From patchwork Wed Jul 1 14:41:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 39874 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 10BE63860C3D; Wed, 1 Jul 2020 14:41:38 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2068.outbound.protection.outlook.com [40.107.22.68]) by sourceware.org (Postfix) with ESMTPS id 9C3583857007 for ; Wed, 1 Jul 2020 14:41:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 9C3583857007 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=rP+IN8ibG3XBQjlEwfwg9u3g+SQnBR+5B6dT56CptfakKGPyEMBL4EsKMyiYjCcFaHVu46bz3IqXKv8COKFD07lQauSLD9WrJkzs0u4XkEP2ZG32MZ6c0umZzOB8ER6l9dgyT3G8DOEG5ZghLNVdsIlnG2JjhW/wUW/bL0fioKk= Received: from DB6PR0202CA0033.eurprd02.prod.outlook.com (2603:10a6:4:a5::19) by VE1PR08MB5152.eurprd08.prod.outlook.com (2603:10a6:803:109::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.21; Wed, 1 Jul 2020 14:41:30 +0000 Received: from DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:a5:cafe::e1) by DB6PR0202CA0033.outlook.office365.com (2603:10a6:4:a5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.20 via Frontend Transport; Wed, 1 Jul 2020 14:41:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT044.mail.protection.outlook.com (10.152.21.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 1 Jul 2020 14:41:30 +0000 Received: ("Tessian outbound 4e683f4039d5:v62"); Wed, 01 Jul 2020 14:41:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 56f962702a4ecfcc X-CR-MTA-TID: 64aa7808 Received: from d24c9e65ae9a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7655F9EA-F5C9-4C5E-A445-74272A36A3E5.1; Wed, 01 Jul 2020 14:41:24 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d24c9e65ae9a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 01 Jul 2020 14:41:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xc86BkXTx6jY0SIc+94vhLvVe/r/okUdnD7Z2dxfNAINnjliZUXFendsqsL2dKGx03J0QcL7TCpR2Xsj1T7MF0ZYPwS8Ep2HqUU+ejmHtHt0MnaNZikhiQR8LDGY2PuFGgXdXaoxCgGPwg9Pbnb1zeu/yle4bkV7rLKxKWCSCi3kk4WCZCCw5hxjY8QBgvqQq+BQvAk5xupPm1K5KTkT1Oyyt02ZX7LXaH4j1EmCbmWn7x+Kqj1r2aaMCbrKERiH+L2Ka1HgR4BUqHo2xY1sJx1UbPhVYIKPgi7+Fown4JSOVwsy+AIyG/BnOopfE0Z8VKquqvkQjoXeCYTYKq8WTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=SjTdbyvPIALz2gCnaXe5LTYDX6O7tyOnctJEJ/sSHcuFeCaycznTdYNO/FXla6FHDdTncjsyEPLtymYXSGsPEKPP/monfZ5bygDRZw/jRgyatCKSBqT6dsGyJNl8gG+Y+iP0Km9ekxC5cO/5dK3p01GMNjX1GE0fMU/qGvjZAofejMNUHti9xkSbICgEnL8sqzxl2g4qzTNzahyEd4h6vkopG+YAbo69mBTTZK6VWcm+3+okGPpoRZM/wEur2E6cMSjXVMCFj8OmxpZHc2GoMadU+w1rlgOZdMER6tg1ZWgOve8DIf2Rn+rC0+KHa0ChLMu1KJFocPwScaTqBEuL7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=rP+IN8ibG3XBQjlEwfwg9u3g+SQnBR+5B6dT56CptfakKGPyEMBL4EsKMyiYjCcFaHVu46bz3IqXKv8COKFD07lQauSLD9WrJkzs0u4XkEP2ZG32MZ6c0umZzOB8ER6l9dgyT3G8DOEG5ZghLNVdsIlnG2JjhW/wUW/bL0fioKk= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB3879.eurprd08.prod.outlook.com (2603:10a6:20b:8c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.24; Wed, 1 Jul 2020 14:41:23 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3131.033; Wed, 1 Jul 2020 14:41:23 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v6 14/14] aarch64: add NEWS entry about branch protection support Date: Wed, 1 Jul 2020 15:41:11 +0100 Message-Id: <62a4294111ba2d06fdc1772fee65960e1cc02e5d.1593612309.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN6PR04CA0089.namprd04.prod.outlook.com (2603:10b6:805:f2::30) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by SN6PR04CA0089.namprd04.prod.outlook.com (2603:10b6:805:f2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.23 via Frontend Transport; Wed, 1 Jul 2020 14:41:21 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 775bf7c1-f65f-463c-5482-08d81dccd798 X-MS-TrafficTypeDiagnostic: AM6PR08MB3879:|VE1PR08MB5152: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 04519BA941 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: LhPYkJ7gszT5RSkKJpiC9IEAjsai29LfbIQPxQ8s8Uebk+grHw13xKT2wTf1AReqL8pguQzp5MP7n7VmoV3EEeMQJxgX1iGtlS5LTlSDroDEDItp0OBnvqrl8Ho3MzxBRpST1iuI3bADOu7wOUssoVWAvNkQDg2VvhiVCbGtKJ6cOVqJH41J1diSkgcVZmZmzkFLCeVWYExeUzeS5ygKWzMJTda6haRNlp2CB1DzMM5dqqJ6sXLv1/p3f8RlVFLmcRvfDOTA456VyqCCnQpSr0Ib5HMoEKeu79yEqqtJIriyqLAcedp4QCFMTVaoNVlyZFr3L3h4ro+m15nzdgGqQel1MPAH/mmzk6fjB9KUt5P2ueq/mb48SNkfbe1c4elttE63WA8JR6vZUcEP0uqiXriLkY3qsKFDuN+0cPc6QcM= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(186003)(2906002)(52116002)(478600001)(36756003)(956004)(2616005)(6916009)(6512007)(66946007)(66476007)(44832011)(6666004)(66556008)(6486002)(69590400007)(83380400001)(5660300002)(26005)(6506007)(16526019)(86362001)(8936002)(316002)(8676002)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: sw9GIUgXRgQL5I91CoRXFFKUsGhTcLkes3JS5bIf0IIFV7FFpir0DrwkVdlTBl6TuNw88P2kWHuAJVGZvJI+TkYcj8dnxHB9R41JDAkBp6TXjfrgz2Vtbmarthwf13agofsyAzfHSG8pbRuuNM7/SGHUfc7woPwNymGlBg0zokgw9wHx3ffpkiuhp5R0QRU1wCZUh6gowVoxzui7gMMYUETTg0N6LxKdUgizB+nJfBRxB/emIl8QAzi0y76xPlG7e9dq6xC2OZgKxFLzfHpcJLmHTAlD2mETZIwuGAjGB23UC+Z046f0nmMv2jTon18yZrmIQ10r1vbBnJ+aaq7nonSChf255X3QcEDyfpZCfOmautdBpuBzQ8eq+3lhO+bcxHKj34E9DxEKiW6bUxoE/yl9x7FW2Wx7+aNW9eL4Guc2VYkcJ5M6+Eu7lgxeG6vOQruCCxz1qjDyIUfcvcuvJgSAr+mlilkqs9AGx5kXFME= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3879 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(136003)(376002)(346002)(46966005)(69590400007)(8676002)(70586007)(47076004)(6916009)(356005)(186003)(82740400003)(2616005)(6506007)(2906002)(6666004)(16526019)(956004)(316002)(26005)(81166007)(44832011)(36756003)(8936002)(478600001)(70206006)(86362001)(5660300002)(336012)(82310400002)(6486002)(83380400001)(6512007)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: 2c0b9cf1-403c-4d7e-47e3-08d81dccd31d X-Forefront-PRVS: 04519BA941 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BUC2xnSylVcFxGd+AJID2dFkdglRuVhl4OlbrvhaK+crUDeWDB3vnkU+L4OcVfKyRRwCurm9y0DcPEAr/HJrz7bfYun+1ZkVxng5FuglgzILbD+ZL0FFA+6f6SZPylzTMxP+9ldp8EpX3RaiBViOl1zMW/hWZMEx4Rdj4KYnzISv2ywXyZ+V3V8yL79BwR5bvHibqX6YmDx04qbja4t4glGBSRDjyfEsxSlbZzLnSE01n3t+BtNOvhrw2XX0H89dT/PGXl9Sv6A5pyQE8FPhBcy5Q0qIxP1X0eT0V2KekdNTcMFqIW5qjjae79nDSLB0y56HKyJXARA04ayy+JJFsVgvfAKEfiktQAj0etkcYOFNh7Zfuylgxy1IM7rG0KFlZwhQ6zGzYgElhGKqYDFIVo/2/UffQERXOWd2O+jyg6TlUoG5Ad4I5MUPkHjoqUvm8sEXlRK+CakMpOUsYdCs4g== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2020 14:41:30.0393 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 775bf7c1-f65f-463c-5482-08d81dccd798 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT044.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5152 X-Spam-Status: No, score=-16.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This is a new security feature that relies on architecture extensions and needs glibc to be built with a gcc configured with branch protection. --- NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/NEWS b/NEWS index a660fc59a8..7d0ca3f520 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,18 @@ Major new features: pthread_attr_getsigmask_np have been added. They allow applications to specify the signal mask of a thread created with pthread_create. +* AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + --enable-standard-branch-protection. This includes branch target + identification (BTI) and pointer authentication for return addresses + (PAC-RET). They require armv8.5-a and armv8.3-a architecture + extensions respectively for the protection to be effective, + otherwise the used instructions are nops. User code can use PAC-RET + without libc support, but BTI requires a libc that is built with BTI + support, otherwise runtime objects linked into user code will not be + BTI compatible. It is recommended to use GCC 10 or newer when + building glibc with branch protection. + Deprecated and removed features, and other changes affecting compatibility: * The deprecated header and the sysctl function have been