[3.12] gh-139808: Add branch protections for aarch64 in asm_trampoline.S (#130864)#150198
[3.12] gh-139808: Add branch protections for aarch64 in asm_trampoline.S (#130864)#150198stratakis wants to merge 1 commit into
Conversation
…mpoline.S (python#130864) Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S. The BTI flag must be applied in assembler sources for this class of attacks to be mitigated on newer aarch64 processors. See also: https://sourceware.org/annobin/annobin.html/Test-branch-protection.html and https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64 Co-authored-by: Victor Stinner <vstinner@python.org>
Documentation build overview
534 files changed ·
|
|
3.12 is currently on security only fixes. This issue resolves a security issue when compiling on aarch64 with -mbranch-protection. Without the PR, when using -mbranch-protection=standard to enable the aarch64 hardware protections, the linker will see that there is a missing note from the object files generated by the assembly sources and will drop the notes from the final binary/library, deactivating the protections. Verified that perf integration works well, with and without the flag, including frame pointers. And the final binary correctly shows BTI, PAC, GCS with readelf -n. |
vstinner
left a comment
vstinner
left a comment
There was a problem hiding this comment.
LGTM. It's a backport of a fix already merged in stable branches.
2 participants
Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S.
The BTI flag must be applied in assembler sources for this class of attacks to be mitigated on newer aarch64 processors.
See also:
https://sourceware.org/annobin/annobin.html/Test-branch-protection.html and
https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64