You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
arm64: Always force a branch protection mode when the compiler has one
Compilers with branch protection support can be configured to enable it by
default, it is likely that distributions will do this as part of deploying
branch protection system wide. As well as the slight overhead from having
some extra NOPs for unused branch protection features this can cause more
serious problems when the kernel is providing pointer authentication to
userspace but not built for pointer authentication itself. In that case our
switching of keys for userspace can affect the kernel unexpectedly, causing
pointer authentication instructions in the kernel to corrupt addresses.
To ensure that we get consistent and reliable behaviour always explicitly
initialise the branch protection mode, ensuring that the kernel is built
the same way regardless of the compiler defaults.
Fixes: 7503197 (arm64: add basic pointer authentication support)
Reported-by: Szabolcs Nagy <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
Cc: [email protected]
[[email protected]: remove Kconfig option in favour of Makefile check]
Signed-off-by: Catalin Marinas <[email protected]>
0 commit comments