)]}'
{
  "commit": "a0b49d63fdc33e54eac93674c86891d15d181d87",
  "tree": "90b826887bf4768dae234a777d38f10ea824477c",
  "parents": [
    "dcd6e447eba4f32f49c22c6196ed0e714cc522c1"
  ],
  "author": {
    "name": "Tamas Petz",
    "email": "tamas.petz@arm.com",
    "time": "Mon Jun 15 11:46:59 2020 +0200"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Tue Aug 11 23:45:04 2020 +0000"
  },
  "message": "aarch64: support BTI and pointer authentication in assembly\n\nThis change adds optional support for\n- Armv8.3-A Pointer Authentication (PAuth) and\n- Armv8.5-A Branch Target Identification (BTI)\nfeatures to the perl scripts.\n\nBoth features can be enabled with additional compiler flags.\nUnless any of these are enabled explicitly there is no code change at\nall.\n\nThe extensions are briefly described below. Please read the appropriate\nchapters of the Arm Architecture Reference Manual for the complete\nspecification.\n\nScope\n-----\n\nThis change only affects generated assembly code.\n\nArmv8.3-A Pointer Authentication\n--------------------------------\n\nPointer Authentication extension supports the authentication of the\ncontents of registers before they are used for indirect branching\nor load.\n\nPAuth provides a probabilistic method to detect corruption of register\nvalues. PAuth signing instructions generate a Pointer Authentication\nCode (PAC) based on the value of a register, a seed and a key.\nThe generated PAC is inserted into the original value in the register.\nA PAuth authentication instruction recomputes the PAC, and if it matches\nthe PAC in the register, restores its original value. In case of a\nmismatch, an architecturally unmapped address is generated instead.\n\nWith PAuth, mitigation against ROP (Return-oriented Programming) attacks\ncan be implemented. This is achieved by signing the contents of the\nlink-register (LR) before it is pushed to stack. Once LR is popped,\nit is authenticated. This way a stack corruption which overwrites the\nLR on the stack is detectable.\n\nThe PAuth extension adds several new instructions, some of which are not\nrecognized by older hardware. To support a single codebase for both pre\nArmv8.3-A targets and newer ones, only NOP-space instructions are added\nby this patch. These instructions are treated as NOPs on hardware\nwhich does not support Armv8.3-A. Furthermore, this patch only considers\ncases where LR is saved to the stack and then restored before branching\nto its content. There are cases in the code where LR is pushed to stack\nbut it is not used later. We do not address these cases as they are not\naffected by PAuth.\n\nThere are two keys available to sign an instruction address: A and B.\nPACIASP and PACIBSP only differ in the used keys: A and B, respectively.\nThe keys are typically managed by the operating system.\n\nTo enable generating code for PAuth compile with\n-mbranch-protection\u003d\u003cmode\u003e:\n\n- standard or pac-ret: add PACIASP and AUTIASP, also enables BTI\n  (read below)\n- pac-ret+b-key: add PACIBSP and AUTIBSP\n\nArmv8.5-A Branch Target Identification\n--------------------------------------\n\nBranch Target Identification features some new instructions which\nprotect the execution of instructions on guarded pages which are not\nintended branch targets.\n\nIf Armv8.5-A is supported by the hardware, execution of an instruction\nchanges the value of PSTATE.BTYPE field. If an indirect branch\nlands on a guarded page the target instruction must be one of the\nBTI \u003cjc\u003e flavors, or in case of a direct call or jump it can be any\nother instruction. If the target instruction is not compatible with the\nvalue of PSTATE.BTYPE a Branch Target Exception is generated.\n\nIn short, indirect jumps are compatible with BTI \u003cj\u003e and \u003cjc\u003e while\nindirect calls are compatible with BTI \u003cc\u003e and \u003cjc\u003e. Please refer to the\nspecification for the details.\n\nArmv8.3-A PACIASP and PACIBSP are implicit branch target\nidentification instructions which are equivalent with BTI c or BTI jc\ndepending on system register configuration.\n\nBTI is used to mitigate JOP (Jump-oriented Programming) attacks by\nlimiting the set of instructions which can be jumped to.\n\nBTI requires active linker support to mark the pages with BTI-enabled\ncode as guarded. For ELF64 files BTI compatibility is recorded in the\n.note.gnu.property section. For a shared object or static binary it is\nrequired that all linked units support BTI. This means that even a\nsingle assembly file without the required note section turns-off BTI\nfor the whole binary or shared object.\n\nThe new BTI instructions are treated as NOPs on hardware which does\nnot support Armv8.5-A or on pages which are not guarded.\n\nTo insert this new and optional instruction compile with\n-mbranch-protection\u003dstandard (also enables PAuth) or +bti.\n\nWhen targeting a guarded page from a non-guarded page, weaker\ncompatibility restrictions apply to maintain compatibility between\nlegacy and new code. For detailed rules please refer to the Arm ARM.\n\nCompiler support\n----------------\n\nCompiler support requires understanding \u0027-mbranch-protection\u003d\u003cmode\u003e\u0027\nand emitting the appropriate feature macros (__ARM_FEATURE_BTI_DEFAULT\nand __ARM_FEATURE_PAC_DEFAULT). The current state is the following:\n\n-------------------------------------------------------\n| Compiler | -mbranch-protection | Feature macros     |\n+----------+---------------------+--------------------+\n| clang    | 9.0.0               | 11.0.0             |\n+----------+---------------------+--------------------+\n| gcc      | 9                   | expected in 10.1+  |\n-------------------------------------------------------\n\nAvailable Platforms\n------------------\n\nArm Fast Model and QEMU support both extensions.\n\nhttps://developer.arm.com/tools-and-software/simulation-models/fast-models\nhttps://www.qemu.org/\n\nImplementation Notes\n--------------------\n\nThis change adds BTI landing pads even to assembly functions which are\nlikely to be directly called only. In these cases, landing pads might\nbe superfluous depending on what code the linker generates.\nCode size and performance impact for these cases would be negligble.\n\nInteraction with C code\n-----------------------\n\nPointer Authentication is a per-frame protection while Branch Target\nIdentification can be turned on and off only for all code pages of a\nwhole shared object or static binary. Because of these properties if\nC/C++ code is compiled without any of the above features but assembly\nfiles support any of them unconditionally there is no incompatibility\nbetween the two.\n\nUseful Links\n------------\n\nTo fully understand the details of both PAuth and BTI it is advised to\nread the related chapters of the Arm Architecture Reference Manual\n(Arm ARM):\nhttps://developer.arm.com/documentation/ddi0487/latest/\n\nAdditional materials:\n\n\"Providing protection for complex software\"\nhttps://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software\n\nArm Compiler Reference Guide Version 6.14: -mbranch-protection\nhttps://developer.arm.com/documentation/101754/0614/armclang-Reference/armclang-Command-line-Options/-mbranch-protection?lang\u003den\n\nArm C Language Extensions (ACLE)\nhttps://developer.arm.com/docs/101028/latest\n\nChange-Id: I4335f92e2ccc8e209c7d68a0a79f1acdf3aeb791\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42084\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "9cae28c0ddfe92a0ca5a869a112e4f6e8a7ccbc8",
      "old_mode": 33261,
      "old_path": "crypto/chacha/asm/chacha-armv8.pl",
      "new_id": "05958c8323cb6e842edb0fdcfadd0872c5bd432e",
      "new_mode": 33261,
      "new_path": "crypto/chacha/asm/chacha-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "187c2219c823c479b5e14cbc0054c922d2f91c24",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/aes/asm/aesv8-armx.pl",
      "new_id": "5fd986424542127fa6c50a9215a60ac3c6339d8d",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/aes/asm/aesv8-armx.pl"
    },
    {
      "type": "modify",
      "old_id": "bae5e7e9f2d8875b614016ef9c79d1b2f0d810f2",
      "old_mode": 33261,
      "old_path": "crypto/fipsmodule/aes/asm/vpaes-armv8.pl",
      "new_id": "e4b9cebd118f1dc7d2d096e51c536d85756097c5",
      "new_mode": 33261,
      "new_path": "crypto/fipsmodule/aes/asm/vpaes-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "db2ba491e5ce90fc87863147db77afa28f14b234",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/bn/asm/armv8-mont.pl",
      "new_id": "788a0ce39e204bdfda1648867a4e3116511ee97c",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/bn/asm/armv8-mont.pl"
    },
    {
      "type": "modify",
      "old_id": "e72d0dce49e1e42dd7c153d7194280f595bff651",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl",
      "new_id": "94f95c264edf406052ec6e791581af87e6774d1d",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "99124a2b35637bef950e4604421b6859973d2dc9",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/modes/asm/ghashv8-armx.pl",
      "new_id": "82f76372c558903d4c4b17af10ce40e66957560d",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/modes/asm/ghashv8-armx.pl"
    },
    {
      "type": "modify",
      "old_id": "59d55b3c0c4df2d8966dfafd706d2c4b50150ec8",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/sha/asm/sha1-armv8.pl",
      "new_id": "dfde8c9adc32b9c61356a100320c3614c677d220",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/sha/asm/sha1-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "1afaf58e0a63253ea7a10969ada6a41cda2ae148",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/sha/asm/sha512-armv8.pl",
      "new_id": "aff41cee6251a985a9dbaa0785325be7a0a850a0",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/sha/asm/sha512-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "aefe5f76058c3fef75f818091ecbe69baf4ae9e3",
      "old_mode": 33261,
      "old_path": "crypto/test/asm/trampoline-armv8.pl",
      "new_id": "426360ee73f4414b92cf442aeb8135ae264682c6",
      "new_mode": 33261,
      "new_path": "crypto/test/asm/trampoline-armv8.pl"
    },
    {
      "type": "modify",
      "old_id": "faa2655e521703637ab1f166b66a0f4fdab7d269",
      "old_mode": 33188,
      "old_path": "include/openssl/arm_arch.h",
      "new_id": "1f16799afd8475bf29a6fb08ba4058b24b34b6d5",
      "new_mode": 33188,
      "new_path": "include/openssl/arm_arch.h"
    }
  ]
}