Documentation/arm64/pointer-authentication.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
We pass -mbranch-protection=pac-ret+leaf to support PAC
when we use GCC 9 or later.
Before GCC 9, we pass -msign-return-address=all to support
PAC.
Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
---
Documentation/arm64/pointer-authentication.rst | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/Documentation/arm64/pointer-authentication.rst b/Documentation/arm64/pointer-authentication.rst
index f127666ea3a8..055d08b0d42d 100644
--- a/Documentation/arm64/pointer-authentication.rst
+++ b/Documentation/arm64/pointer-authentication.rst
@@ -54,8 +54,10 @@ virtual address size configured by the kernel. For example, with a
virtual address size of 48, the PAC is 7 bits wide.
Recent versions of GCC can compile code with APIAKey-based return
-address protection when passed the -msign-return-address option. This
-uses instructions in the HINT space (unless -march=armv8.3-a or higher
+address protection when passed compiler option as following.
+Pass -msign-return-address when we use GCC 7, 8.
+Pass -mbranch-protection when we use GCC 9 or later.
+This uses instructions in the HINT space (unless -march=armv8.3-a or higher
is also passed), and such code can run on systems without the pointer
authentication extension.
--
2.18.0
On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote: > We pass -mbranch-protection=pac-ret+leaf to support PAC > when we use GCC 9 or later. > > Before GCC 9, we pass -msign-return-address=all to support > PAC. > > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> > --- > Documentation/arm64/pointer-authentication.rst | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/Documentation/arm64/pointer-authentication.rst b/Documentation/arm64/pointer-authentication.rst > index f127666ea3a8..055d08b0d42d 100644 > --- a/Documentation/arm64/pointer-authentication.rst > +++ b/Documentation/arm64/pointer-authentication.rst > @@ -54,8 +54,10 @@ virtual address size configured by the kernel. For example, with a > virtual address size of 48, the PAC is 7 bits wide. > > Recent versions of GCC can compile code with APIAKey-based return > -address protection when passed the -msign-return-address option. This > -uses instructions in the HINT space (unless -march=armv8.3-a or higher > +address protection when passed compiler option as following. > +Pass -msign-return-address when we use GCC 7, 8. > +Pass -mbranch-protection when we use GCC 9 or later. > +This uses instructions in the HINT space (unless -march=armv8.3-a or higher > is also passed), and such code can run on systems without the pointer > authentication extension. I think I'd be more inclined to delete this paragraph altogether. It doesn't really document anything to do with the kernel, and trying to document the behaviour of "recent" versions of GCC is futile. Will
On Tue, Nov 16, 2021 at 10:11:47AM +0000, Will Deacon wrote: > On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote: > > We pass -mbranch-protection=pac-ret+leaf to support PAC > > when we use GCC 9 or later. > > > > Before GCC 9, we pass -msign-return-address=all to support > > PAC. > > > > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> > > --- > > Documentation/arm64/pointer-authentication.rst | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/Documentation/arm64/pointer-authentication.rst b/Documentation/arm64/pointer-authentication.rst > > index f127666ea3a8..055d08b0d42d 100644 > > --- a/Documentation/arm64/pointer-authentication.rst > > +++ b/Documentation/arm64/pointer-authentication.rst > > @@ -54,8 +54,10 @@ virtual address size configured by the kernel. For example, with a > > virtual address size of 48, the PAC is 7 bits wide. > > > > Recent versions of GCC can compile code with APIAKey-based return > > -address protection when passed the -msign-return-address option. This > > -uses instructions in the HINT space (unless -march=armv8.3-a or higher > > +address protection when passed compiler option as following. > > +Pass -msign-return-address when we use GCC 7, 8. > > +Pass -mbranch-protection when we use GCC 9 or later. > > +This uses instructions in the HINT space (unless -march=armv8.3-a or higher > > is also passed), and such code can run on systems without the pointer > > authentication extension. > > I think I'd be more inclined to delete this paragraph altogether. It doesn't > really document anything to do with the kernel, and trying to document the > behaviour of "recent" versions of GCC is futile. Agreed. I think the only thing we might want to mention is that we rely on the compiler to use the HINT space instructions (PACIASP and AUTIASP) so that a kernel built with pointer authentication support works on HW without the feature. So replacing that paragraph with something like: | When ARM64_PTR_AUTH_KERNEL is selected the kernel will be compiled | with HINT space pointer authentication instructions protecting | function returns. Kernels built with this option will work on | hardware with or without pointer authentication support. ... would make sense to me. Thanks, Mark.
On Tue, 2021-11-23 at 20:10 +0800, Mark Rutland wrote: > On Tue, Nov 16, 2021 at 10:11:47AM +0000, Will Deacon wrote: > > On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote: > > > We pass -mbranch-protection=pac-ret+leaf to support PAC > > > when we use GCC 9 or later. > > > > > > Before GCC 9, we pass -msign-return-address=all to support > > > PAC. > > > > > > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com> > > > --- > > > Documentation/arm64/pointer-authentication.rst | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > > > diff --git a/Documentation/arm64/pointer-authentication.rst > > > b/Documentation/arm64/pointer-authentication.rst > > > index f127666ea3a8..055d08b0d42d 100644 > > > --- a/Documentation/arm64/pointer-authentication.rst > > > +++ b/Documentation/arm64/pointer-authentication.rst > > > @@ -54,8 +54,10 @@ virtual address size configured by the kernel. > > > For example, with a > > > virtual address size of 48, the PAC is 7 bits wide. > > > > > > Recent versions of GCC can compile code with APIAKey-based > > > return > > > -address protection when passed the -msign-return-address option. > > > This > > > -uses instructions in the HINT space (unless -march=armv8.3-a or > > > higher > > > +address protection when passed compiler option as following. > > > +Pass -msign-return-address when we use GCC 7, 8. > > > +Pass -mbranch-protection when we use GCC 9 or later. > > > +This uses instructions in the HINT space (unless -march=armv8.3- > > > a or higher > > > is also passed), and such code can run on systems without the > > > pointer > > > authentication extension. > > > > I think I'd be more inclined to delete this paragraph altogether. > > It doesn't > > really document anything to do with the kernel, and trying to > > document the > > behaviour of "recent" versions of GCC is futile. > > Agreed. I think the only thing we might want to mention is that we > rely > on the compiler to use the HINT space instructions (PACIASP and > AUTIASP) > so that a kernel built with pointer authentication support works on > HW > without the feature. > > So replacing that paragraph with something like: > > > When ARM64_PTR_AUTH_KERNEL is selected the kernel will be compiled > > with HINT space pointer authentication instructions protecting > > function returns. Kernels built with this option will work on > > hardware with or without pointer authentication support. > > ... would make sense to me. Hi, Thanks you both for suggestions. I will rewrite this paragraph in v2. Thanks, Kuan-Ying Lee > > Thanks, > Mark.
© 2016 - 2024 Red Hat, Inc.