From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27194C433B4 for ; Thu, 20 May 2021 15:19:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EE08760FE7 for ; Thu, 20 May 2021 15:19:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243761AbhETPUn (ORCPT ); Thu, 20 May 2021 11:20:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231298AbhETPUm (ORCPT ); Thu, 20 May 2021 11:20:42 -0400 Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0EDA3C061574 for ; Thu, 20 May 2021 08:19:20 -0700 (PDT) Received: by mail-io1-xd33.google.com with SMTP id k132so3363342iof.4 for ; Thu, 20 May 2021 08:19:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gp4zK5F2YjtgwGkVne9PjTqCbpKTKbtlpIMPojGX78E=; b=jxiIg/X8eeGT0fxle+nAvWqUrzDTkM4OMKMHiBuXd3gTNNdIRFHo0W1oWw9eFYzDdo CawCNgJtcrAaq33LtKjLLlavJRSAMmo0q4HfPO+PizyisIBxov3xNupNT2DV1+z38lEb q4dG6qNgQeUhj1XdCcmEhpn5Mq8lfBKpvmIQV86lIGyOFu+GBfwnhd6H49XDP0ZirMzI 8CiSeV2hj3UM30FDLUbHnSrLdL8uogFDoohqmlGoMndE9ENHuPttzaMKql4c9R3+AbBo 1LwK6uaMjlRXg9XsvrTk9YtqcY1Ijxrhw/aaC+6EgrSD2KNmqRP3llqM8Zna9Bnlsvf3 viYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gp4zK5F2YjtgwGkVne9PjTqCbpKTKbtlpIMPojGX78E=; b=C1+hVLaf2R1gpu8VOKfdglRWa58+ldT+x5hkY7kDfCCwqp+YWQG1sw540pnQsEMRnN STAB66WG2sDR812jMVDNLmjpZJvhY9seETfSKizrpCCtn+fV+YZIM2zlAzLxr/XSAHLw kkxcdCobEhJRjhtb8vbAV0ZQdYVplyB2GCcMbYKdaSu7YJ61dB5Wb6GPfSfSuhHzroab tz8am0BtfCOtcTQpDt/mugcO/jXCwW3ZUMMF2OnYYclX5YsAlsDF/FXrlBeAQhUMJ15S Ma8y/DXNx2nmqzSToIALqK+cL3HEl+vOaw7Y9HsuoeY4IfAV8Aw7GotX1cqOWNAy9Fts U2/Q== X-Gm-Message-State: AOAM5316KwaXT02EhgH/GY3GE4h1C6ZrVoH7lNVmyrpj0OVCd4/aBJyP iCei85qGn4vsMyiXgPNfN4M= X-Google-Smtp-Source: ABdhPJzd/GIEWPYhCBDP28KgS4r3aRlx2GrfhtLxDPMW0Xz/EVLshHxnZV2UnA4rIQXxC2p18t96XQ== X-Received: by 2002:a5d:81c9:: with SMTP id t9mr6347913iol.45.1621523959364; Thu, 20 May 2021 08:19:19 -0700 (PDT) Received: from edi.home.geth (69-174-157-26.symrinaa.metronetinc.net. [69.174.157.26]) by smtp.gmail.com with ESMTPSA id t14sm3410014iob.36.2021.05.20.08.19.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 May 2021 08:19:19 -0700 (PDT) From: Derrick McKee To: derrick.mckee@gmail.com Cc: Nathan.Burow@ll.mit.edu, Yianni Giannaris , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] Ensure kernel AI key is not changed on fork Date: Thu, 20 May 2021 11:18:54 -0400 Message-Id: <20210520151854.3632129-1-derrick.mckee@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210430150438.GA57205@C02TD0UTHF1T.local> References: <20210430150438.GA57205@C02TD0UTHF1T.local> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The kernel uses the IA key for PAC signing, and this key should remain unchanged from the kernel point of view. This patch ensures that the IA key remains constant on fork, if it has been previously set. The software is provided on an as-is basis. Signed-off-by: Derrick McKee Signed-off-by: Yianni Giannaris --- arch/arm64/include/asm/pointer_auth.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index d50416be99be..9748413e72fd 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) ptrauth_keys_install_user(keys); } -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) +static __always_inline void +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) { - if (system_supports_address_auth()) - get_random_bytes(&keys->apia, sizeof(keys->apia)); + if (keys->apia.lo == 0 && keys->apia.hi == 0) { + if (system_supports_address_auth()) + get_random_bytes(&keys->apia, sizeof(keys->apia)); + } } static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys) -- 2.31.1 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB0A1C433ED for ; Thu, 20 May 2021 15:21:07 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 335036023E for ; Thu, 20 May 2021 15:21:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 335036023E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=CTsaHVscbnQMG8QRhH+vQQp49ogLCrWXfWg0rb5tIgo=; b=rda/TExVhg9EyPiQM+AxyU1YIi bY+PxfBFumdSnCuaXZwA1Y9waivTykiuJcHkH2zRAeUfwgwXrIHqOD/6Djl5fubhjJ2UZj8lSpCu3 G11Y+eGxrY/ZP7B1fAx8IW5zzOl0o8zvTo02RAnngQ1kcUAcxtGhhTUIcf1CmDv+79tXUfQowhGvW b7lc4WMAuqf/+qDRTLhz5GYrBY5SbjyTH7PKluIo5Zp+pvLIfnNev9UeBAKfXYBxhl8q5YQ6pvRLo yIsvcM9p5Bx+P7xxpux5qQ3dJtvhHWQYpl2TEBXmX0N87UkfTaY6KX1APrEUJPkue42AsPD8GeYpv 5Na0QR+w==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ljkSL-001eM4-WB; Thu, 20 May 2021 15:19:26 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ljkSJ-001eLu-Op for linux-arm-kernel@desiato.infradead.org; Thu, 20 May 2021 15:19:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=gp4zK5F2YjtgwGkVne9PjTqCbpKTKbtlpIMPojGX78E=; b=n316KNDh6QZVifobpLsgT/BufI y35UJEcHyZyH4lzM6uTKZ56RND036MuVvUtiUHcJAMw1qKM5+wB0IJkwYNRPeQNKRwuzziwNTVEtz OGgBza2oU38JTMV05y2kxDpzF2nCTzmUgzf0voFIeI9fjy1uOcbKUYVpWdZjABd32g53yjI0yX2NT VzDJWrNUhnH56nkMIPJMdcgDP46SbmIMlzcJ/YWSdZMl6Z+7A19piuluFaCFRgEhjaIehRr3oHhTd cR6X+XTpVKUGa3PWkPipORIzrKkIjMXbgdlFIN1xDObQLKQiaXhnAIIg6YNtxoCqOw/hBGQb7U0+F yX0cLxHA==; Received: from mail-io1-xd30.google.com ([2607:f8b0:4864:20::d30]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ljkSH-00GSYj-90 for linux-arm-kernel@lists.infradead.org; Thu, 20 May 2021 15:19:22 +0000 Received: by mail-io1-xd30.google.com with SMTP id p8so16901935iol.11 for ; Thu, 20 May 2021 08:19:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gp4zK5F2YjtgwGkVne9PjTqCbpKTKbtlpIMPojGX78E=; b=jxiIg/X8eeGT0fxle+nAvWqUrzDTkM4OMKMHiBuXd3gTNNdIRFHo0W1oWw9eFYzDdo CawCNgJtcrAaq33LtKjLLlavJRSAMmo0q4HfPO+PizyisIBxov3xNupNT2DV1+z38lEb q4dG6qNgQeUhj1XdCcmEhpn5Mq8lfBKpvmIQV86lIGyOFu+GBfwnhd6H49XDP0ZirMzI 8CiSeV2hj3UM30FDLUbHnSrLdL8uogFDoohqmlGoMndE9ENHuPttzaMKql4c9R3+AbBo 1LwK6uaMjlRXg9XsvrTk9YtqcY1Ijxrhw/aaC+6EgrSD2KNmqRP3llqM8Zna9Bnlsvf3 viYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gp4zK5F2YjtgwGkVne9PjTqCbpKTKbtlpIMPojGX78E=; b=n+4Q2GK0NN1v4ohRaB14PgTnA5sLDcA38V4HK5MoTmeMwfQ2qtDbn6E5TYXiXifvcS Dn5CJ6pmblH5jcDyVWTxGVvW96N924Qn3Ax91lVJm8X7kAaDoJluwEUVlIza1XERlLwa Qi2/1r0rjvvcpVszZdTroUnMwRyntuJzPHjSRDAnS8lgZdTWKM6TkQBY0NfQkkSu2T3K AMMDx7046/Emfi9/M0/4hMjoH04R2dU6QQnblmcRtAt7291Ft9eOsFYjIkDCJJ2QNvR6 c6eKSqdC+W2GWV1Wqzrhs2l9HGvvlH6uHZQ5pghD7KlMOdhMM99JOlieLddTe7aj3gqk QJLg== X-Gm-Message-State: AOAM5326vc++lU3yva0Z9dk0EPBCSg9XCBll7tVCwJJmID154AaE5BwJ 2ThqKzD9N6vKSdlJuLTvENo= X-Google-Smtp-Source: ABdhPJzd/GIEWPYhCBDP28KgS4r3aRlx2GrfhtLxDPMW0Xz/EVLshHxnZV2UnA4rIQXxC2p18t96XQ== X-Received: by 2002:a5d:81c9:: with SMTP id t9mr6347913iol.45.1621523959364; Thu, 20 May 2021 08:19:19 -0700 (PDT) Received: from edi.home.geth (69-174-157-26.symrinaa.metronetinc.net. [69.174.157.26]) by smtp.gmail.com with ESMTPSA id t14sm3410014iob.36.2021.05.20.08.19.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 May 2021 08:19:19 -0700 (PDT) From: Derrick McKee To: derrick.mckee@gmail.com Cc: Nathan.Burow@ll.mit.edu, Yianni Giannaris , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH] Ensure kernel AI key is not changed on fork Date: Thu, 20 May 2021 11:18:54 -0400 Message-Id: <20210520151854.3632129-1-derrick.mckee@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210430150438.GA57205@C02TD0UTHF1T.local> References: <20210430150438.GA57205@C02TD0UTHF1T.local> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210520_081921_335739_5121E2FD X-CRM114-Status: GOOD ( 14.44 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The kernel uses the IA key for PAC signing, and this key should remain unchanged from the kernel point of view. This patch ensures that the IA key remains constant on fork, if it has been previously set. The software is provided on an as-is basis. Signed-off-by: Derrick McKee Signed-off-by: Yianni Giannaris --- arch/arm64/include/asm/pointer_auth.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index d50416be99be..9748413e72fd 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) ptrauth_keys_install_user(keys); } -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) +static __always_inline void +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) { - if (system_supports_address_auth()) - get_random_bytes(&keys->apia, sizeof(keys->apia)); + if (keys->apia.lo == 0 && keys->apia.hi == 0) { + if (system_supports_address_auth()) + get_random_bytes(&keys->apia, sizeof(keys->apia)); + } } static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys) -- 2.31.1 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel