From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5FBFC433B4 for ; Thu, 20 May 2021 18:24:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A3E49611AE for ; Thu, 20 May 2021 18:24:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234774AbhETSZk (ORCPT ); Thu, 20 May 2021 14:25:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231546AbhETSZj (ORCPT ); Thu, 20 May 2021 14:25:39 -0400 Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E66FC061574 for ; Thu, 20 May 2021 11:24:17 -0700 (PDT) Received: by mail-qt1-x82e.google.com with SMTP id c10so13474949qtx.10 for ; Thu, 20 May 2021 11:24:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1s5Dsz7vse2deNA6SMMU0kbqW1ES7IG9klI1lUdnBBg=; b=du0uGiNN2aHIPskO4+egQDuFjF5ZSMIfrhxJ+iadWI9R296iYrT38J52IC2ujD5NdY h+vjjfif5YPHTpE3DTMzDGW2QCGbAzAObnnGomtCi0UlrOFGj236Kfa1Wg5b1YmEKT3T 2iNv31ww8xbEL3g/qzTDJ8TOgdo4VQNpQiyrHzPyVumdX/8zw3iMjMbXaO8LRSicsjud XYaSIty6Bc8gh4J9JMH1T3DBUloVYJ0i+mOEnA1075zWs2W0UusWppqhoMlon4GKTLlm CvK/wTiTRHy6LHPE+SEqvCtI3ZkW5jauwebD8pSR5hPZ4MLo/Izc3MT6g87+h5GrQxT8 EasQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1s5Dsz7vse2deNA6SMMU0kbqW1ES7IG9klI1lUdnBBg=; b=jCNY58rv2WFPAHVP2aweEOI0UNVCURq9PlmAx854bmsak8m1boxu1b1xB43oZIgzR8 7bHqTZorjIPp3uYnkGZjp5o6Pa6PByeUaePszUlj6AJERrG697h6Ck9Kv1rNiBFz6iMV xp98y1IWH7/yvbp08hE6wY9YR2Bry2ex6h3NmZqpt823hSdQbcdOp1OkpNA+8xocP9Qn xVFgGUGrlXakigq0jCxdW5o90TyQQpcSSPDjKG3K962XrsUWDHokyo+w7GfQ9kCI1d6p zlfY6zCA66S7XyufilNhL/DL5uaEmD1r5HiyX3rjVjIDBURO0LusRNauftPw5RKXguVc +L/g== X-Gm-Message-State: AOAM531qJ2V+8v7Lr/lbvjipD/XUkHc41xVrtXLA/wGUL6/5c70Z690/ t/U2a9aH4t9VqFKqyAN5a/5vA0Gpb5BWUPeMolgxtybB9sQEBA== X-Google-Smtp-Source: ABdhPJzQIqydEluuiZ+gsCfR8EoFruiir97R4iNWc7F9aFJDAu0Uymbr2sq3UpFFgzWq0x40zB+qmsHAP9fwKKABJwk= X-Received: by 2002:aed:3169:: with SMTP id 96mr6689774qtg.164.1621535056348; Thu, 20 May 2021 11:24:16 -0700 (PDT) MIME-Version: 1.0 References: <20210430150438.GA57205@C02TD0UTHF1T.local> <20210520151854.3632129-1-derrick.mckee@gmail.com> <20210520160035.GP17233@C02TD0UTHF1T.local> In-Reply-To: <20210520160035.GP17233@C02TD0UTHF1T.local> From: Derrick McKee Date: Thu, 20 May 2021 14:24:04 -0400 Message-ID: Subject: Re: [PATCH] Ensure kernel AI key is not changed on fork To: Mark Rutland Cc: Nathan Harrison Burow , Yianni Giannaris , Catalin Marinas , Will Deacon , Linux ARM , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 20, 2021 at 12:00 PM Mark Rutland wrote: > On the kernel side, we use a unique IA key per kernel thread, and while > this must remain the same *for that kernel thread*, the kernel IA key > should differ across kernel threads when a fork() occurs. Thank you for the clarification. > I think you're trying to use the keys in a different way than upstream > intends to, and we do not need this change as-is. > > So NAK to this patch as it stands. Given the above discussion, I agree with the NAK. > > > --- > > arch/arm64/include/asm/pointer_auth.h | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h > > index d50416be99be..9748413e72fd 100644 > > --- a/arch/arm64/include/asm/pointer_auth.h > > +++ b/arch/arm64/include/asm/pointer_auth.h > > @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) > > ptrauth_keys_install_user(keys); > > } > > > > -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) > > +static __always_inline void > > +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) > > { > > - if (system_supports_address_auth()) > > - get_random_bytes(&keys->apia, sizeof(keys->apia)); > > + if (keys->apia.lo == 0 && keys->apia.hi == 0) { > > + if (system_supports_address_auth()) > > + get_random_bytes(&keys->apia, sizeof(keys->apia)); > > + } > > } > > > > static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys) > > -- > > 2.31.1 > > -- Derrick McKee Phone: (703) 957-9362 Email: derrick.mckee@gmail.com From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9227C433B4 for ; Thu, 20 May 2021 18:26:13 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4946361001 for ; Thu, 20 May 2021 18:26:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4946361001 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Z3xON4strynhsz1kQqmx3z6ewkadbLY3JaxCXUtqdLI=; b=L07pjooqHdpvopTnUv/KrpAdxC LxGlqC13zEu3O1YgaTLxIk8X5BerCevbXwCr6woB+D9KZCkmlBF4eOhRbgKicDqjl5R6aFlxfgyYt OzISucza6wazbINwqIOqP/0LgYRTOk6VZvXYj4PsQl6IteX/9Zx4Lsczik/gMPHTbRDF8QJ0zPss+ qUKx3dLmjX/CKp1REh5M/mVRI+iDdISLBFZRcKhk+dHdaZVhrMNQ1AoUidiiPJOWZBj15fW55OgPE YRzHeWryAUaehKMpboDhsXMqHtFbL6WJLqlxdSakG8w0D86HOvLtNneNwUim7gM9DBN23siyz7vbU 4xeTMicg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ljnLN-002F8d-NZ; Thu, 20 May 2021 18:24:25 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ljnLJ-002F7b-Oj for linux-arm-kernel@desiato.infradead.org; Thu, 20 May 2021 18:24:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Content-Type:Cc:To:Subject:Message-ID :Date:From:In-Reply-To:References:MIME-Version:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=1s5Dsz7vse2deNA6SMMU0kbqW1ES7IG9klI1lUdnBBg=; b=37IyuaENhswGkFKDyCmpiSd7MP Qqppj6ib1YFAbK/xkwqLAORRORnxQfdn7SkHYeEv5kz3/P/n7u2wJh0bMzIXkfrJMZODJKR2DbkV+ Ts+4pNm921Vt5YiM2LtkRZS9Ige37ngv1G6xaPClshhQf6luU/K82UYTY6lcjD/ZSrrRJvtX23sDA nTyJnBUUASBHWpjH5ru16rpOYimBeGeIhXiG1lyL6HjkvX9ewiKKhmWI9198kQTP023KBihO4kJbA fd3rYtUXvm8+OGfa7YrLFKsFoKob3RgWp3a1nu4LbphcCzXczSe+QGCQZDxzHAYmJ3/CZ44zpdC+x waYOXCVA==; Received: from mail-qt1-x831.google.com ([2607:f8b0:4864:20::831]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ljnLG-00GZVt-0w for linux-arm-kernel@lists.infradead.org; Thu, 20 May 2021 18:24:19 +0000 Received: by mail-qt1-x831.google.com with SMTP id h24so2086002qtm.12 for ; Thu, 20 May 2021 11:24:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1s5Dsz7vse2deNA6SMMU0kbqW1ES7IG9klI1lUdnBBg=; b=du0uGiNN2aHIPskO4+egQDuFjF5ZSMIfrhxJ+iadWI9R296iYrT38J52IC2ujD5NdY h+vjjfif5YPHTpE3DTMzDGW2QCGbAzAObnnGomtCi0UlrOFGj236Kfa1Wg5b1YmEKT3T 2iNv31ww8xbEL3g/qzTDJ8TOgdo4VQNpQiyrHzPyVumdX/8zw3iMjMbXaO8LRSicsjud XYaSIty6Bc8gh4J9JMH1T3DBUloVYJ0i+mOEnA1075zWs2W0UusWppqhoMlon4GKTLlm CvK/wTiTRHy6LHPE+SEqvCtI3ZkW5jauwebD8pSR5hPZ4MLo/Izc3MT6g87+h5GrQxT8 EasQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1s5Dsz7vse2deNA6SMMU0kbqW1ES7IG9klI1lUdnBBg=; b=jwX5dCwhiCcrHZxamh6RPVkzogL9uoxLfwaN9IU2+GSUmJlB5bA7u+O6CerQ1c58V2 2DF5kGuz/4Kai778r2hwJM2D28bo2BKQLGK6RTb0mfzi7xnZ1veJ+p7G8gD+A3/0k/e4 JMO6rZctBt+Xlr5NIX1qzG8RpUSqhIDSvw3ybIK9gLq+8utxI0CNaH/8q3Ng/g9uQxnH ytMNa0P7Q+LhMBVZMPKl4sas38GGbHJHRYjzABEDetymoYaL1S2VjEzmpQ28GFk7Jc3u ah37CbmQ08K68Os8bhy/2DmMae8BqjUF3O2de115goBUvbeLYOlvXPSkBuUiQXByNvOe LsEg== X-Gm-Message-State: AOAM531bxHjJApncuvFttfsHJtuviYXqVW6A+HGf82rDzXfdi4x9xzLO 6HfwCLo5tSbScwa2BjRM6E+kdw0Dv+4RXsr1j/8= X-Google-Smtp-Source: ABdhPJzQIqydEluuiZ+gsCfR8EoFruiir97R4iNWc7F9aFJDAu0Uymbr2sq3UpFFgzWq0x40zB+qmsHAP9fwKKABJwk= X-Received: by 2002:aed:3169:: with SMTP id 96mr6689774qtg.164.1621535056348; Thu, 20 May 2021 11:24:16 -0700 (PDT) MIME-Version: 1.0 References: <20210430150438.GA57205@C02TD0UTHF1T.local> <20210520151854.3632129-1-derrick.mckee@gmail.com> <20210520160035.GP17233@C02TD0UTHF1T.local> In-Reply-To: <20210520160035.GP17233@C02TD0UTHF1T.local> From: Derrick McKee Date: Thu, 20 May 2021 14:24:04 -0400 Message-ID: Subject: Re: [PATCH] Ensure kernel AI key is not changed on fork To: Mark Rutland Cc: Nathan Harrison Burow , Yianni Giannaris , Catalin Marinas , Will Deacon , Linux ARM , LKML X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210520_112418_086391_F8F8F48C X-CRM114-Status: GOOD ( 23.18 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, May 20, 2021 at 12:00 PM Mark Rutland wrote: > On the kernel side, we use a unique IA key per kernel thread, and while > this must remain the same *for that kernel thread*, the kernel IA key > should differ across kernel threads when a fork() occurs. Thank you for the clarification. > I think you're trying to use the keys in a different way than upstream > intends to, and we do not need this change as-is. > > So NAK to this patch as it stands. Given the above discussion, I agree with the NAK. > > > --- > > arch/arm64/include/asm/pointer_auth.h | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > > > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h > > index d50416be99be..9748413e72fd 100644 > > --- a/arch/arm64/include/asm/pointer_auth.h > > +++ b/arch/arm64/include/asm/pointer_auth.h > > @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) > > ptrauth_keys_install_user(keys); > > } > > > > -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) > > +static __always_inline void > > +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys) > > { > > - if (system_supports_address_auth()) > > - get_random_bytes(&keys->apia, sizeof(keys->apia)); > > + if (keys->apia.lo == 0 && keys->apia.hi == 0) { > > + if (system_supports_address_auth()) > > + get_random_bytes(&keys->apia, sizeof(keys->apia)); > > + } > > } > > > > static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys) > > -- > > 2.31.1 > > -- Derrick McKee Phone: (703) 957-9362 Email: derrick.mckee@gmail.com _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel