From nobody Tue Oct 10 14:59:53 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S4fG066JXz4wscg for ; Tue, 10 Oct 2023 15:00:08 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S4fG02KLMz4ShW for ; Tue, 10 Oct 2023 15:00:08 +0000 (UTC) (envelope-from jrtc27@jrtc27.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-40572aeb673so55863385e9.0 for ; Tue, 10 Oct 2023 08:00:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696950006; x=1697554806; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ctwpxDBaYRoSiNuOQUh+KfNjHJ1Yd1x6t37RdEOR2UU=; b=xFREiEF91ucJx7Jpke4JGymoaSO1FTF9pghjFEEBr8HkeLIYdFThBt3TyB0U7DiflM q//qVFP/X9sIm0Y+7QeMyv34m0lYBjMqBOGfh/CF5WESnQNIxE58jS3OhZULCJDwaOkx zPiivWk8yDBka2MlDyFJwsOg6jYu+8mymBPrraZ92+H2mOcLOwZYZnn0RNJU2DunYSJz U+4BfvTHufTbcOsDnhL7oq/z0vAf6VoM8v51B7GZgx20w1IRiiF+ai4/o8ktjh6JKVy5 EshViBNyjzk+SXGismvKdILzAGtw/hEoPtsggs6+JsCLBLPlvtInPKmFbmWmd20CB6tQ 4cYA== X-Gm-Message-State: AOJu0YxHcNOU6VFo83d8x8jx1ubrGg52kArpYr9FZs2vhxvtUXlHscrR 0mOTg1a7QKcaLxP94clSGcmlzw== X-Google-Smtp-Source: AGHT+IHsrHo+VGA/eHFL4CDNk4PIWR6Glxsl+upR6oZawWMTlpWsP+9Lf3TF2R8tcypojWXbQTeGlw== X-Received: by 2002:a05:600c:2116:b0:405:4743:de12 with SMTP id u22-20020a05600c211600b004054743de12mr17014443wml.21.1696950006027; Tue, 10 Oct 2023 08:00:06 -0700 (PDT) Received: from smtpclient.apple ([131.111.5.246]) by smtp.gmail.com with ESMTPSA id k14-20020a05600c0b4e00b003fe1fe56202sm14429021wmr.33.2023.10.10.08.00.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Oct 2023 08:00:04 -0700 (PDT) Content-Type: text/plain; charset=us-ascii List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\)) Subject: Re: git: d09a64e15d8f - main - arm64: Enable kernel branch protection From: Jessica Clarke In-Reply-To: <202310100953.39A9rFWk036835@gitrepo.freebsd.org> Date: Tue, 10 Oct 2023 15:59:53 +0100 Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: <33A07449-D0C0-4E6B-BF4E-5128B8DB202B@freebsd.org> References: <202310100953.39A9rFWk036835@gitrepo.freebsd.org> To: Andrew Turner X-Mailer: Apple Mail (2.3774.100.2.1.4) X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4S4fG02KLMz4ShW On 10 Oct 2023, at 10:53, Andrew Turner wrote: >=20 > The branch main has been updated by andrew: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3Dd09a64e15d8fad6588b9aad62979f20a= fa8441df >=20 > commit d09a64e15d8fad6588b9aad62979f20afa8441df > Author: Andrew Turner > AuthorDate: 2023-10-02 15:55:31 +0000 > Commit: Andrew Turner > CommitDate: 2023-10-10 09:52:16 +0000 >=20 > arm64: Enable kernel branch protection Can we please put this kind of thing behind an option? Users may want to be able to turn it off, and we surely will in CheriBSD for pure-capability kernels. This applies to any other security features in your pipeline too. Jess > Add the build flags to enable branch protection on arm64. This = enable > the use of PAC and BTI in the kernel. >=20 > For PAC we already install the kernel keys when entering the kernel > from userspace so this will start using these to sign the stack. >=20 > For BTI we need to mark the kernel page tables with a new guarded = page > field. As this will require all code that could be reached through = a > function pointer with an appropriate branch target instruction we > are enabling this before setting the field. >=20 > As the pointer authentication support shouldn't be reached via a > function pointer it is safe to not enable the use of BTI there. >=20 > Reviewed by: markj > Sponsored by: Arm Ltd > Differential Revision: https://reviews.freebsd.org/D42079 > --- > sys/conf/kern.mk | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/sys/conf/kern.mk b/sys/conf/kern.mk > index b508bc81b5f0..72b7387d3959 100644 > --- a/sys/conf/kern.mk > +++ b/sys/conf/kern.mk > @@ -140,6 +140,8 @@ INLINE_LIMIT?=3D 8000 > CFLAGS +=3D -mgeneral-regs-only > # Reserve x18 for pcpu data > CFLAGS +=3D -ffixed-x18 > +# Build with BTI+PAC > +CFLAGS +=3D -mbranch-protection=3Dstandard > INLINE_LIMIT?=3D 8000 > .endif >=20