linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Richard Henderson <richard.henderson@linaro.org>
To: Kristina Martsenko <kristina.martsenko@arm.com>,
	linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
	Andrew Jones <drjones@redhat.com>,
	Jacob Bramley <jacob.bramley@arm.com>,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Marc Zyngier <marc.zyngier@arm.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Adam Wallis <awallis@codeaurora.org>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Will Deacon <will.deacon@arm.com>,
	Christoffer Dall <christoffer.dall@arm.com>,
	kvmarm@lists.cs.columbia.edu,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
	Amit Kachhap <amit.kachhap@arm.com>,
	Dave P Martin <dave.martin@arm.com>,
	linux-kernel@vger.kernel.org, Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v6 08/13] arm64: expose user PAC bit positions via ptrace
Date: Sun, 9 Dec 2018 09:41:31 -0600	[thread overview]
Message-ID: <a31ca10a-ee1a-71fb-2c3d-a6184e12b543@linaro.org> (raw)
In-Reply-To: <20181207183931.4285-9-kristina.martsenko@arm.com>

On 12/7/18 12:39 PM, Kristina Martsenko wrote:
> When pointer authentication is in use, data/instruction pointers have a
> number of PAC bits inserted into them. The number and position of these
> bits depends on the configured TCR_ELx.TxSZ and whether tagging is
> enabled. ARMv8.3 allows tagging to differ for instruction and data
> pointers.

At this point I think it's worth starting a discussion about pointer tagging,
and how we can make it controllable and not mandatory.

With this patch set, we are enabling 7 authentication bits: [54:48].

However, it won't be too long before someone implements support for
ARMv8.2-LVA, at which point, without changes to mandatory pointer tagging, we
will only have 3 authentication bits: [54:52].  This seems useless and easily
brute-force-able.

I assume that pointer tagging is primarily used by Android, since I'm not aware
of anything else that uses it at all.

Unfortunately, there is no obvious path to making this optional that does not
break compatibility with Documentation/arm64/tagged-pointers.txt.

I've been thinking that there ought to be some sort of global setting, akin to
/proc/sys/kernel/randomize_va_space, as well as a prctl which an application
could use to selectively enable TBI/TBID for an application that actually uses
tagging.

The global /proc setting allows the default to remain 1, which would let any
application using tagging to continue working.  If there are none, the sysadmin
can set the default to 0.  Going forward, applications could be updated to use
the prctl, allowing more systems to set the default to 0.

FWIW, pointer authentication continues to work when enabling TBI, but not the
other way around.  Thus the prctl could be used to enable TBI at any point, but
if libc is built with PAuth, there's no way to turn it back off again.



r~

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  parent reply	other threads:[~2018-12-09 15:41 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-07 18:39 [PATCH v6 00/13] ARMv8.3 pointer authentication userspace support Kristina Martsenko
2018-12-07 18:39 ` [PATCH v6 01/13] arm64: add comments about EC exception levels Kristina Martsenko
2018-12-09 14:34   ` Richard Henderson
2018-12-07 18:39 ` [PATCH v6 02/13] arm64: add pointer authentication register bits Kristina Martsenko
2018-12-09 14:24   ` Richard Henderson
2018-12-10 19:54     ` Kristina Martsenko
2018-12-11 20:08       ` Will Deacon
2018-12-07 18:39 ` [PATCH v6 03/13] arm64/kvm: consistently handle host HCR_EL2 flags Kristina Martsenko
2018-12-08 10:31   ` Marc Zyngier
2018-12-09 14:35   ` Richard Henderson
2018-12-07 18:39 ` [PATCH v6 04/13] arm64/kvm: hide ptrauth from guests Kristina Martsenko
2018-12-08 10:32   ` Marc Zyngier
2018-12-09 14:53   ` Richard Henderson
2018-12-10 20:12     ` Kristina Martsenko
2018-12-10 20:22       ` Richard Henderson
2018-12-10 20:30         ` Kristina Martsenko
2018-12-19 15:21         ` Peter Maydell
2018-12-07 18:39 ` [PATCH v6 05/13] arm64: Don't trap host pointer auth use to EL2 Kristina Martsenko
2018-12-09 14:54   ` Richard Henderson
2018-12-07 18:39 ` [PATCH v6 06/13] arm64/cpufeature: detect pointer authentication Kristina Martsenko
2018-12-09 14:58   ` Richard Henderson
2018-12-07 18:39 ` [PATCH v6 07/13] arm64: add basic pointer authentication support Kristina Martsenko
2018-12-09 14:59   ` Richard Henderson
2019-01-03 20:29   ` Pavel Machek
2019-01-04  9:21     ` Marc Zyngier
2019-01-04  9:33       ` Pavel Machek
2019-01-04 18:02         ` Mark Rutland
2018-12-07 18:39 ` [PATCH v6 08/13] arm64: expose user PAC bit positions via ptrace Kristina Martsenko
2018-12-09 15:03   ` Richard Henderson
2018-12-09 15:41   ` Richard Henderson [this message]
2018-12-10 12:03     ` Catalin Marinas
2018-12-10 14:22       ` Richard Henderson
2018-12-10 14:29         ` Will Deacon
2018-12-10 16:09           ` Catalin Marinas
2018-12-07 18:39 ` [PATCH v6 09/13] arm64: perf: strip PAC when unwinding userspace Kristina Martsenko
2018-12-07 18:39 ` [PATCH v6 10/13] arm64: add prctl control for resetting ptrauth keys Kristina Martsenko
2018-12-12 15:22   ` Dave Martin
2018-12-07 18:39 ` [PATCH v6 11/13] arm64: add ptrace regsets for ptrauth key management Kristina Martsenko
2018-12-12 15:23   ` Dave Martin
2018-12-07 18:39 ` [PATCH v6 12/13] arm64: enable pointer authentication Kristina Martsenko
2018-12-07 18:39 ` [PATCH v6 13/13] arm64: docs: document " Kristina Martsenko
2018-12-12 19:35 ` [PATCH v6 00/13] ARMv8.3 pointer authentication userspace support Will Deacon
2018-12-13 18:01   ` Will Deacon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a31ca10a-ee1a-71fb-2c3d-a6184e12b543@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=amit.kachhap@arm.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=awallis@codeaurora.org \
    --cc=catalin.marinas@arm.com \
    --cc=christoffer.dall@arm.com \
    --cc=dave.martin@arm.com \
    --cc=drjones@redhat.com \
    --cc=gorcunov@gmail.com \
    --cc=jacob.bramley@arm.com \
    --cc=keescook@chromium.org \
    --cc=kristina.martsenko@arm.com \
    --cc=kvmarm@lists.cs.columbia.edu \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marc.zyngier@arm.com \
    --cc=mark.rutland@arm.com \
    --cc=ramana.radhakrishnan@arm.com \
    --cc=suzuki.poulose@arm.com \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).