arm64: Document why we enable PAC support for leaf functions

Document the fact that we enable pointer authentication protection for leaf functions since there is some narrow potential for ROP protection benefits and little overhead has been observed. Signed-off-by: N Mark Brown <broonie@kernel.org> Link: https://lore.kernel.org/r/20200506195138.22086-2-broonie@kernel.orgSigned-off-by: N Will Deacon <will@kernel.org>

arm64: Document why we enable PAC support for leaf functions
Document the fact that we enable pointer authentication protection for leaf functions since there is some narrow potential for ROP protection benefits and little overhead has been observed. Signed-off-by: N Mark Brown <broonie@kernel.org> Link: https://lore.kernel.org/r/20200506195138.22086-2-broonie@kernel.orgSigned-off-by: N Will Deacon <will@kernel.org>
717b938e · Mark Brown · Will Deacon · e5159827 · 717b938e
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

arch/arm64/Makefile arch/arm64/Makefile +3 -0

未找到文件。
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -71,6 +71,9 @@ branch-prot-flags-y += $(call cc-option,-mbranch-protection=none)

 ifeq ($(CONFIG_ARM64_PTR_AUTH),y)
 branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address=all
+# We enable additional protection for leaf functions as there is some
+# narrow potential for ROP protection benefits and no substantial
+# performance impact has been observed.
 branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=pac-ret+leaf
 # -march=armv8.3-a enables the non-nops instructions for PAC, to avoid the
 # compiler to generate them and consequently to break the single image contract