From: Amit Kachhap <amit.kachhap@arm.com>
To: Will Deacon <will@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org,
Catalin Marinas <catalin.marinas@arm.com>,
Bhupesh Sharma <bhsharma@redhat.com>,
Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
James Morse <james.morse@arm.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v2 1/2] arm64/crash_core: Export KERNELPACMASK in vmcoreinfo
Date: Wed, 6 May 2020 17:32:56 +0530 [thread overview]
Message-ID: <bc5e6fc5-15f4-40bb-4466-816de5912893@arm.com> (raw)
In-Reply-To: <20200504171741.GD1833@willie-the-truck>
Hi Will,
On 5/4/20 10:47 PM, Will Deacon wrote:
> On Mon, Apr 27, 2020 at 11:55:01AM +0530, Amit Daniel Kachhap wrote:
>> Recently arm64 linux kernel added support for Armv8.3-A Pointer
>> Authentication feature. If this feature is enabled in the kernel and the
>> hardware supports address authentication then the return addresses are
>> signed and stored in the stack to prevent ROP kind of attack. Kdump tool
>> will now dump the kernel with signed lr values in the stack.
>>
>> Any user analysis tool for this kernel dump may need the kernel pac mask
>> information in vmcoreinfo to generate the correct return address for
>> stacktrace purpose as well as to resolve the symbol name.
>>
>> This patch is similar to commit ec6e822d1a22d0eef ("arm64: expose user PAC
>> bit positions via ptrace") which exposes pac mask information via ptrace
>> interfaces.
>>
>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>> Cc: Will Deacon <will@kernel.org>
>> Cc: Mark Rutland <mark.rutland@arm.com>
>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
>> ---
>> Changes since v1:
>> * Rebased to kernel 5.7-rc3.
>> * commit log change.
>>
>> An implementation of this new KERNELPACMASK vmcoreinfo field used by crash
>> tool can be found here[1]. This change is accepted by crash utility
>> maintainer [2].
>>
>> [1]: https://www.redhat.com/archives/crash-utility/2020-April/msg00095.html
>> [2]: https://www.redhat.com/archives/crash-utility/2020-April/msg00099.html
>>
>> arch/arm64/include/asm/compiler.h | 3 +++
>> arch/arm64/kernel/crash_core.c | 4 ++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
>> index eece20d..32d5900 100644
>> --- a/arch/arm64/include/asm/compiler.h
>> +++ b/arch/arm64/include/asm/compiler.h
>> @@ -19,6 +19,9 @@
>> #define __builtin_return_address(val) \
>> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>>
>> +#else /* !CONFIG_ARM64_PTR_AUTH */
>> +#define ptrauth_user_pac_mask() 0ULL
>> +#define ptrauth_kernel_pac_mask() 0ULL
>
> This doesn't look quite right to me, since you still have to take into
> account the case where CONFIG_ARM64_PTR_AUTH=y but the feature is not
> available at runtime:
Yes agree with you here. However the config gaurd is saving some extra
computation for __builtin_return_address. There are some compiler
support being added in __builtin_extract_return_address to mask the PAC.
Hopefully that will improve this code. In the meantime let it be like this.
I can remove this else case and as other users of
ptrauth_{kernel,user}_pac_mask(ptrace.c) protect it with a config gaurd
there.
>
>> @@ -16,4 +17,7 @@ void arch_crash_save_vmcoreinfo(void)
>> vmcoreinfo_append_str("NUMBER(PHYS_OFFSET)=0x%llx\n",
>> PHYS_OFFSET);
>> vmcoreinfo_append_str("KERNELOFFSET=%lx\n", kaslr_offset());
>> + vmcoreinfo_append_str("NUMBER(KERNELPACMASK)=0x%llx\n",
>> + system_supports_address_auth() ?
>> + ptrauth_kernel_pac_mask() : 0);
>
> In which case, would it make more sense to define
> ptrauth_{kernel,user}_pac_mask() unconditionally? In fact, I'd probably
> just remove the guards completely from asm/compiler.h because I think
> they're misleading.
As answered above. Let me know your opinion. Although I don't have
strong reservation in keeping the config gaurd.
Thanks,
Amit Daniel
>
> Will
>
> --->8
>
> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
> index eece20d2c55f..51a7ce87cdfe 100644
> --- a/arch/arm64/include/asm/compiler.h
> +++ b/arch/arm64/include/asm/compiler.h
> @@ -2,8 +2,6 @@
> #ifndef __ASM_COMPILER_H
> #define __ASM_COMPILER_H
>
> -#if defined(CONFIG_ARM64_PTR_AUTH)
> -
> /*
> * The EL0/EL1 pointer bits used by a pointer authentication code.
> * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would also apply.
> @@ -19,6 +17,4 @@
> #define __builtin_return_address(val) \
> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>
> -#endif /* CONFIG_ARM64_PTR_AUTH */
> -
> #endif /* __ASM_COMPILER_H */
>
WARNING: multiple messages have this Message-ID (diff)
From: Amit Kachhap <amit.kachhap@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Bhupesh Sharma <bhsharma@redhat.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
James Morse <james.morse@arm.com>,
Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/2] arm64/crash_core: Export KERNELPACMASK in vmcoreinfo
Date: Wed, 6 May 2020 17:32:56 +0530 [thread overview]
Message-ID: <bc5e6fc5-15f4-40bb-4466-816de5912893@arm.com> (raw)
In-Reply-To: <20200504171741.GD1833@willie-the-truck>
Hi Will,
On 5/4/20 10:47 PM, Will Deacon wrote:
> On Mon, Apr 27, 2020 at 11:55:01AM +0530, Amit Daniel Kachhap wrote:
>> Recently arm64 linux kernel added support for Armv8.3-A Pointer
>> Authentication feature. If this feature is enabled in the kernel and the
>> hardware supports address authentication then the return addresses are
>> signed and stored in the stack to prevent ROP kind of attack. Kdump tool
>> will now dump the kernel with signed lr values in the stack.
>>
>> Any user analysis tool for this kernel dump may need the kernel pac mask
>> information in vmcoreinfo to generate the correct return address for
>> stacktrace purpose as well as to resolve the symbol name.
>>
>> This patch is similar to commit ec6e822d1a22d0eef ("arm64: expose user PAC
>> bit positions via ptrace") which exposes pac mask information via ptrace
>> interfaces.
>>
>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>> Cc: Will Deacon <will@kernel.org>
>> Cc: Mark Rutland <mark.rutland@arm.com>
>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
>> ---
>> Changes since v1:
>> * Rebased to kernel 5.7-rc3.
>> * commit log change.
>>
>> An implementation of this new KERNELPACMASK vmcoreinfo field used by crash
>> tool can be found here[1]. This change is accepted by crash utility
>> maintainer [2].
>>
>> [1]: https://www.redhat.com/archives/crash-utility/2020-April/msg00095.html
>> [2]: https://www.redhat.com/archives/crash-utility/2020-April/msg00099.html
>>
>> arch/arm64/include/asm/compiler.h | 3 +++
>> arch/arm64/kernel/crash_core.c | 4 ++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
>> index eece20d..32d5900 100644
>> --- a/arch/arm64/include/asm/compiler.h
>> +++ b/arch/arm64/include/asm/compiler.h
>> @@ -19,6 +19,9 @@
>> #define __builtin_return_address(val) \
>> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>>
>> +#else /* !CONFIG_ARM64_PTR_AUTH */
>> +#define ptrauth_user_pac_mask() 0ULL
>> +#define ptrauth_kernel_pac_mask() 0ULL
>
> This doesn't look quite right to me, since you still have to take into
> account the case where CONFIG_ARM64_PTR_AUTH=y but the feature is not
> available at runtime:
Yes agree with you here. However the config gaurd is saving some extra
computation for __builtin_return_address. There are some compiler
support being added in __builtin_extract_return_address to mask the PAC.
Hopefully that will improve this code. In the meantime let it be like this.
I can remove this else case and as other users of
ptrauth_{kernel,user}_pac_mask(ptrace.c) protect it with a config gaurd
there.
>
>> @@ -16,4 +17,7 @@ void arch_crash_save_vmcoreinfo(void)
>> vmcoreinfo_append_str("NUMBER(PHYS_OFFSET)=0x%llx\n",
>> PHYS_OFFSET);
>> vmcoreinfo_append_str("KERNELOFFSET=%lx\n", kaslr_offset());
>> + vmcoreinfo_append_str("NUMBER(KERNELPACMASK)=0x%llx\n",
>> + system_supports_address_auth() ?
>> + ptrauth_kernel_pac_mask() : 0);
>
> In which case, would it make more sense to define
> ptrauth_{kernel,user}_pac_mask() unconditionally? In fact, I'd probably
> just remove the guards completely from asm/compiler.h because I think
> they're misleading.
As answered above. Let me know your opinion. Although I don't have
strong reservation in keeping the config gaurd.
Thanks,
Amit Daniel
>
> Will
>
> --->8
>
> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
> index eece20d2c55f..51a7ce87cdfe 100644
> --- a/arch/arm64/include/asm/compiler.h
> +++ b/arch/arm64/include/asm/compiler.h
> @@ -2,8 +2,6 @@
> #ifndef __ASM_COMPILER_H
> #define __ASM_COMPILER_H
>
> -#if defined(CONFIG_ARM64_PTR_AUTH)
> -
> /*
> * The EL0/EL1 pointer bits used by a pointer authentication code.
> * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would also apply.
> @@ -19,6 +17,4 @@
> #define __builtin_return_address(val) \
> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>
> -#endif /* CONFIG_ARM64_PTR_AUTH */
> -
> #endif /* __ASM_COMPILER_H */
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Amit Kachhap <amit.kachhap@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Bhupesh Sharma <bhsharma@redhat.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
James Morse <james.morse@arm.com>,
Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v2 1/2] arm64/crash_core: Export KERNELPACMASK in vmcoreinfo
Date: Wed, 6 May 2020 17:32:56 +0530 [thread overview]
Message-ID: <bc5e6fc5-15f4-40bb-4466-816de5912893@arm.com> (raw)
In-Reply-To: <20200504171741.GD1833@willie-the-truck>
Hi Will,
On 5/4/20 10:47 PM, Will Deacon wrote:
> On Mon, Apr 27, 2020 at 11:55:01AM +0530, Amit Daniel Kachhap wrote:
>> Recently arm64 linux kernel added support for Armv8.3-A Pointer
>> Authentication feature. If this feature is enabled in the kernel and the
>> hardware supports address authentication then the return addresses are
>> signed and stored in the stack to prevent ROP kind of attack. Kdump tool
>> will now dump the kernel with signed lr values in the stack.
>>
>> Any user analysis tool for this kernel dump may need the kernel pac mask
>> information in vmcoreinfo to generate the correct return address for
>> stacktrace purpose as well as to resolve the symbol name.
>>
>> This patch is similar to commit ec6e822d1a22d0eef ("arm64: expose user PAC
>> bit positions via ptrace") which exposes pac mask information via ptrace
>> interfaces.
>>
>> Cc: Catalin Marinas <catalin.marinas@arm.com>
>> Cc: Will Deacon <will@kernel.org>
>> Cc: Mark Rutland <mark.rutland@arm.com>
>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
>> ---
>> Changes since v1:
>> * Rebased to kernel 5.7-rc3.
>> * commit log change.
>>
>> An implementation of this new KERNELPACMASK vmcoreinfo field used by crash
>> tool can be found here[1]. This change is accepted by crash utility
>> maintainer [2].
>>
>> [1]: https://www.redhat.com/archives/crash-utility/2020-April/msg00095.html
>> [2]: https://www.redhat.com/archives/crash-utility/2020-April/msg00099.html
>>
>> arch/arm64/include/asm/compiler.h | 3 +++
>> arch/arm64/kernel/crash_core.c | 4 ++++
>> 2 files changed, 7 insertions(+)
>>
>> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
>> index eece20d..32d5900 100644
>> --- a/arch/arm64/include/asm/compiler.h
>> +++ b/arch/arm64/include/asm/compiler.h
>> @@ -19,6 +19,9 @@
>> #define __builtin_return_address(val) \
>> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>>
>> +#else /* !CONFIG_ARM64_PTR_AUTH */
>> +#define ptrauth_user_pac_mask() 0ULL
>> +#define ptrauth_kernel_pac_mask() 0ULL
>
> This doesn't look quite right to me, since you still have to take into
> account the case where CONFIG_ARM64_PTR_AUTH=y but the feature is not
> available at runtime:
Yes agree with you here. However the config gaurd is saving some extra
computation for __builtin_return_address. There are some compiler
support being added in __builtin_extract_return_address to mask the PAC.
Hopefully that will improve this code. In the meantime let it be like this.
I can remove this else case and as other users of
ptrauth_{kernel,user}_pac_mask(ptrace.c) protect it with a config gaurd
there.
>
>> @@ -16,4 +17,7 @@ void arch_crash_save_vmcoreinfo(void)
>> vmcoreinfo_append_str("NUMBER(PHYS_OFFSET)=0x%llx\n",
>> PHYS_OFFSET);
>> vmcoreinfo_append_str("KERNELOFFSET=%lx\n", kaslr_offset());
>> + vmcoreinfo_append_str("NUMBER(KERNELPACMASK)=0x%llx\n",
>> + system_supports_address_auth() ?
>> + ptrauth_kernel_pac_mask() : 0);
>
> In which case, would it make more sense to define
> ptrauth_{kernel,user}_pac_mask() unconditionally? In fact, I'd probably
> just remove the guards completely from asm/compiler.h because I think
> they're misleading.
As answered above. Let me know your opinion. Although I don't have
strong reservation in keeping the config gaurd.
Thanks,
Amit Daniel
>
> Will
>
> --->8
>
> diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h
> index eece20d2c55f..51a7ce87cdfe 100644
> --- a/arch/arm64/include/asm/compiler.h
> +++ b/arch/arm64/include/asm/compiler.h
> @@ -2,8 +2,6 @@
> #ifndef __ASM_COMPILER_H
> #define __ASM_COMPILER_H
>
> -#if defined(CONFIG_ARM64_PTR_AUTH)
> -
> /*
> * The EL0/EL1 pointer bits used by a pointer authentication code.
> * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would also apply.
> @@ -19,6 +17,4 @@
> #define __builtin_return_address(val) \
> (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))
>
> -#endif /* CONFIG_ARM64_PTR_AUTH */
> -
> #endif /* __ASM_COMPILER_H */
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2020-05-06 12:03 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 6:25 [PATCH v2 1/2] arm64/crash_core: Export KERNELPACMASK in vmcoreinfo Amit Daniel Kachhap
2020-04-27 6:25 ` Amit Daniel Kachhap
2020-04-27 6:25 ` Amit Daniel Kachhap
2020-04-27 6:25 ` [PATCH v2 2/2] Documentation/vmcoreinfo: Add documentation for 'KERNELPACMASK' Amit Daniel Kachhap
2020-04-27 6:25 ` Amit Daniel Kachhap
2020-04-27 6:25 ` Amit Daniel Kachhap
2020-05-04 17:34 ` Will Deacon
2020-05-04 17:34 ` Will Deacon
2020-05-04 17:34 ` Will Deacon
2020-05-06 12:07 ` Amit Kachhap
2020-05-06 12:07 ` Amit Kachhap
2020-05-06 12:07 ` Amit Kachhap
2020-04-30 11:35 ` [PATCH v2 1/2] arm64/crash_core: Export KERNELPACMASK in vmcoreinfo Amit Kachhap
2020-04-30 11:35 ` Amit Kachhap
2020-04-30 11:35 ` Amit Kachhap
2020-04-30 11:44 ` Amit Kachhap
2020-04-30 11:44 ` Amit Kachhap
2020-04-30 11:44 ` Amit Kachhap
2020-05-04 17:17 ` Will Deacon
2020-05-04 17:17 ` Will Deacon
2020-05-04 17:17 ` Will Deacon
2020-05-06 12:02 ` Amit Kachhap [this message]
2020-05-06 12:02 ` Amit Kachhap
2020-05-06 12:02 ` Amit Kachhap
2020-05-06 12:31 ` Will Deacon
2020-05-06 12:31 ` Will Deacon
2020-05-06 12:31 ` Will Deacon
2020-05-06 13:04 ` Amit Kachhap
2020-05-06 13:04 ` Amit Kachhap
2020-05-06 13:04 ` Amit Kachhap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bc5e6fc5-15f4-40bb-4466-816de5912893@arm.com \
--to=amit.kachhap@arm.com \
--cc=Vincenzo.Frascino@arm.com \
--cc=bhsharma@redhat.com \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=kexec@lists.infradead.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.