From nobody Tue Oct 10 14:59:53 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S4fG03GTvz4wsZ9 for ; Tue, 10 Oct 2023 15:00:08 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S4fG01CDwz4T00 for ; Tue, 10 Oct 2023 15:00:08 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-406609df1a6so55599705e9.3 for ; Tue, 10 Oct 2023 08:00:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696950006; x=1697554806; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ctwpxDBaYRoSiNuOQUh+KfNjHJ1Yd1x6t37RdEOR2UU=; b=aVkduwCrHJL/MEkS2QzFvYUssIfWjLnujecKhDkEjsJRBY7vNE3FiHkmAUdtalnxcW lFndKklXbI7Os5aOXoW8Ar7RQIgjBSL5dg6lcyDfJr3fkOwRyUA/GPNwM6dU2c9GjrgQ q2d3/sk8od7AxcBn5o9AtFcQo6uhx1mEsmEsH5wMgiy8032CgbaUChZYstgc+sdEMSXI 42dCFUkZgiAIjxJzPJirCemdwuBAxbWxZ2sIQzSalsIsf04D/44VTrz8GCRw+K7yvQhg nYJEQ9SzLfkRk4eWO7+eNHmLz6TwSLwpD0AMJGzWgNxZsuhteknQ60dp5SNLJhOy+7gr Dz4A== X-Gm-Message-State: AOJu0Yz+Hi8rGuGqw5jkXM30Su/qmlbgqBVDeRqDD/zqUd1c/t1FzcKB xDUEUgfNlvLjPGIJg+tpzxJgvw== X-Google-Smtp-Source: AGHT+IHsrHo+VGA/eHFL4CDNk4PIWR6Glxsl+upR6oZawWMTlpWsP+9Lf3TF2R8tcypojWXbQTeGlw== X-Received: by 2002:a05:600c:2116:b0:405:4743:de12 with SMTP id u22-20020a05600c211600b004054743de12mr17014443wml.21.1696950006027; Tue, 10 Oct 2023 08:00:06 -0700 (PDT) Received: from smtpclient.apple ([131.111.5.246]) by smtp.gmail.com with ESMTPSA id k14-20020a05600c0b4e00b003fe1fe56202sm14429021wmr.33.2023.10.10.08.00.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Oct 2023 08:00:04 -0700 (PDT) Content-Type: text/plain; charset=us-ascii List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\)) Subject: Re: git: d09a64e15d8f - main - arm64: Enable kernel branch protection From: Jessica Clarke In-Reply-To: <202310100953.39A9rFWk036835@gitrepo.freebsd.org> Date: Tue, 10 Oct 2023 15:59:53 +0100 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <33A07449-D0C0-4E6B-BF4E-5128B8DB202B@freebsd.org> References: <202310100953.39A9rFWk036835@gitrepo.freebsd.org> To: Andrew Turner X-Mailer: Apple Mail (2.3774.100.2.1.4) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4S4fG01CDwz4T00 On 10 Oct 2023, at 10:53, Andrew Turner wrote: >=20 > The branch main has been updated by andrew: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3Dd09a64e15d8fad6588b9aad62979f20a= fa8441df >=20 > commit d09a64e15d8fad6588b9aad62979f20afa8441df > Author: Andrew Turner > AuthorDate: 2023-10-02 15:55:31 +0000 > Commit: Andrew Turner > CommitDate: 2023-10-10 09:52:16 +0000 >=20 > arm64: Enable kernel branch protection Can we please put this kind of thing behind an option? Users may want to be able to turn it off, and we surely will in CheriBSD for pure-capability kernels. This applies to any other security features in your pipeline too. Jess > Add the build flags to enable branch protection on arm64. This = enable > the use of PAC and BTI in the kernel. >=20 > For PAC we already install the kernel keys when entering the kernel > from userspace so this will start using these to sign the stack. >=20 > For BTI we need to mark the kernel page tables with a new guarded = page > field. As this will require all code that could be reached through = a > function pointer with an appropriate branch target instruction we > are enabling this before setting the field. >=20 > As the pointer authentication support shouldn't be reached via a > function pointer it is safe to not enable the use of BTI there. >=20 > Reviewed by: markj > Sponsored by: Arm Ltd > Differential Revision: https://reviews.freebsd.org/D42079 > --- > sys/conf/kern.mk | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk > index b508bc81b5f0..72b7387d3959 100644 > --- a/sys/conf/kern.mk > +++ b/sys/conf/kern.mk > @@ -140,6 +140,8 @@ INLINE_LIMIT?=3D 8000 > CFLAGS +=3D -mgeneral-regs-only > # Reserve x18 for pcpu data > CFLAGS +=3D -ffixed-x18 > +# Build with BTI+PAC > +CFLAGS +=3D -mbranch-protection=3Dstandard > INLINE_LIMIT?=3D 8000 > .endif >=20