arm64: BTI: Add Kconfig entry for userspace BTI

Now that the code for userspace BTI support is in the kernel add the
Kconfig entry so that it can be built and used.

[Split out of "arm64: Basic Branch Target Identification support"
    -- broonie]

Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 8a15bc6..d65d226 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1522,6 +1522,28 @@ endmenu
 
 menu "ARMv8.5 architectural features"
 
+config ARM64_BTI
+       bool "Branch Target Identification support"
+       default y
+       help
+         Branch Target Identification (part of the ARMv8.5 Extensions)
+         provides a mechanism to limit the set of locations to which computed
+         branch instructions such as BR or BLR can jump.
+
+         To make use of BTI on CPUs that support it, say Y.
+
+         BTI is intended to provide complementary protection to other control
+         flow integrity protection mechanisms, such as the Pointer
+         authentication mechanism provided as part of the ARMv8.3 Extensions.
+         For this reason, it does not make sense to enable this option without
+         also enabling support for pointer authentication.  Thus, when
+         enabling this option you should also select ARM64_PTR_AUTH=y.
+
+         Userspace binaries must also be specifically compiled to make use of
+         this mechanism.  If you say N here or the hardware does not support
+         BTI, such binaries can still run, but you get no additional
+         enforcement of branch destinations.
+
 config ARM64_E0PD
        bool "Enable support for E0PD"
        default y