Received: by 10.192.165.148 with SMTP id m20csp538700imm; Fri, 27 Apr 2018 03:28:44 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrn3xzNppuPS6yA6Kc3Pjcz06qIdCfyvct6Li7orfaslcv5FmosY+FsresyJ9eqS9CkGOB4 X-Received: by 2002:a17:902:2947:: with SMTP id g65-v6mr1749623plb.346.1524824924621; Fri, 27 Apr 2018 03:28:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524824924; cv=none; d=google.com; s=arc-20160816; b=hZ56JC4y/x0Q0f4UoZ0qamx1NeIYN95kV3cK51bRKlV+LbjZ1dh0Sdf7QnHHRT7bgb hBFLfVvJWvFCq6Tj79ZyRAP5D6+HlmTv9YEch2wRhWz5Qgq8OeVrP+t7mHFNE117KxPr CsqRkVjB3Kbh63wNTBEBoiaOXqw6XKKlbV/WCPpnImQOR6L3+r8sAgfHsL5pNYa1ZyPI 3W9wEJ02lNbWmD7CUcmSs1gbTsE50dK6qUXQ81gD8UqHH1HqsjMDhR/fIzRvDLODsHPs F5o4NHdjRK/XP8XARn7TxSzERwq1h9nx7OJl381Hm2k5rl3Yk8wrUkWDZHdCKgn79oND RHgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=w3K4DloBg39nh1s4CZPnM/gL+N9ficNwzFWbgcexyCU=; b=EGSOlm6DZe2QAZxR3aewaZv7V2vVPXl/8g/YYXUADvTRvXVvKJjzwgz38/LGIfG+Hq hFU2uv0QFQr1aXT75iW0/sdsMHfZ6KcTV5TaZj5Nvdb4rBglBRtX0P6JnEyytShK4XID u3PHR1ckYkkRnfXVZVqHYhbNGqel76V2+q5ntceI63h2d1+dzoXwOXCoaLkYCLGOrSzR XMCudzpxPzSb+zI3TGbZN5TJPjGzH4Fnbu0O1sC4TGWmeyB9UjGgVXec9xABsRP5KwcC 5zBObbkizK+7ZiwP4NOIf7BXNb5OZHq3FCZZXstjqfFz12f5VlMkw5hxpqbnwWF0e6ch Y1Uw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1-v6si958518plb.355.2018.04.27.03.28.30; Fri, 27 Apr 2018 03:28:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757922AbeD0K1K (ORCPT + 99 others); Fri, 27 Apr 2018 06:27:10 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:38098 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757810AbeD0K1I (ORCPT ); Fri, 27 Apr 2018 06:27:08 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 73DD515AD; Fri, 27 Apr 2018 03:27:08 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1C1893F487; Fri, 27 Apr 2018 03:27:05 -0700 (PDT) Date: Fri, 27 Apr 2018 11:27:03 +0100 From: Mark Rutland To: Catalin Marinas Cc: linux-arm-kernel@lists.infradead.org, linux-arch@vger.kernel.org, drjones@redhat.com, cdall@kernel.org, arnd@arndb.de, suzuki.poulose@arm.com, marc.zyngier@arm.com, awallis@codeaurora.org, kernel-hardening@lists.openwall.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, ramana.radhakrishnan@arm.com, kvmarm@lists.cs.columbia.edu Subject: Re: [PATCHv3 07/11] arm64: add basic pointer authentication support Message-ID: <20180427102703.7azck754cnjm232p@lakrids.cambridge.arm.com> References: <20180417183735.56985-1-mark.rutland@arm.com> <20180417183735.56985-8-mark.rutland@arm.com> <20180425112331.hke7afxnslyrwf3h@armageddon.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180425112331.hke7afxnslyrwf3h@armageddon.cambridge.arm.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 25, 2018 at 12:23:32PM +0100, Catalin Marinas wrote: > Hi Mark, > > On Tue, Apr 17, 2018 at 07:37:31PM +0100, Mark Rutland wrote: > > diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h > > index 39ec0b8a689e..caf0d3010112 100644 > > --- a/arch/arm64/include/asm/mmu_context.h > > +++ b/arch/arm64/include/asm/mmu_context.h > > @@ -29,7 +29,6 @@ > > #include > > #include > > #include > > -#include > > #include > > #include > > #include > > @@ -168,7 +167,14 @@ static inline void cpu_replace_ttbr1(pgd_t *pgdp) > > #define destroy_context(mm) do { } while(0) > > void check_and_switch_context(struct mm_struct *mm, unsigned int cpu); > > > > -#define init_new_context(tsk,mm) ({ atomic64_set(&(mm)->context.id, 0); 0; }) > > +static inline int init_new_context(struct task_struct *tsk, > > + struct mm_struct *mm) > > +{ > > + atomic64_set(&mm->context.id, 0); > > + mm_ctx_ptrauth_init(&mm->context); > > + > > + return 0; > > +} > > > > #ifdef CONFIG_ARM64_SW_TTBR0_PAN > > static inline void update_saved_ttbr0(struct task_struct *tsk, > > @@ -216,6 +222,8 @@ static inline void __switch_mm(struct mm_struct *next) > > return; > > } > > > > + mm_ctx_ptrauth_switch(&next->context); > > + > > check_and_switch_context(next, cpu); > > } > > > > @@ -241,6 +249,19 @@ switch_mm(struct mm_struct *prev, struct mm_struct *next, > > void verify_cpu_asid_bits(void); > > void post_ttbr_update_workaround(void); > > > > +static inline void arch_dup_mmap(struct mm_struct *oldmm, > > + struct mm_struct *mm) > > +{ > > + mm_ctx_ptrauth_dup(&oldmm->context, &mm->context); > > +} > > +#define arch_dup_mmap arch_dup_mmap > > IIUC, we could skip the arch_dup_mmap() and init_new_context() here for > the fork() case since the ptrauth_keys would be copied as part of the > dup_mm(). If we can hook into the exec*() path to init the keys, then I agree we can do this... > There is another situation where init_new_context() is called > bprm_mm_init() -> mm_alloc() -> mm_init() -> init_new_context(). > However, in this case the core code also calls arch_bprm_mm_init(). So I > think we only need to update the latter to get a new random key. ... and this seems to be the right place to do it, so I'll have a go. > > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h > > new file mode 100644 > > index 000000000000..a2e8fb91fdee > > --- /dev/null > > +++ b/arch/arm64/include/asm/pointer_auth.h > > @@ -0,0 +1,89 @@ > > +/* > > + * Copyright (C) 2016 ARM Ltd. > > + * > > + * This program is free software; you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License version 2 as > > + * published by the Free Software Foundation. > > + * > > + * This program is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with this program. If not, see . > > + */ > > Nitpick: 2018. You could also use the SPDX header, save some lines. Sure, I'll replace this with a SPDX GPL-2.0 line. Thanks, Mark.