or may not work if the compiler internally has to do something differently (such as building its own runtime libs with bti support). > > + identification (BTI) and pointer authentication for return addresses > > + (PAC-RET). They require armv8.5-a and armv8.3-a architecture > > Two space after period. fixed throughout. > > + extensions respectively for the protection to be effective, > > + otherwise the used instructions are nops. User code can use PAC-RET > > + without libc support, but BTI requires a libc that is built with BTI > > + support, otherwise runtime objects linked into user code will not be > > + BTI compatible. It is recommended to use GCC 10 or newer when > > + building glibc with branch protection. > > Should we extend why gcc 10 is required here? This statement without much > explanation might raise some questioning. i removed the last sentence. (there were nasty bugs in gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94697 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94514 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94515 which were fixed and backported, but instead of checking if gcc-9 have them i thought it would be easier to just recommend gcc 10 which always have the fixes. but i dont think we need to go into details in the news entry.)
diff --git a/NEWS b/NEWS index a660fc59a8..7d0ca3f520 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,18 @@ Major new features: pthread_attr_getsigmask_np have been added. They allow applications to specify the signal mask of a thread created with pthread_create. +* AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + --enable-standard-branch-protection. This includes branch target + identification (BTI) and pointer authentication for return addresses + (PAC-RET). They require armv8.5-a and armv8.3-a architecture + extensions respectively for the protection to be effective, + otherwise the used instructions are nops. User code can use PAC-RET + without libc support, but BTI requires a libc that is built with BTI + support, otherwise runtime objects linked into user code will not be + BTI compatible. It is recommended to use GCC 10 or newer when + building glibc with branch protection. + Deprecated and removed features, and other changes affecting compatibility: * The deprecated <sys/sysctl.h> header and the sysctl function have been