Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp435742pxk;
        Thu, 3 Sep 2020 03:52:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJztV5PCn0lanqP8YZKpe6Tdaz27wYI+I05sj72rmRSjUYGzVN0h4Gojxo3V7caElEok/MOI
X-Received: by 2002:a17:906:813:: with SMTP id e19mr1439296ejd.101.1599130352099;
        Thu, 03 Sep 2020 03:52:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1599130352; cv=none;
        d=google.com; s=arc-20160816;
        b=HCcf/OzQ9ZPRxwhKiyE/6XTIHn81fU24i2zlonWAOAFwk/IFa6e3LCQFUQGGmq0Aq/
         2CZ9tcORLhz0AjRT3tJc6hiiHc/c8CmiJhh5CR+K+AfX8SVWPSPBoWxFEwvjQyZSvFUG
         FY7hb8vCwHJkUQTFdCaQRz8Ta6pGrC1uGCNNG6GMoDfy/+sgEKeau4syx6PLegL9qaOt
         MWjbhoOpPGX7CLSJYA7QvS3oi6M86X889+/jy1VVCMeghdDRkMngR/PnMhio76s4Kf4W
         maGaZtvOK8Nhgw5Xpwnd7SzCFNoosUQp5UzYYrR3RnLwOnWJe7vVt2iVRkOyNCXpsmWc
         Xb0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=f7JTHLcngBmlhteMIet5/OoIM8XPPalV2Omf1NhVBY8=;
        b=bZPJmobB0KdyONZ7JADIlSGh/MT0yKv+QhK+1si7/DUK9I6I8MlkQX3Ra/OUEUUN++
         cg9mFhFiJR6BIsgsUSyHK0eEB8FT9UAzPWoTOe+uMPssq+nKOMf84pk/XjXH1yAy75wf
         5dRY2Y3EaI4u5G/PTGXlJs37eK0bo+TMAeIR7VHmhah4UGhB1aIwW8PHfgzTUGxMlNR0
         PKaBoBDpdUMN+UHQycns2PlKbbIOyNw7Pya3jjMp0eS3hKAGQ0fy/YujiA+1c/HMPVNO
         8RszoTEYZOeXbf6BkeB9hPN/zGpxYyKSinQghO7w9K9UA3CI3vdGMIGr/3E3F5NzDVZY
         bJ9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l21si1368014edq.277.2020.09.03.03.52.01;
        Thu, 03 Sep 2020 03:52:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726543AbgICKsz (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Thu, 3 Sep 2020 06:48:55 -0400
Received: from foss.arm.com ([217.140.110.172]:58772 "EHLO foss.arm.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725984AbgICKsm (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 3 Sep 2020 06:48:42 -0400
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
        by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 10C40101E;
        Thu,  3 Sep 2020 03:48:42 -0700 (PDT)
Received: from [10.57.7.89] (unknown [10.57.7.89])
        by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C2F5C3F66F;
        Thu,  3 Sep 2020 03:48:39 -0700 (PDT)
Subject: Re: [PATCH v2 3/4] kselftests/arm64: add PAuth test for whether
 exec() changes keys
To:     Dave Martin <Dave.Martin@arm.com>
Cc:     linux-arm-kernel@lists.infradead.org,
        linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
        Will Deacon <will@kernel.org>, boian4o1@gmail.com,
        Catalin Marinas <catalin.marinas@arm.com>,
        amit.kachhap@arm.com, vincenzo.frascino@arm.com,
        Shuah Khan <shuah@kernel.org>
References: <20200831110450.30188-1-boyan.karatotev@arm.com>
 <20200831110450.30188-4-boyan.karatotev@arm.com>
 <20200902170854.GK6642@arm.com>
From:   Boyan Karatotev <boyan.karatotev@arm.com>
Message-ID: <926691e4-1990-207e-bcb9-40ab6d3b0fa0@arm.com>
Date:   Thu, 3 Sep 2020 11:48:37 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20200902170854.GK6642@arm.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 02/09/2020 18:08, Dave Martin wrote:
> On Mon, Aug 31, 2020 at 12:04:49PM +0100, Boyan Karatotev wrote:
>> +/*
>> + * fork() does not change keys. Only exec() does so call a worker program.
>> + * Its only job is to sign a value and report back the resutls
>> + */
>> +TEST(exec_unique_keys)
>> +{
> 
> The kernel doesn't guarantee that keys are unique.
> 
> Can we present all the "unique keys" wording differently, say
> 
> 	exec_key_collision_likely()

I agree that this test's name is a bit out of place. I would rather have
it named "exec_changed_keys" though.

> Otherwise people might infer from this test code that the keys are
> supposed to be truly unique and start reporting bugs on the kernel.
> 
> I can't see an obvious security argument for unique keys (rather, the
> keys just need to be "unique enough".  That's the job of
> get_random_bytes().)

The "exec_unique_keys" test only checks that the keys changed after an
exec() which I think the name change would reflect.

The thing with the "single_thread_unique_keys" test is that the kernel
says the the keys will be random. Yes, there is no uniqueness guarantee
but I'm not sure how to phrase it differently. There is some minuscule
chance that the keys end up the same, but for this test I pretend this
will not happen. Would changing up the comments and the failure message
communicate this? Maybe substitute "unique" for "different" and say how
many keys clashed?

-- 
Regards,
Boyan