Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3053588imm; Fri, 19 Oct 2018 04:26:00 -0700 (PDT) X-Google-Smtp-Source: ACcGV60Om/TSN+ZV+PcLh46tOjw02o2sKLceI7G7ROt/e1ottPb+NEteA5ItyVUsRrA8+EIBS6ag X-Received: by 2002:a62:1693:: with SMTP id 141-v6mr26128199pfw.183.1539948360385; Fri, 19 Oct 2018 04:26:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539948360; cv=none; d=google.com; s=arc-20160816; b=pRw03g2U1hlf6pea4NUqs2HHO8zeAJk82DmJzweCv8UM1QlQNcdNx7aeue9PehnEDS tlLKgkxiKNnzwZXkA/fdFJw9L/KYI19rgFUfgKPd6yX6e4TVUUjRE696j4Slp0kZDsMl RM38tj1r6X06td6jswzjCkMYriIHRyOKImChEHqf6IVLKvFJ2ifSb4EbXud6LuoPvgvh Fcs217Q2Yl3C7T7RwJYSQaRj7rUKZBxX3INBtI1uhSJmPLAEg37BXg5g4rfYuRkBd4kQ /ey/GBcHKxmzb7TsnDnrA8zb/gRaNwr9lU3mB6NlVq0R3W6uJmqZHCdzZQRxxtVJy/vl AaNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=y9h3GQE08Uapa/itj/6XqcSfk7tkQyAs9XS/P3qDRkM=; b=en9wa4bnDt4iJQDCNNWqNx4eDbu7DStGSOotjdI+d8qp7Ff5n3HgQo3WtLh42urH36 eo8RmAvn6z2+vRSy4mNc34wdxDapKd6pzD9caYj1VoYUY0yK45hvgg2N82a1v7HErULm JAQ3P6BONWf3MCT5JOUSN6iwL998jpkNQyE1l/4BuTAEUJRFmedNOfchuxGTtMVbwyoB i5HnxHfi29lOAmSpMKpoD6E16F4JkzXvgvuRAqRAT/t5vpeHvVSAz5ttiv1KeaP52ECE D7S9I+m7f5MRnDP83QkVXVRuimebdvxn5Wzo3xOBrEIhIrXVkGo0EgNbxPxr4qFacbO8 4wlQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bg12-v6si23398694plb.319.2018.10.19.04.25.44; Fri, 19 Oct 2018 04:26:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727336AbeJST3l (ORCPT + 99 others); Fri, 19 Oct 2018 15:29:41 -0400 Received: from foss.arm.com ([217.140.101.70]:50704 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726609AbeJST3k (ORCPT ); Fri, 19 Oct 2018 15:29:40 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DD3D280D; Fri, 19 Oct 2018 04:24:01 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AB89F3F71D; Fri, 19 Oct 2018 04:24:01 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id B44671AE06EF; Fri, 19 Oct 2018 12:24:04 +0100 (BST) Date: Fri, 19 Oct 2018 12:24:04 +0100 From: Will Deacon To: Catalin Marinas Cc: Kristina Martsenko , linux-arm-kernel@lists.infradead.org, Mark Rutland , linux-arch@vger.kernel.org, Andrew Jones , Jacob Bramley , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Adam Wallis , "Suzuki K . Poulose" , Christoffer Dall , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , Amit Kachhap , Dave P Martin , linux-kernel@vger.kernel.org, Kees Cook , gorcunov@openvz.org Subject: Re: [PATCH v5 07/17] arm64: add basic pointer authentication support Message-ID: <20181019112404.GD14246@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> <20181005084754.20950-8-kristina.martsenko@arm.com> <20181019111542.6wrvjguirglzg7vg@mbp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181019111542.6wrvjguirglzg7vg@mbp> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [+Cyrill Gorcunov for CRIU stuff] On Fri, Oct 19, 2018 at 12:15:43PM +0100, Catalin Marinas wrote: > On Fri, Oct 05, 2018 at 09:47:44AM +0100, Kristina Martsenko wrote: > > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h > > new file mode 100644 > > index 000000000000..2aefedc31d9e > > --- /dev/null > > +++ b/arch/arm64/include/asm/pointer_auth.h > > @@ -0,0 +1,63 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +#ifndef __ASM_POINTER_AUTH_H > > +#define __ASM_POINTER_AUTH_H > > + > > +#include > > + > > +#include > > +#include > > + > > +#ifdef CONFIG_ARM64_PTR_AUTH > > +/* > > + * Each key is a 128-bit quantity which is split across a pair of 64-bit > > + * registers (Lo and Hi). > > + */ > > +struct ptrauth_key { > > + unsigned long lo, hi; > > +}; > > + > > +/* > > + * We give each process its own instruction A key (APIAKey), which is shared by > > + * all threads. This is inherited upon fork(), and reinitialised upon exec*(). > > + * All other keys are currently unused, with APIBKey, APDAKey, and APBAKey > > + * instructions behaving as NOPs. > > + */ > > I don't remember the past discussions but I assume the tools guys are ok > with a single key shared by multiple threads. Ramana, could you ack this > part, FTR? > > (and it would help if someone from the Android and Chrome camps can > confirm) FWIW: I think we should be entertaining a prctl() interface to use a new key on a per-thread basis. Obviously, this would need to be used with care (e.g. you'd fork(); use the prctl() and then you'd better not return from the calling function!). Assuming we want this (Kees -- I was under the impression that everything in Android would end up with the same key otherwise?), then the question is do we want: - prctl() get/set operations for the key, or - prctl() set_random_key operation, or - both of the above? Part of the answer to that may lie in the requirements of CRIU, where I strongly suspect they need explicit get/set operations, although these could be gated on CONFIG_CHECKPOINT_RESTORE=y. Will