* [PATCH] ARM64: Provide the ARM64_TBI option
@ 2021-07-14 18:06 Yuan Li
2021-07-14 18:43 ` Robin Murphy
0 siblings, 1 reply; 7+ messages in thread
From: Yuan Li @ 2021-07-14 18:06 UTC (permalink / raw
To: catalin.marinas, will, linux-arm-kernel; +Cc: Yuan Li, twd2.me
The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
on by default, but, it does not provide any option to turn the feature off.
In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
turned off, the PA will be able to use the top byte, resulting longer pointer
authentication codes, which is more secure.
This patch changes the default support for the TBI to an option that can be
turned off.
Signed-off-by: Yuan Li <lydorazoe@gmail.com>
---
arch/arm64/Kconfig | 6 ++++++
arch/arm64/include/asm/memory.h | 6 +++++-
arch/arm64/include/asm/pgtable-hwdef.h | 5 +++++
lib/Kconfig.kasan | 2 ++
4 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index b5b13a932561..22be64358df2 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -357,6 +357,10 @@ source "arch/arm64/Kconfig.platforms"
menu "Kernel Features"
+config ARM64_TBI
+ bool "Enable support for Top Byte Ignore (TBI)"
+ default y
+
menu "ARM errata workarounds via the alternatives framework"
config ARM64_WORKAROUND_CLEAN_CACHE
@@ -1212,6 +1216,7 @@ config ARM64_SW_TTBR0_PAN
config ARM64_TAGGED_ADDR_ABI
bool "Enable the tagged user addresses syscall ABI"
default y
+ depends on ARM64_TBI
help
When this option is enabled, user applications can opt in to a
relaxed ABI via prctl() allowing tagged addresses to be passed
@@ -1649,6 +1654,7 @@ config ARM64_AS_HAS_MTE
config ARM64_MTE
bool "Memory Tagging Extension support"
default y
+ depends on ARM64_TBI
depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI
depends on AS_HAS_ARMV8_5
depends on AS_HAS_LSE_ATOMICS
diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index 824a3655dd93..74323aa69811 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -215,8 +215,12 @@ static inline unsigned long kaslr_offset(void)
* up with a tagged userland pointer. Clear the tag to get a sane pointer to
* pass on to access_ok(), for instance.
*/
-#define __untagged_addr(addr) \
+#ifdef CONFIG_ARM64_TBI
+#define __untagged_addr(addr) \
((__force __typeof__(addr))sign_extend64((__force u64)(addr), 55))
+#else /* CONFIG_ARM64_TBI */
+#define __untagged_addr(addr) (addr)
+#endif /* CONFIG_ARM64_TBI */
#define untagged_addr(addr) ({ \
u64 __addr = (__force u64)(addr); \
diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
index 40085e53f573..827904470515 100644
--- a/arch/arm64/include/asm/pgtable-hwdef.h
+++ b/arch/arm64/include/asm/pgtable-hwdef.h
@@ -264,8 +264,13 @@
#define TCR_IPS_MASK (UL(7) << TCR_IPS_SHIFT)
#define TCR_A1 (UL(1) << 22)
#define TCR_ASID16 (UL(1) << 36)
+#ifdef CONFIG_ARM64_TBI
#define TCR_TBI0 (UL(1) << 37)
#define TCR_TBI1 (UL(1) << 38)
+#else /* CONFIG_ARM64_TBI */
+#define TCR_TBI0 (UL(0) << 37)
+#define TCR_TBI1 (UL(0) << 38)
+#endif /* CONFIG_ARM64_TBI */
#define TCR_HA (UL(1) << 39)
#define TCR_HD (UL(1) << 40)
#define TCR_TBID1 (UL(1) << 52)
diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
index 1e2d10f86011..df30ed3dac4d 100644
--- a/lib/Kconfig.kasan
+++ b/lib/Kconfig.kasan
@@ -85,6 +85,7 @@ config KASAN_GENERIC
config KASAN_SW_TAGS
bool "Software tag-based mode"
+ depends on ARM64_TBI
depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
select SLUB_DEBUG if SLUB
select CONSTRUCTORS
@@ -108,6 +109,7 @@ config KASAN_SW_TAGS
config KASAN_HW_TAGS
bool "Hardware tag-based mode"
+ depends on ARM64_TBI
depends on HAVE_ARCH_KASAN_HW_TAGS
depends on SLUB
help
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-14 18:06 [PATCH] ARM64: Provide the ARM64_TBI option Yuan Li
@ 2021-07-14 18:43 ` Robin Murphy
2021-07-15 16:11 ` Will Deacon
0 siblings, 1 reply; 7+ messages in thread
From: Robin Murphy @ 2021-07-14 18:43 UTC (permalink / raw
To: Yuan Li, catalin.marinas, will, linux-arm-kernel; +Cc: twd2.me
On 2021-07-14 19:06, Yuan Li wrote:
> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
> on by default, but, it does not provide any option to turn the feature off.
>
> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
> turned off, the PA will be able to use the top byte, resulting longer pointer
> authentication codes, which is more secure.
>
> This patch changes the default support for the TBI to an option that can be
> turned off.
This would have to be something that processes explicitly opt in to. See
Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
break existing userspace software.
Robin.
> Signed-off-by: Yuan Li <lydorazoe@gmail.com>
> ---
> arch/arm64/Kconfig | 6 ++++++
> arch/arm64/include/asm/memory.h | 6 +++++-
> arch/arm64/include/asm/pgtable-hwdef.h | 5 +++++
> lib/Kconfig.kasan | 2 ++
> 4 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b5b13a932561..22be64358df2 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -357,6 +357,10 @@ source "arch/arm64/Kconfig.platforms"
>
> menu "Kernel Features"
>
> +config ARM64_TBI
> + bool "Enable support for Top Byte Ignore (TBI)"
> + default y
> +
> menu "ARM errata workarounds via the alternatives framework"
>
> config ARM64_WORKAROUND_CLEAN_CACHE
> @@ -1212,6 +1216,7 @@ config ARM64_SW_TTBR0_PAN
> config ARM64_TAGGED_ADDR_ABI
> bool "Enable the tagged user addresses syscall ABI"
> default y
> + depends on ARM64_TBI
> help
> When this option is enabled, user applications can opt in to a
> relaxed ABI via prctl() allowing tagged addresses to be passed
> @@ -1649,6 +1654,7 @@ config ARM64_AS_HAS_MTE
> config ARM64_MTE
> bool "Memory Tagging Extension support"
> default y
> + depends on ARM64_TBI
> depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI
> depends on AS_HAS_ARMV8_5
> depends on AS_HAS_LSE_ATOMICS
> diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
> index 824a3655dd93..74323aa69811 100644
> --- a/arch/arm64/include/asm/memory.h
> +++ b/arch/arm64/include/asm/memory.h
> @@ -215,8 +215,12 @@ static inline unsigned long kaslr_offset(void)
> * up with a tagged userland pointer. Clear the tag to get a sane pointer to
> * pass on to access_ok(), for instance.
> */
> -#define __untagged_addr(addr) \
> +#ifdef CONFIG_ARM64_TBI
> +#define __untagged_addr(addr) \
> ((__force __typeof__(addr))sign_extend64((__force u64)(addr), 55))
> +#else /* CONFIG_ARM64_TBI */
> +#define __untagged_addr(addr) (addr)
> +#endif /* CONFIG_ARM64_TBI */
>
> #define untagged_addr(addr) ({ \
> u64 __addr = (__force u64)(addr); \
> diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
> index 40085e53f573..827904470515 100644
> --- a/arch/arm64/include/asm/pgtable-hwdef.h
> +++ b/arch/arm64/include/asm/pgtable-hwdef.h
> @@ -264,8 +264,13 @@
> #define TCR_IPS_MASK (UL(7) << TCR_IPS_SHIFT)
> #define TCR_A1 (UL(1) << 22)
> #define TCR_ASID16 (UL(1) << 36)
> +#ifdef CONFIG_ARM64_TBI
> #define TCR_TBI0 (UL(1) << 37)
> #define TCR_TBI1 (UL(1) << 38)
> +#else /* CONFIG_ARM64_TBI */
> +#define TCR_TBI0 (UL(0) << 37)
> +#define TCR_TBI1 (UL(0) << 38)
> +#endif /* CONFIG_ARM64_TBI */
> #define TCR_HA (UL(1) << 39)
> #define TCR_HD (UL(1) << 40)
> #define TCR_TBID1 (UL(1) << 52)
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 1e2d10f86011..df30ed3dac4d 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -85,6 +85,7 @@ config KASAN_GENERIC
>
> config KASAN_SW_TAGS
> bool "Software tag-based mode"
> + depends on ARM64_TBI
> depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
> select SLUB_DEBUG if SLUB
> select CONSTRUCTORS
> @@ -108,6 +109,7 @@ config KASAN_SW_TAGS
>
> config KASAN_HW_TAGS
> bool "Hardware tag-based mode"
> + depends on ARM64_TBI
> depends on HAVE_ARCH_KASAN_HW_TAGS
> depends on SLUB
> help
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-14 18:43 ` Robin Murphy
@ 2021-07-15 16:11 ` Will Deacon
2021-07-15 16:48 ` Robin Murphy
0 siblings, 1 reply; 7+ messages in thread
From: Will Deacon @ 2021-07-15 16:11 UTC (permalink / raw
To: Robin Murphy; +Cc: Yuan Li, catalin.marinas, linux-arm-kernel, twd2.me
On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote:
> On 2021-07-14 19:06, Yuan Li wrote:
> > The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
> > on by default, but, it does not provide any option to turn the feature off.
> >
> > In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
> > turned off, the PA will be able to use the top byte, resulting longer pointer
> > authentication codes, which is more secure.
> >
> > This patch changes the default support for the TBI to an option that can be
> > turned off.
>
> This would have to be something that processes explicitly opt in to. See
> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
> break existing userspace software.
Maybe the patch from Peter:
https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com
is a better starting point?
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-15 16:11 ` Will Deacon
@ 2021-07-15 16:48 ` Robin Murphy
2021-07-16 16:14 ` Peter Collingbourne
0 siblings, 1 reply; 7+ messages in thread
From: Robin Murphy @ 2021-07-15 16:48 UTC (permalink / raw
To: Will Deacon; +Cc: Yuan Li, catalin.marinas, linux-arm-kernel, twd2.me
On 2021-07-15 17:11, Will Deacon wrote:
> On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote:
>> On 2021-07-14 19:06, Yuan Li wrote:
>>> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
>>> on by default, but, it does not provide any option to turn the feature off.
>>>
>>> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
>>> turned off, the PA will be able to use the top byte, resulting longer pointer
>>> authentication codes, which is more secure.
>>>
>>> This patch changes the default support for the TBI to an option that can be
>>> turned off.
>>
>> This would have to be something that processes explicitly opt in to. See
>> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
>> break existing userspace software.
>
> Maybe the patch from Peter:
>
> https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com
>
> is a better starting point?
Yeah, a command-line opt-in is certainly a more reasonable approach.
However it still seems to me that it would make most sense as a
per-process thing like the tagged address syscall ABI, since it's of no
automatic benefit to existing software built without pointer auth, and
AFAICS it's really up to individual programs whether they care more
about stronger signing than tagged pointers. It was bad enough when we
changed the VA_BITS default to 48 and discovered just how many things
were using the Mozilla JIT, so I'm not sure I relish the thought of
going through the same process with TBI0 ;)
Come to think of it I guess any option should probably disable the
tagged address syscall ABI, as that doesn't make much sense without
TBI0. Are we likely to want a signed pointer syscall ABI as well?
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-15 16:48 ` Robin Murphy
@ 2021-07-16 16:14 ` Peter Collingbourne
2021-07-16 16:48 ` Robin Murphy
2021-07-16 18:37 ` twd2
0 siblings, 2 replies; 7+ messages in thread
From: Peter Collingbourne @ 2021-07-16 16:14 UTC (permalink / raw
To: Robin Murphy; +Cc: Will Deacon, Yuan Li, Catalin Marinas, Linux ARM, twd2.me
On Fri, Jul 16, 2021 at 1:09 AM Robin Murphy <robin.murphy@arm.com> wrote:
>
> On 2021-07-15 17:11, Will Deacon wrote:
> > On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote:
> >> On 2021-07-14 19:06, Yuan Li wrote:
> >>> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
> >>> on by default, but, it does not provide any option to turn the feature off.
> >>>
> >>> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
> >>> turned off, the PA will be able to use the top byte, resulting longer pointer
> >>> authentication codes, which is more secure.
> >>>
> >>> This patch changes the default support for the TBI to an option that can be
> >>> turned off.
> >>
> >> This would have to be something that processes explicitly opt in to. See
> >> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
> >> break existing userspace software.
> >
> > Maybe the patch from Peter:
> >
> > https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com
> >
> > is a better starting point?
>
> Yeah, a command-line opt-in is certainly a more reasonable approach.
> However it still seems to me that it would make most sense as a
> per-process thing like the tagged address syscall ABI, since it's of no
> automatic benefit to existing software built without pointer auth, and
> AFAICS it's really up to individual programs whether they care more
> about stronger signing than tagged pointers. It was bad enough when we
> changed the VA_BITS default to 48 and discovered just how many things
> were using the Mozilla JIT, so I'm not sure I relish the thought of
> going through the same process with TBI0 ;)
>
>
> Come to think of it I guess any option should probably disable the
> tagged address syscall ABI, as that doesn't make much sense without
> TBI0. Are we likely to want a signed pointer syscall ABI as well?
>
> Robin.
Bear in mind that disabling TBI0 disables the ability to use MTE. At
least from our perspective, MTE is considered a more valuable
mitigation than PAC. That's why we're only intending to disable TBI
for code pointers, not for data pointers (via TBID0).
As Catalin wrote in [1], having this be a per-process option would be
more expensive, and may even be infeasible with the current
architecture. That's why we decided to go with a command line option.
Peter
[1] https://lore.kernel.org/linux-arm-kernel/20201124184742.GC42276@C02TF0J2HF1T.local/
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-16 16:14 ` Peter Collingbourne
@ 2021-07-16 16:48 ` Robin Murphy
2021-07-16 18:37 ` twd2
1 sibling, 0 replies; 7+ messages in thread
From: Robin Murphy @ 2021-07-16 16:48 UTC (permalink / raw
To: Peter Collingbourne
Cc: Will Deacon, Yuan Li, Catalin Marinas, Linux ARM, twd2.me
On 2021-07-16 17:14, Peter Collingbourne wrote:
> On Fri, Jul 16, 2021 at 1:09 AM Robin Murphy <robin.murphy@arm.com> wrote:
>>
>> On 2021-07-15 17:11, Will Deacon wrote:
>>> On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote:
>>>> On 2021-07-14 19:06, Yuan Li wrote:
>>>>> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
>>>>> on by default, but, it does not provide any option to turn the feature off.
>>>>>
>>>>> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
>>>>> turned off, the PA will be able to use the top byte, resulting longer pointer
>>>>> authentication codes, which is more secure.
>>>>>
>>>>> This patch changes the default support for the TBI to an option that can be
>>>>> turned off.
>>>>
>>>> This would have to be something that processes explicitly opt in to. See
>>>> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
>>>> break existing userspace software.
>>>
>>> Maybe the patch from Peter:
>>>
>>> https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com
>>>
>>> is a better starting point?
>>
>> Yeah, a command-line opt-in is certainly a more reasonable approach.
>> However it still seems to me that it would make most sense as a
>> per-process thing like the tagged address syscall ABI, since it's of no
>> automatic benefit to existing software built without pointer auth, and
>> AFAICS it's really up to individual programs whether they care more
>> about stronger signing than tagged pointers. It was bad enough when we
>> changed the VA_BITS default to 48 and discovered just how many things
>> were using the Mozilla JIT, so I'm not sure I relish the thought of
>> going through the same process with TBI0 ;)
>>
>>
>> Come to think of it I guess any option should probably disable the
>> tagged address syscall ABI, as that doesn't make much sense without
>> TBI0. Are we likely to want a signed pointer syscall ABI as well?
>>
>> Robin.
>
> Bear in mind that disabling TBI0 disables the ability to use MTE. At
> least from our perspective, MTE is considered a more valuable
> mitigation than PAC. That's why we're only intending to disable TBI
> for code pointers, not for data pointers (via TBID0).
>
> As Catalin wrote in [1], having this be a per-process option would be
> more expensive, and may even be infeasible with the current
> architecture. That's why we decided to go with a command line option.
Ah, now it starts to make more sense, thanks for the prod. TBH I'm not
sure I'd even noticed that PAuth added that subtlety, and I definitely
failed to read your patch closely enough :)
> [1] https://lore.kernel.org/linux-arm-kernel/20201124184742.GC42276@C02TF0J2HF1T.local/
No argument with the reasoning on that thread from me - looks like
you're at least as wary as I am. Sorry for the confusion!
Cheers,
Robin.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] ARM64: Provide the ARM64_TBI option
2021-07-16 16:14 ` Peter Collingbourne
2021-07-16 16:48 ` Robin Murphy
@ 2021-07-16 18:37 ` twd2
1 sibling, 0 replies; 7+ messages in thread
From: twd2 @ 2021-07-16 18:37 UTC (permalink / raw
To: Peter Collingbourne, Robin Murphy
Cc: Will Deacon, Yuan Li, Catalin Marinas, Linux ARM
MTE is indeed strong mitigation, but I'm curious that when will commercial chips featuring MTE be carried out :)
Or we would have to depend on other mitigations like PAC for a while.
Thanks.
Wende
On 2021/7/17 0:14, Peter Collingbourne wrote:
> On Fri, Jul 16, 2021 at 1:09 AM Robin Murphy <robin.murphy@arm.com> wrote:
>> On 2021-07-15 17:11, Will Deacon wrote:
>>> On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote:
>>>> On 2021-07-14 19:06, Yuan Li wrote:
>>>>> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
>>>>> on by default, but, it does not provide any option to turn the feature off.
>>>>>
>>>>> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
>>>>> turned off, the PA will be able to use the top byte, resulting longer pointer
>>>>> authentication codes, which is more secure.
>>>>>
>>>>> This patch changes the default support for the TBI to an option that can be
>>>>> turned off.
>>>> This would have to be something that processes explicitly opt in to. See
>>>> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
>>>> break existing userspace software.
>>> Maybe the patch from Peter:
>>>
>>> https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com
>>>
>>> is a better starting point?
>> Yeah, a command-line opt-in is certainly a more reasonable approach.
>> However it still seems to me that it would make most sense as a
>> per-process thing like the tagged address syscall ABI, since it's of no
>> automatic benefit to existing software built without pointer auth, and
>> AFAICS it's really up to individual programs whether they care more
>> about stronger signing than tagged pointers. It was bad enough when we
>> changed the VA_BITS default to 48 and discovered just how many things
>> were using the Mozilla JIT, so I'm not sure I relish the thought of
>> going through the same process with TBI0 ;)
>>
>>
>> Come to think of it I guess any option should probably disable the
>> tagged address syscall ABI, as that doesn't make much sense without
>> TBI0. Are we likely to want a signed pointer syscall ABI as well?
>>
>> Robin.
> Bear in mind that disabling TBI0 disables the ability to use MTE. At
> least from our perspective, MTE is considered a more valuable
> mitigation than PAC. That's why we're only intending to disable TBI
> for code pointers, not for data pointers (via TBID0).
>
> As Catalin wrote in [1], having this be a per-process option would be
> more expensive, and may even be infeasible with the current
> architecture. That's why we decided to go with a command line option.
>
> Peter
>
> [1] https://lore.kernel.org/linux-arm-kernel/20201124184742.GC42276@C02TF0J2HF1T.local/
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-07-16 18:39 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-14 18:06 [PATCH] ARM64: Provide the ARM64_TBI option Yuan Li
2021-07-14 18:43 ` Robin Murphy
2021-07-15 16:11 ` Will Deacon
2021-07-15 16:48 ` Robin Murphy
2021-07-16 16:14 ` Peter Collingbourne
2021-07-16 16:48 ` Robin Murphy
2021-07-16 18:37 ` twd2
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.