Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3334141imm; Fri, 19 Oct 2018 08:56:16 -0700 (PDT) X-Google-Smtp-Source: ACcGV61SykqUyIJuxrt9mWtCjpPl3Rwf14sBwAoXBeqoZerjXXotnT+Olddk94Y85epmT4WXImJ8 X-Received: by 2002:a63:dc14:: with SMTP id s20-v6mr33422045pgg.398.1539964576122; Fri, 19 Oct 2018 08:56:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539964576; cv=none; d=google.com; s=arc-20160816; b=O5L8fckkYmnRvLh5+uf/40AbF+DUaKrqEdg3TQzUsioNBDXTs0O2UvZKpIUhKfPB1d ByY/1VN29ljGNwS7INNx68iukGnCOcHjPh5THZETBuwvc6FC1oB+z3RGG4MBpHdpT22V j2B0FxiB5vgbmIHKz6v+aZkwVsOuJGnSGo4p25MvoulH/BHlZ51VFt2k5QA7yS+M6Kg+ i2dqvaX1GF66oHGefIJ+ql5mmFwBVncE5WfR9wDbztfXA/ED9LJmD7ClcUCFapfFxqzS 7UctpI31Quo1Y7m7vV+uOrvoYx9NpaafuO4ggt/XQixl+8od7ELB3u9xsQAuO0fnrJE7 8gjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=lB25CpKeQKezJj76vFD0zZMxVS1OYxFxcnHPoAlkLQk=; b=RFEjqv12bUV+sMuoOUt8pH8gIh/4+wQZ9PN919cMSSjIuErpkcB3Zh+O2VPbPoYQWX 3two2kvBBTUbn5uhZLLSMg7wRK1xkB2xxGX3AF6XOPw5h3DUkGahkB95WaRx7+kjHsM8 JydigmBuzW/uLqI9nWKUargu4OSGxNlY6ysJ8C2jpt6e3w15eA1WQgW447QW4uBWpUxI 5YrT646vgcFj8c+CUTJTlvJgFOp7ZgjV5zwpjWqvvtYBwo2hBoGcNPx9nw+QqtJgQPfa vY/5xtvS6w7xs59SyZ2AsyTLX6hu1cfo3Gy8fenOtUp8sCDOWxmsdTrI2w0IBTcUoQ7h djtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j12-v6si24447040pgj.489.2018.10.19.08.56.01; Fri, 19 Oct 2018 08:56:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727768AbeJTABA (ORCPT + 99 others); Fri, 19 Oct 2018 20:01:00 -0400 Received: from foss.arm.com ([217.140.101.70]:55350 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727042AbeJTABA (ORCPT ); Fri, 19 Oct 2018 20:01:00 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 05BD680D; Fri, 19 Oct 2018 08:54:19 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C20533F71A; Fri, 19 Oct 2018 08:54:15 -0700 (PDT) Date: Fri, 19 Oct 2018 16:54:10 +0100 From: Mark Rutland To: Kees Cook Cc: Will Deacon , Catalin Marinas , Kristina Martsenko , linux-arm-kernel , linux-arch , Andrew Jones , Jacob Bramley , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Adam Wallis , "Suzuki K . Poulose" , Christoffer Dall , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , Amit Kachhap , Dave P Martin , LKML , Cyrill Gorcunov Subject: Re: [PATCH v5 07/17] arm64: add basic pointer authentication support Message-ID: <20181019155410.wsbmhluq4xqcyty2@lakrids.cambridge.arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> <20181005084754.20950-8-kristina.martsenko@arm.com> <20181019111542.6wrvjguirglzg7vg@mbp> <20181019112404.GD14246@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 19, 2018 at 08:36:45AM -0700, Kees Cook wrote: > On Fri, Oct 19, 2018 at 4:24 AM, Will Deacon wrote: > > Assuming we want this (Kees -- I was under the impression that everything in > > Android would end up with the same key otherwise?), then the question is > > do we want: > > > > - prctl() get/set operations for the key, or > > - prctl() set_random_key operation, or > > - both of the above? > > > > Part of the answer to that may lie in the requirements of CRIU, where I > > strongly suspect they need explicit get/set operations, although these > > could be gated on CONFIG_CHECKPOINT_RESTORE=y. > > Oh CRIU. Yikes. I'd like the get/set to be gated by the CONFIG, yes. > No reason to allow explicit access to the key (and selected algo) if > we don't have to. As a minor aside, the PAC algorithm (which can be IMPLEMENTATION DEFINED) is fixed in HW, and cannot be selected dynamically. Thus if a process is using pointer authentication, it would not be possible for CRIU to migrate that process to a CPU with a different PAC algorithm. Thanks, Mark.