Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3691352imu; Mon, 10 Dec 2018 06:24:40 -0800 (PST) X-Google-Smtp-Source: AFSGD/VTlwZ8NQ22AfXEL8NEvALk0uREAJrfjZMlmLnix6fm+hl5Oovo0mMA5HvlVQnB+Ah2P0gs X-Received: by 2002:a62:5182:: with SMTP id f124mr12658940pfb.238.1544451880002; Mon, 10 Dec 2018 06:24:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544451879; cv=none; d=google.com; s=arc-20160816; b=YXS16avcVaC17QiPF0mKQGR5T5mm+oCLf5Vx6mE5X58p9jmIhav2+j1lxg4BfiLlNo 2SrHa+ugFXwlysYNYTn0ZTrmu+NKVSUX6iU9mGIr5E0IrQci0q+U2r7WIMgt5ZO1OqpJ 194OQDsZwYkcx5wgErD0l37kVQCWMMnglswh1qAV5Qs/3NfTLIy8C30KXfkhtj93Hgdg i0fASogP0vDNqbTVp/xN9JAT1IhCtzJR5z4xQ5kFGKllpucIROr/P8Am66xOy0vsxufG eCqN6uc6mwaZvLtwz/f4hymJ0nf4KKqtG9ch2XLtkFFKrPV9pBUhWuktMi4kFkrod8G9 fvWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:openpgp:from:references:cc:to:subject:dkim-signature; bh=l4J1rNwiRfY2atde+pNuC/RCOGv0XvhLnWyTfm8Kx6o=; b=izKMIDAeWKaVMxKBIoNq2nsa9LdeMZuapxq2TKn1e2QbR/uDtNRCQxcJAAFSd4G/oZ 7z9/3ak5/skz7T1B2u4CzpjLdTQSVzA6Z+7U1gj2Vf4vsjJJM0Ikft4QUt729GqBrCpg llLAt2mMz7f9iFKKsQwBk7RdO0SzJh16TwD8NNYaMpS6LWYdAfaEY41stawAOZXuxc83 +PTgNJyuiiLWBHCD2x77kkZctPbOmHtTILL+fk5Y8ASGItuT10777yv4p/IICNDDyDli jF1bgy4Q7MDW/a16bhppvDsLhGgfTaceTf9fBK17sCF4GNWr6HDEAJnBJGgqQ3xJ58Q5 4xfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VDjkM5O3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c22si9120469pgb.254.2018.12.10.06.24.24; Mon, 10 Dec 2018 06:24:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=VDjkM5O3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727778AbeLJOWM (ORCPT + 99 others); Mon, 10 Dec 2018 09:22:12 -0500 Received: from mail-ot1-f66.google.com ([209.85.210.66]:34121 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727580AbeLJOWL (ORCPT ); Mon, 10 Dec 2018 09:22:11 -0500 Received: by mail-ot1-f66.google.com with SMTP id t5so10555331otk.1 for ; Mon, 10 Dec 2018 06:22:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=subject:to:cc:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=l4J1rNwiRfY2atde+pNuC/RCOGv0XvhLnWyTfm8Kx6o=; b=VDjkM5O3nKtNwOdTGGUS50kGy2mre1CwAriJZw6w4tTFULajmo+DAhviWwa3j2iEeC YFLl5Gj8YWvO11HgjsUWNxj4CiYs1DdLIL2E4MfwOM8aves3WvSvskmEg2YRa+37Ka0w N/e2zcfBU0oYLp/ab2e/P0CXfJr7KwVBtrF8s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=l4J1rNwiRfY2atde+pNuC/RCOGv0XvhLnWyTfm8Kx6o=; b=rI0+ngyBM5lQ5tEn4+O38km072zrAdHZhaOacHFPPaHPp+p8RFgQ9daJnSdyjYeBPI i0Wx8cdbIKepYfLMSTqwPGvVR0ND4FWA125JA2FYdQNEmy5C425A86bQyVfewDV6fITH 7Y2oUnivUDiUYmUaPxLElchAakAEMT51EyEuSRCoxKcVY67RFp/rzteGAjzrIzZyiRv2 NevnlcLl+pYjrGMv387EsGkHs3QIwEQuKZ3DeVV8jRy9FI0AXNA2IZkmBQ/ZdOz7LVnD 4piSseFWvoDSONVQWyEi2rjLheWnQ2ocWfASoXHHJMUwrwphaIoLzhR3vSLev0SJgaSG uJzw== X-Gm-Message-State: AA+aEWb6XgsOgDekA3/vxpaYmnKQWfR3IGwG52DtsRdGYboGFP052cBr GyuPSo+YKJKaPCE1nbYiUHiesQoWRWpN4Q== X-Received: by 2002:a9d:42c:: with SMTP id 41mr9300029otc.41.1544451730481; Mon, 10 Dec 2018 06:22:10 -0800 (PST) Received: from cloudburst.twiddle.net ([187.217.227.243]) by smtp.gmail.com with ESMTPSA id m2sm9077478otp.34.2018.12.10.06.22.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Dec 2018 06:22:09 -0800 (PST) Subject: Re: [PATCH v6 08/13] arm64: expose user PAC bit positions via ptrace To: Catalin Marinas Cc: Kristina Martsenko , linux-arm-kernel@lists.infradead.org, Mark Rutland , Andrew Jones , Jacob Bramley , Ard Biesheuvel , Marc Zyngier , Adam Wallis , Suzuki K Poulose , Will Deacon , Christoffer Dall , kvmarm@lists.cs.columbia.edu, Cyrill Gorcunov , Ramana Radhakrishnan , Amit Kachhap , Dave P Martin , linux-kernel@vger.kernel.org, Kees Cook , Steve Capper References: <20181207183931.4285-1-kristina.martsenko@arm.com> <20181207183931.4285-9-kristina.martsenko@arm.com> <20181210120330.GB4048@arrakis.emea.arm.com> From: Richard Henderson Openpgp: preference=signencrypt Message-ID: Date: Mon, 10 Dec 2018 08:22:06 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: <20181210120330.GB4048@arrakis.emea.arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/10/18 6:03 AM, Catalin Marinas wrote: >> However, it won't be too long before someone implements support for >> ARMv8.2-LVA, at which point, without changes to mandatory pointer tagging, we >> will only have 3 authentication bits: [54:52]. This seems useless and easily >> brute-force-able. > > Such support is already here (about to be queued): > > https://lore.kernel.org/linux-arm-kernel/20181206225042.11548-1-steve.capper@arm.com/ Thanks for the pointer. >> Unfortunately, there is no obvious path to making this optional that does not >> break compatibility with Documentation/arm64/tagged-pointers.txt. > > There is also the ARMv8.5 MTE (memory tagging) which relies on tagged > pointers. So it does. I hadn't read through that extension completely before. > An alternative would be to allow the opt-in to 52-bit VA, leaving it at > 48-bit by default. However, it has the problem of changing the PAC size > and not being able to return. Perhaps the opt-in should be at exec time, with ELF flags (or equivalent) on the application. Because, as you say, changing the shape of the PAC in the middle of execution is in general not possible. It isn't perfect, since old kernels won't fail to exec an application setting flags that can't be supported. And it requires tooling changes. r~