Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAJgzZoqy294CRN3s5oKaFZY8Uca9Za98vDoRjzQBmKtg4OjHrQ@mail.gmail.com>
Date: Mon, 12 Feb 2024 13:34:32 -0800
From: enh <enh@...gle.com>
To: musl@...ts.openwall.com
Cc: Rich Felker <dalias@...c.org>
Subject: Re: PAC/BTI Support on aarch64

On Mon, Feb 12, 2024 at 1:26 PM William Roberts
<bill.c.roberts@...il.com> wrote:
>
> On Mon, Feb 12, 2024 at 12:42 PM Rich Felker <dalias@...c.org> wrote:
> >
> > On Mon, Feb 12, 2024 at 10:38:50AM -0600, William Roberts wrote:
> > > Hello,
> > >
> > > I was just wondering if there was any work being done to support PAC
> > > and BTI in aarch64? I could add support but didn't want to duplicate
> > > the work.
> >
> > I'm not aware of any active work on this, but before writing a full
> > implementation, it would be really helpful to start with a basic
> > proposal for the scope of changes needed to make it work to assess
> > whether these are manageable and acceptable cost.
>
> It's a matter of building with -mbranch-protection=standard
>
> Just the ASM labels need the first instruction to be a BTI. They're in
> the NOP space
> so they are backwards compatible, older hardware will just NOP it.
>
> It's been done for many projects, glibc and bionic have it. The
> problem with BTI is that when one item in the link
> list doesn't support BTI the loader/linker turns it off. So when it's
> something like a libc that is fundamental in the link chain,
> it turns it off for everything.

note that bionic was quite sneaky, and if you look at bionic's arm64
.S files, you'll think we _haven't_ done the BTI work... we hid the
`bti c` instruction in the implementation of our ENTRY() macro
[https://android.googlesource.com/platform/bionic/+/main/libc/private/bionic_asm_arm64.h#48]
and similarly the ELF note you need is hidden by macros too
[https://android.googlesource.com/platform/bionic/+/main/libc/private/bionic_asm_arm64.h#60].

> The initial scope of code changes would be what's reported when
> LDFLAGS=-Wl,-zforce-bti,--fatal-warnings
>
> /usr/bin/ld: obj/src/fenv/aarch64/fenv.lo: warning: BTI turned on by
> -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/ldso/aarch64/dlsym.lo: warning: BTI turned on by
> -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/ldso/aarch64/tlsdesc.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/process/aarch64/vfork.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/setjmp/aarch64/longjmp.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/setjmp/aarch64/setjmp.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/signal/aarch64/restore.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/signal/aarch64/sigsetjmp.lo: warning: BTI turned
> on by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/string/aarch64/memcpy.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/string/aarch64/memset.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/thread/aarch64/__set_thread_area.lo: warning: BTI
> turned on by -z force-bti when all inputs do not have BTI in NOTE
> section.
> /usr/bin/ld: obj/src/thread/aarch64/__unmapself.lo: warning: BTI
> turned on by -z force-bti when all inputs do not have BTI in NOTE
> section.
> /usr/bin/ld: obj/src/thread/aarch64/clone.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/thread/aarch64/syscall_cp.lo: warning: BTI turned
> on by -z force-bti when all inputs do not have BTI in NOTE section.
>
> >
> > Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.