From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cyrill Gorcunov Subject: Re: [PATCH v5 07/17] arm64: add basic pointer authentication support Date: Fri, 19 Oct 2018 19:49:27 +0300 Message-ID: <20181019164927.GO2401@uranus.lan> References: <20181005084754.20950-1-kristina.martsenko@arm.com> <20181005084754.20950-8-kristina.martsenko@arm.com> <20181019111542.6wrvjguirglzg7vg@mbp> <20181019112404.GD14246@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20181019112404.GD14246@arm.com> Sender: linux-kernel-owner@vger.kernel.org To: Will Deacon Cc: Catalin Marinas , Kristina Martsenko , linux-arm-kernel@lists.infradead.org, Mark Rutland , linux-arch@vger.kernel.org, Andrew Jones , Jacob Bramley , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Adam Wallis , "Suzuki K . Poulose" , Christoffer Dall , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , Amit Kachhap , Dave P Martin , linux-kernel@vger.kernel.org, Kees Cook , Andrey Vagin List-Id: linux-arch.vger.kernel.org On Fri, Oct 19, 2018 at 12:24:04PM +0100, Will Deacon wrote: > > FWIW: I think we should be entertaining a prctl() interface to use a new > key on a per-thread basis. Obviously, this would need to be used with care > (e.g. you'd fork(); use the prctl() and then you'd better not return from > the calling function!). > > Assuming we want this (Kees -- I was under the impression that everything in > Android would end up with the same key otherwise?), then the question is > do we want: > > - prctl() get/set operations for the key, or > - prctl() set_random_key operation, or > - both of the above? > > Part of the answer to that may lie in the requirements of CRIU, where I > strongly suspect they need explicit get/set operations, although these > could be gated on CONFIG_CHECKPOINT_RESTORE=y. Indeed. Without get/set I think we won't be able to restore programs. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-f195.google.com ([209.85.208.195]:35805 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727200AbeJTA4Z (ORCPT ); Fri, 19 Oct 2018 20:56:25 -0400 Date: Fri, 19 Oct 2018 19:49:27 +0300 From: Cyrill Gorcunov Subject: Re: [PATCH v5 07/17] arm64: add basic pointer authentication support Message-ID: <20181019164927.GO2401@uranus.lan> References: <20181005084754.20950-1-kristina.martsenko@arm.com> <20181005084754.20950-8-kristina.martsenko@arm.com> <20181019111542.6wrvjguirglzg7vg@mbp> <20181019112404.GD14246@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181019112404.GD14246@arm.com> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Will Deacon Cc: Catalin Marinas , Kristina Martsenko , linux-arm-kernel@lists.infradead.org, Mark Rutland , linux-arch@vger.kernel.org, Andrew Jones , Jacob Bramley , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Adam Wallis , "Suzuki K . Poulose" , Christoffer Dall , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , Amit Kachhap , Dave P Martin , linux-kernel@vger.kernel.org, Kees Cook , Andrey Vagin Message-ID: <20181019164927.uy-dCPVmj1uBo2bOiBhH4RT2T03w6VwbGIKpMihX_Qw@z> On Fri, Oct 19, 2018 at 12:24:04PM +0100, Will Deacon wrote: > > FWIW: I think we should be entertaining a prctl() interface to use a new > key on a per-thread basis. Obviously, this would need to be used with care > (e.g. you'd fork(); use the prctl() and then you'd better not return from > the calling function!). > > Assuming we want this (Kees -- I was under the impression that everything in > Android would end up with the same key otherwise?), then the question is > do we want: > > - prctl() get/set operations for the key, or > - prctl() set_random_key operation, or > - both of the above? > > Part of the answer to that may lie in the requirements of CRIU, where I > strongly suspect they need explicit get/set operations, although these > could be gated on CONFIG_CHECKPOINT_RESTORE=y. Indeed. Without get/set I think we won't be able to restore programs.