From patchwork Mon Jun 22 14:01:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 39730 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 55119388B010; Mon, 22 Jun 2020 14:01:51 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2069.outbound.protection.outlook.com [40.107.21.69]) by sourceware.org (Postfix) with ESMTPS id 80089388A83C for ; Mon, 22 Jun 2020 14:01:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 80089388A83C Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=nVEmpPVNI0SFXTTYyoOXNayiniiq3eW4Xug1i+a0sndKpvSzbO2y5TEeaWn2HillxJ1nwpetKh2jlkQ0KYnbc/fzIo+eUVQhkVR3Z3ODNjpId+kctrqM5NhlXiV8euUT7aSbSIXK1CWUqJDBtd7RyUajXsDQhW8CrnlXfiEL3Dk= Received: from AM5PR04CA0004.eurprd04.prod.outlook.com (2603:10a6:206:1::17) by VI1PR0801MB1981.eurprd08.prod.outlook.com (2603:10a6:800:89::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Mon, 22 Jun 2020 14:01:46 +0000 Received: from AM5EUR03FT062.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:1:cafe::6d) by AM5PR04CA0004.outlook.office365.com (2603:10a6:206:1::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.21 via Frontend Transport; Mon, 22 Jun 2020 14:01:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT062.mail.protection.outlook.com (10.152.17.120) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Mon, 22 Jun 2020 14:01:46 +0000 Received: ("Tessian outbound 839770a6d413:v59"); Mon, 22 Jun 2020 14:01:46 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 1589e4aae0b1b46a X-CR-MTA-TID: 64aa7808 Received: from 421e802de85e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id CEA3430C-3C38-494A-AAA2-A9627BDE9344.1; Mon, 22 Jun 2020 14:01:41 +0000 Received: from EUR02-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 421e802de85e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 22 Jun 2020 14:01:41 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iq4bBqRvcYuaLWsOymm4ihSNxYWrTPm26mBtwXf5+VPk9wTY2tagsls0KmWa/oVHsF046EFmD+0ZDB5XhpQYGKNjcsi2dOWDcb6C/thOi/bydxWtifAlQzggWcO8K0gA9vyf21LCSulZoH5PZxbwa3a/Y50WxvCYwoSPT2LnTQpsA7MkfahG5C/Imx3VSlGb//pn8pOaM0YvGjJ7TaavJjG8sIesb+xb7o91yyZBPn4YqkP+8ftsfLI7j27e9CdyU+zVkprgvFvTBhAZQeqitJ2XAvW3j99abci4lf2PwB0frogvCxWRx4Ustc3FqfVomoEoqw+59zL87oWP/GmeQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=cEOg0ArSrlRaicQJsVpMIo3y0lO391W+csAkG8hR3y2QOf3Q/k65Fry49VmWNSEsH86AiKMgTqQgUcL4lVjgcNzRzrzqIh6JnaIe2+7EvX0BsYMYQ++3Xh5BxeE3/5ldhdg4kOlmPGpGhXy1tgXrOSp7MVknfpzshHoe9UnN8vtJ0Knt2XHojSNjpo4CeUNl2BWiwOpGE96VF5L6zUukxdj0RZVP/Xf1/GTtq8lZTaxhKL0OB0vMuj2Av/Rgohux6o7ml77ywDmKowDeVyupiQkcUWkYgood7Pr+HjG1m/bpzvByWZNb7wA8J2IvBAm78IfaklYYSQWeuvL27jQ9rw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=nVEmpPVNI0SFXTTYyoOXNayiniiq3eW4Xug1i+a0sndKpvSzbO2y5TEeaWn2HillxJ1nwpetKh2jlkQ0KYnbc/fzIo+eUVQhkVR3Z3ODNjpId+kctrqM5NhlXiV8euUT7aSbSIXK1CWUqJDBtd7RyUajXsDQhW8CrnlXfiEL3Dk= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB3640.eurprd08.prod.outlook.com (2603:10a6:20b:4c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Mon, 22 Jun 2020 14:01:40 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3109.027; Mon, 22 Jun 2020 14:01:40 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v5 14/14] aarch64: add NEWS entry about branch protection support Date: Mon, 22 Jun 2020 15:01:28 +0100 Message-Id: <27ba4dcee8ae03c0634094dcea26bf1278804982.1592834304.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN4PR0501CA0061.namprd05.prod.outlook.com (2603:10b6:803:41::38) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by SN4PR0501CA0061.namprd05.prod.outlook.com (2603:10b6:803:41::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.13 via Frontend Transport; Mon, 22 Jun 2020 14:01:38 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 873594c2-b972-449d-9ed2-08d816b4cd3d X-MS-TrafficTypeDiagnostic: AM6PR08MB3640:|VI1PR0801MB1981: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 0442E569BC X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: TGt3sCDrM1YPdzHyvn65a02sEe8w0gkjpS7GMJk4Em87+bnjayl7Vu9JT9uS/RkHqm9ic77UKawDWryhE2VnP5ZYQXQE45pXVwlCPv9XEntqujMgeutXF75+t011YqQFLbMHnAaLVkKfXnxhsCk4XecwQhYNy0VditVaLFTRWaZIw5uuqemfmc9K+NF+pE1ESN0LMldSlqyQxmldDK9arNqit8TBK57PPQ6+KraKTXqvrYCpPD7vWkyCuQKkfHfnrIzNJS8+pN5j/v12LQi5Va8WenQYiUmpy61k/NWCyOXmgTUJAoE55IBgEQBXkqSOpbn6b4lH5CD5n4OXUPbYw4XOWxux3wtNdx5FeEcODEbj9PQeaFlT88yS6UiNBFxEo6fVOlxJwJ78w/3X6ecehAlk86R8ez/AzCHEFYc/TsY= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(136003)(39860400002)(396003)(366004)(86362001)(44832011)(16526019)(478600001)(186003)(316002)(6506007)(52116002)(6916009)(26005)(2616005)(956004)(8936002)(6486002)(5660300002)(6512007)(83380400001)(66476007)(6666004)(36756003)(2906002)(8676002)(66946007)(66556008)(69590400007)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 44OOT2tCoFSXLsWzthoaOSjRf7MPhFnqf0/AW8QyuEMSPo7oUBXcF8MDsw4uNEek7eO6hmrA+CL5JX3NokaLnZEWEt6Yb7U2UtGNGS0Xq6h6RESZGxch+NVQj3PkwBDrCYX6N4TSkGi5wdL1ocKPAarzd2eSTPZdNrImu4ear3aPEl6Vtr5k1NBKDWsibKhqE6EfxiI1przuOcGmi1yvzcW7kfH7gYaIDqjFbJ5yirJe/B4PuFu3yXgSvak/jd/IuNSK19oDQrv/zN7eZe0Mzii6XRK1bY4xSkMQ5Xeu7pP5yCEzRtW+50/PxYBmKR22Yh8okHy2R+jUh9O+13k4hAK2PSdr6l6mWEn8s4891Hjg3iYXaWk2u5ukO2Razx8vslqnoxFmOEDl3tzUENMY/UIpi/Npwrk6NtEKP8aFVr+nNlHUEZQtNZLgEw3F30gC8HC503+47VkCVwDyj4gDMY+trLIUujRoO6W4Haw5pns= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3640 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT062.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(136003)(346002)(39860400002)(396003)(46966005)(6666004)(356005)(82310400002)(26005)(6506007)(6916009)(8676002)(316002)(70586007)(336012)(478600001)(82740400003)(70206006)(86362001)(5660300002)(36906005)(36756003)(47076004)(69590400007)(6486002)(81166007)(6512007)(956004)(2616005)(16526019)(8936002)(186003)(83380400001)(44832011)(2906002)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: 2f3e8ea5-b6a4-4c14-82d7-08d816b4c914 X-Forefront-PRVS: 0442E569BC X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0gQh3e6fOsurGf6fCb4/oFXBv9HnysU7N7azn7PlabT2R6SnOClENrKrf5I50b3CXEGL2V1Ux5UNIAa8TMDeeN19Lv859akJKTjNfnmnyciLO4DGmy+mDX8TYX7h91fsUbC4uK1knPQFENA3HrzyGJH9NLyOK4tXd2Phv3UziVkMlZL1V1P7ZqRlO558qDfYm3R8M+kIx3ec9a2MPIvJUmYnbPJails7Rb0MdNCwTiZkUB7lxZvoAKyx6X0Njz0PT4d25OhIjqbpLuaOcib86QoKcLjMm2373LCMLwY/skSuie/gd/YjW3+3N9tUgRn8SREdnR5dEtZ4iUGHNcSx60NpwqpPL96nYXyyWAK7eVFn2PXqroXZ/iK2b9KUYDFg0oKc6vm1VmTPTfmI4pXC6aRgoup8Z1l0CtJB0vr4tFVCRcLZfFASsC9ep+iq+NDCAbQ+vpavlkWmOai0uD/5/g== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2020 14:01:46.5547 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 873594c2-b972-449d-9ed2-08d816b4cd3d X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1981 X-Spam-Status: No, score=-16.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This is a new security feature that relies on architecture extensions and needs glibc to be built with a gcc configured with branch protection. --- NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/NEWS b/NEWS index a660fc59a8..7d0ca3f520 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,18 @@ Major new features: pthread_attr_getsigmask_np have been added. They allow applications to specify the signal mask of a thread created with pthread_create. +* AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + --enable-standard-branch-protection. This includes branch target + identification (BTI) and pointer authentication for return addresses + (PAC-RET). They require armv8.5-a and armv8.3-a architecture + extensions respectively for the protection to be effective, + otherwise the used instructions are nops. User code can use PAC-RET + without libc support, but BTI requires a libc that is built with BTI + support, otherwise runtime objects linked into user code will not be + BTI compatible. It is recommended to use GCC 10 or newer when + building glibc with branch protection. + Deprecated and removed features, and other changes affecting compatibility: * The deprecated header and the sysctl function have been