From patchwork Fri Jun 12 13:29:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 39584 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0E8CD395B0B8; Fri, 12 Jun 2020 13:30:11 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60076.outbound.protection.outlook.com [40.107.6.76]) by sourceware.org (Postfix) with ESMTPS id 0DC3F395B0A3 for ; Fri, 12 Jun 2020 13:30:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0DC3F395B0A3 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=wwcMieugEEYLAEUb0p0PSxLa7sc3V6LU56sfIkmQLNzTPmfI/PMU0evV/tavaLDbBMCUF1naRKp7QnYDfr7zNKOlDIiTEm5b02pc8/3XgAzZQpLnwwZiVuLFZaYN1MGp2rjogJexv/1Mc/Z5G1ZKc0eTozUoaZDsCcnXEhGMmqU= Received: from AM7PR04CA0001.eurprd04.prod.outlook.com (2603:10a6:20b:110::11) by VI1PR08MB3215.eurprd08.prod.outlook.com (2603:10a6:803:45::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Fri, 12 Jun 2020 13:30:05 +0000 Received: from AM5EUR03FT013.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:110:cafe::62) by AM7PR04CA0001.outlook.office365.com (2603:10a6:20b:110::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Fri, 12 Jun 2020 13:30:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT013.mail.protection.outlook.com (10.152.16.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Fri, 12 Jun 2020 13:30:04 +0000 Received: ("Tessian outbound 8bb15bb571b3:v59"); Fri, 12 Jun 2020 13:30:04 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 85e6651b715d516c X-CR-MTA-TID: 64aa7808 Received: from eb4f796bc2ee.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C4616E61-82AC-4759-B3F4-3F1F3C14D07B.1; Fri, 12 Jun 2020 13:29:59 +0000 Received: from EUR02-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id eb4f796bc2ee.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 12 Jun 2020 13:29:59 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fdrSEXW030KVpKjYmSIZ9uR/RT+zgEHZ58lsoZ4qtACjc6Mlf/nYunYiAghDhanyRyJeajSYoZpii35p2ThJ9gxkBDZGl7y1ikct1iGozFpj1cf/fsIyJvN6hQnS3hDAD++9+uPi8kBbI+YT3oNi+L4aUhGWNXGEuwZikJEzoowwu+cXNbgH1Cd5gq7EfuX1i02MKz4+cOcTUm4jPdEtcO/eDVvIcI69aSdEeCHKIO3K41C3XJxbbpaibAH5TQzeElsslgRIi64krwP66RWekMeabhfY+3TA7TzHX8ll33/oDGIbLOiTt2vmEDx+XieDZDpduB8128hQAlsz8KHtug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=NH7vyFXYZl5Orc4EdAKzwQ6tjqbaBAcbchC9euZkih5pffAflEH9WgI/nKqdSQ5hrJIqn+nDUOqZ5od8Q8plbVNr2cD3dfdiVt+pHD7sFtLlp4NX8+FcuMxpstCNdcoRyj0c0gPdSAbbiWCA3l2oZfGC5teilgRSnje+ePaqwRw+ZqYg9h5hEatG3cwuT1sHHkDMQzQKd22S2DNF4dwqMV1pbOxtBnK5d7eB5z3vGL/314voXT7mWaSSMBJNDSK/f3cBuSCv1mwRvrhD6lhrW6ub0IVwhX26/ImPIL4zKvo7BVPYHapzmyP7t/8Fwyv+io+yQStewiN5zp/1N0cNwA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yq0v/b67DAmzT3wW9nqHkM+lyXkY1c4Qgq/9O62XasU=; b=wwcMieugEEYLAEUb0p0PSxLa7sc3V6LU56sfIkmQLNzTPmfI/PMU0evV/tavaLDbBMCUF1naRKp7QnYDfr7zNKOlDIiTEm5b02pc8/3XgAzZQpLnwwZiVuLFZaYN1MGp2rjogJexv/1Mc/Z5G1ZKc0eTozUoaZDsCcnXEhGMmqU= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB3912.eurprd08.prod.outlook.com (2603:10a6:20b:86::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.24; Fri, 12 Jun 2020 13:29:58 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3088.022; Fri, 12 Jun 2020 13:29:58 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v4 12/12] aarch64: add NEWS entry about branch protection support Date: Fri, 12 Jun 2020 14:29:30 +0100 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SA9PR03CA0017.namprd03.prod.outlook.com (2603:10b6:806:20::22) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by SA9PR03CA0017.namprd03.prod.outlook.com (2603:10b6:806:20::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20 via Frontend Transport; Fri, 12 Jun 2020 13:29:56 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c1aed6ea-973b-4e43-edc4-08d80ed4b7ad X-MS-TrafficTypeDiagnostic: AM6PR08MB3912:|VI1PR08MB3215: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 0432A04947 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: pAdIcOOYOzoE5b4kD/+VQLvV7LSkSq9KpjRxp7KcYwAK4r4TaFODUMO45eNEVR+IQReY3EKawSNXCjJpBrDxxRsFWtNbuHQii6HH8ywfNYlcsJgXMJKt0Dc2XJsFuuQyYymefLm6/Cc4JugMG7NKB7QoCbY3oBu6mFEbR5M8ygIz9Xz9EGz+TTG4cVRAgLg+0c8+w50LSRBAu4q4h5Mqgk8aiQdFt1k2pVYdjgTVHiyWKuixTqfmOVdxtBtuK7WoKvS/BQGzFZ6/emP3qM4nhKzD67EHmKNHRARfP9ObJknAhTlXVVOwvsf9ftacFneU1DjAj1ssESla8eT7mqrQlchR/+MVKAp7wt6VmvRKLmXbEpOLNZKI7aiBJOx04HtUeGtq+BAqsy3YY55xQLFs5TJ65L/A/MzskOwfoKxGK2k= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(376002)(346002)(396003)(39860400002)(366004)(956004)(66476007)(66556008)(66946007)(6506007)(26005)(6512007)(5660300002)(6916009)(6666004)(2906002)(8676002)(6486002)(52116002)(8936002)(44832011)(186003)(16526019)(36756003)(2616005)(316002)(86362001)(83380400001)(69590400007)(478600001)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: PUrVrgrgeeXoXM9htPLaE8JGynToSbrvp6gWopHc1Xu5xZZ757TD92cZ7/oKxiZqn3WT4jYIyyx9jfA30t6LYt4LpEbzisUJl+qShncpXz4S+RmJOE/1cF/JsPprgtLCxPmgwr5hyqkk/NnTHuntOyeq8Yuth/Tzp+jCTyhflsUID+i7ixLMkFCPGB7dDl6nNo4G8rZXLyJykrM4SZ4sYSbkgrP7RwN667x8jBoYqobbSx2KgAmybvQhBWinxdGThpayYKRPSe8D7XOoPqUdQzhComdUG+fO3OIMTpKcw9k9KQn9J9ct24Nm7yn4FRjKmXGTCUla+bH+LyiZlLfisMrdLNWnyyB2vKF3YsAtIe+M8jviTkpoy9JY/NyGK+bY+InWVeLrOnT4lDSpyYjJwou0tSjJRSTr7EnK9lkCEe07SiKNt3cbcmcBkViGKR9VVCIFNL4qZBE2bPQsNCALpZEjYxxckNF6eBCKme9FCeU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3912 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT013.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(396003)(376002)(346002)(46966005)(16526019)(36906005)(69590400007)(6486002)(8936002)(6666004)(478600001)(316002)(6512007)(86362001)(6916009)(8676002)(83380400001)(26005)(2616005)(70586007)(2906002)(82740400003)(336012)(81166007)(186003)(36756003)(6506007)(356005)(82310400002)(70206006)(956004)(5660300002)(47076004)(44832011)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: 0cf02cc1-9dd5-4d45-8bbe-08d80ed4b346 X-Forefront-PRVS: 0432A04947 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: R+F1tTk3KgK8VsS1L3vHcX9UUfdT+gABwj/9g3IXI0Atx3l/CZnz6bJeuF1Kfj9WnJPxh+9YnPVK49aNo6hutFfEV4XScdm6s3zO1CX+KkVmoafD/B7XNSjo7vnJDkyKP3tAusKV9xtDi80vcIGbRmfrF6ZulcpJ7NRvDWKxc0aUujpRl8ro0cggtwGYNbGvJMHjky2b+LegzdaB6+oYpWf4MxfT/r3Viq2DRinvraqp+kdM1OcrnB09Eafm46PlMbZRcCLr72uU0CRFIRuhYZLzz0gdLW5iersXSaeuWuVX4Pwm1z7K3Jfmv8H8bFnKELRBJdiaqCF+TdhSP3EZXDGlvz4Q8Nw6dYTdZ9TXvK7eO1QJsZTkVsbBv9QXYD2BFrKBec11OQ9JlWLse1JS/GTuCSXn10Ev8UP+rsc+aJh+3hWLK29m7QazAi7xVJW3BMwbRYy3L1+f8bLN63xNLQ== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jun 2020 13:30:04.9810 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c1aed6ea-973b-4e43-edc4-08d80ed4b7ad X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3215 X-Spam-Status: No, score=-17.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" This is a new security feature that relies on architecture extensions and needs glibc to be built with a gcc configured with branch protection. --- NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/NEWS b/NEWS index a660fc59a8..7d0ca3f520 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,18 @@ Major new features: pthread_attr_getsigmask_np have been added. They allow applications to specify the signal mask of a thread created with pthread_create. +* AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + --enable-standard-branch-protection. This includes branch target + identification (BTI) and pointer authentication for return addresses + (PAC-RET). They require armv8.5-a and armv8.3-a architecture + extensions respectively for the protection to be effective, + otherwise the used instructions are nops. User code can use PAC-RET + without libc support, but BTI requires a libc that is built with BTI + support, otherwise runtime objects linked into user code will not be + BTI compatible. It is recommended to use GCC 10 or newer when + building glibc with branch protection. + Deprecated and removed features, and other changes affecting compatibility: * The deprecated header and the sysctl function have been