[PATCH 1/1] aarch64: support PAC and BTI

[Niels Möller]

Bill Roberts <bill.roberts at arm.com> writes:

> Enable Pointer Authentication Codes (PAC) and Branch Target
> Identification (BTI) support for ARM 64 targets.

I only have a rough idea of how these security features work, but I have
a few suggestions after having a new look at the patch. (These are my
opinions as a GMP contributor, I'm not speaking for the rest of the GMP
team).

1. Must PAC and BTI be used together, or can support be added as two
   separate contributions?

2. It's not so nice to need a BTI_C line in every(?) .asm file. Please
   fold the needed magic inside the PROLOGUE macro. A 900 line patch
   looks rather intimidating.

3. Tests would help providing some confidence that this works as
   intended, and keeps working as intended as GMP evolves. Maybe you can
   get some inspiration from this test in Nettle:
   https://git.lysator.liu.se/nettle/nettle/-/blob/master/testsuite/x86-ibt-test.c?ref_type=heads

   A test could verify (i) that an executable linked with GMP gets the
   properly marks (ELF flags or whatever it is) to have the protections
   enabled by the kernel, and (ii) that if the executable runs some code
   violating the PAC/BTI conventions, than it gets the expected kill
   signal.

4. "Dynamically generated m4" doesn't sound good to me. I would hope
   this support can be added without adding one more level of
   preprocessing. I'd prefer either configure tests based on, e.g.,
   predefines set by the compiler. If for some reason it's very
   difficult to configure automatically in a robust way, then it's
   probably better to start with only a configure argument for enabling
   this, and improve on automatic configuration later.

Regards,
/Niels

-- 
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.