On Sat, Nov 21, 2020 at 01:59:03AM -0800, Peter Collingbourne wrote: > Introduce a Kconfig option that controls whether TCR_EL1.TBID0 is > set at boot time. > > Setting TCR_EL1.TBID0 increases the number of signature bits used by > the pointer authentication instructions for instruction addresses by 8, > which improves the security of pointer authentication, but it also has > the consequence of changing the operation of the branch instructions > so that they no longer ignore the top byte of the target address but > instead fault if they are non-zero. Since this is a change to the > userspace ABI the option defaults to off. > > Signed-off-by: Peter Collingbourne <pcc@xxxxxxxxxx> > Link: https://linux-review.googlesource.com/id/Ife724ad708142bc475f42e8c1d9609124994bbbd > --- > This is more of an RFC. An open question is how to expose this. > Having it be a build-time flag is probably the simplest option > but I guess it could also be a boot flag. Since it involves an > ABI change we may also want a prctl() so that userspace can > figure out which mode it is in. > > I think we should try to avoid it being a per-task property > so that we don't need to swap yet another system register on > task switch. Having it changed per task at run-time is problematic as this bit may be cached in the TLB, so it would require a synchronisation across all CPUs followed by TLBI. It's not even clear to me from the ARM ARM whether this bit is tagged by ASID, which, if not, would make a per-process setting impossible. So this leaves us with a cmdline option. If we are confident that no software makes use of tagged instruction pointers, we could have it default on. Adding Szabolcs on the gcc/glibc side. -- Catalin
