Re: [PATCH] arm64: reject prctl(PR_PAC_RESET_KEYS) on compat tasks

From: Will Deacon <will@kernel.org>
To: Peter Collingbourne <pcc@google.com>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Kristina Martsenko <kristina.martsenko@arm.com>
Subject: Re: [PATCH] arm64: reject prctl(PR_PAC_RESET_KEYS) on compat tasks
Date: Thu, 15 Oct 2020 11:46:48 +0100	[thread overview]
Message-ID: <20201015104648.GB5064@willie-the-truck> (raw)
In-Reply-To: <20201014052430.11630-1-pcc@google.com>

On Tue, Oct 13, 2020 at 10:24:30PM -0700, Peter Collingbourne wrote:
> It doesn't make sense to issue prctl(PR_PAC_RESET_KEYS) on a
> compat task because the 32-bit instruction set does not offer PAuth
> instructions. For consistency with other 64-bit only prctls such as
> {SET,GET}_TAGGED_ADDR_CTRL, reject the prctl on compat tasks.
> 
> Although this is a userspace-visible change, maybe it isn't too late
> to make this change given that the hardware isn't available yet and
> it's very unlikely that anyone has 32-bit software that actually
> depends on this succeeding.
> 
> Link: https://linux-review.googlesource.com/id/Ie885a1ff84ab498cc9f62d6451e9f2cfd4b1d06a
> Signed-off-by: Peter Collingbourne <pcc@google.com>
> ---
>  arch/arm64/kernel/pointer_auth.c | 4 ++++
>  1 file changed, 4 insertions(+)

Cheers. Although I agree with the discussion here that it would be better
to catch this in one place, for now I'll merge this and add similar checks
to the SVE prctl()s too. Patch below (I also tweaked it to use the 'tsk'
parameter for ptrauth, for consistency).

Will

--->8

diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c
index a6d688c10745..062b21f30f94 100644
--- a/arch/arm64/kernel/fpsimd.c
+++ b/arch/arm64/kernel/fpsimd.c
@@ -678,7 +678,7 @@ int sve_set_current_vl(unsigned long arg)
        vl = arg & PR_SVE_VL_LEN_MASK;
        flags = arg & ~vl;
 
-       if (!system_supports_sve())
+       if (!system_supports_sve() || is_compat_task())
                return -EINVAL;
 
        ret = sve_set_vector_length(current, vl, flags);
@@ -691,7 +691,7 @@ int sve_set_current_vl(unsigned long arg)
 /* PR_SVE_GET_VL */
 int sve_get_current_vl(void)
 {
-       if (!system_supports_sve())
+       if (!system_supports_sve() || is_compat_task())
                return -EINVAL;
 
        return sve_prctl_status(0);
diff --git a/arch/arm64/kernel/pointer_auth.c b/arch/arm64/kernel/pointer_auth.c
index 1e77736a4f66..adb955fd9bdd 100644
--- a/arch/arm64/kernel/pointer_auth.c
+++ b/arch/arm64/kernel/pointer_auth.c
@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0
 
+#include <linux/compat.h>
 #include <linux/errno.h>
 #include <linux/prctl.h>
 #include <linux/random.h>
@@ -17,6 +18,9 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg)
        if (!system_supports_address_auth() && !system_supports_generic_auth())
                return -EINVAL;
 
+       if (is_compat_thread(task_thread_info(tsk)))
+               return -EINVAL;
+
        if (!arg) {
                ptrauth_keys_init_user(keys);
                return 0;


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
