From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32134C433DF for ; Wed, 14 Oct 2020 17:47:48 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9A16F21D7F for ; Wed, 14 Oct 2020 17:47:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="YHM6yccQ"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="JGbtgYRD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9A16F21D7F Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TVZx5OkVdyoKVO/MhdX+DFjcf7Zj0zfsNgfXD6fXHCo=; b=YHM6yccQX1LFBKmXlGcTarI9u fLPHAjIFMnPAl9oDcKR2Xt78fYOgO5DXwRAtGNFJEblkdzDv9IFBMtb0Z4VZUWs0BHl4kZcnaKRhp XJ9RbPkZqQxQCpU7xhEDK+BGQH21vLrohoBeUfEOimUEmbE3H4meMGHyVn+IaJX2q6csdVoHqoJ0+ S4CWvkJcEd/LNPXdQ+tHeeZFxCjlYy7y2BKqTeBSvgm4GEs/L2FZePipZzms/1lIhGkuzY/alByFq ZNzjklWxUJt+LFzEGKIh3TjArK/M/8/rFaQY+e6B22aRzfN/xETMZoDuayYAB85NosZ73BsJWhK18 Cjdwtqx8w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSkql-0001Pb-Hz; Wed, 14 Oct 2020 17:46:07 +0000 Received: from mail-vk1-xa41.google.com ([2607:f8b0:4864:20::a41]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSkqh-0001Np-SD for linux-arm-kernel@lists.infradead.org; Wed, 14 Oct 2020 17:46:05 +0000 Received: by mail-vk1-xa41.google.com with SMTP id a8so951976vkm.2 for ; Wed, 14 Oct 2020 10:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q0SOFtM+NK0hhGsBCE9XG5Wst8TfHxFUX4dZMYhDDl8=; b=JGbtgYRDigVqqHUvXlbJ9GMZGdZlibw4gx4kADL9mk6pUZ2QkfkLfEBt2kstfx+8Lx 7HXX/iwky/9zJwH5DnTDrOmuFo2XJlPTga8R1zgxzPq9JRwt79Q3+quJI3PT0x0TeSc+ 4VMztlL0SHnj/pcweZESPj7VBdfPQy6qRcbAOr56mB7k79qyNkorbBEjhRV/lvd0RcUU gsrjizqPIVI0s9lLvxcOAjiUBNNVlsZsejOx5I1DPbzearGXb6m0B3jPybGub5vazjao 8Cm3SEHpILyxWPDkRbwE18TnWEwoJA3APeZ4LkydLP6rglt0y3HHDjtcnJiAgI7eUJbi wFBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q0SOFtM+NK0hhGsBCE9XG5Wst8TfHxFUX4dZMYhDDl8=; b=ldDPQuvlPn8jUWSKM1AXiX+CGxU0ZmxuVmtHAMAXSd1i4X7+bQNOv2Oyb4S/eI/kIm 6aVGWzJ8fVP0oE24AkZEkz/6jQNOWp4CMf0vSlhUgZFLxGZFOEZkdCNC/dw0GT1maFVa FVGyk9n0tkBjDGNptrCbSu8rDcQlQzlgN9I5ZN8BiTfv2Ei75q0uxkVTOWmvP3r6woXf gy/soSGYvS/HFy2ZkhWvJ0n51ucRd+kgOsylKKYlSYX37ZzAD4TvmYqXbAh/m/pv1uw1 FQpie9FoEkdnQOefXViM0uX4iMn/2LWTLIdib4kn4Hga9SH7kdn49bn7PHABycbTuxI+ 4PLg== X-Gm-Message-State: AOAM5337c3NrxsliPtKnMM0425qjCagCdomg5kRDQWf0h3TsOTuAYJGf XObS598PKP16388vBJC741ZEGBY0b18VLPW4zTztXw== X-Google-Smtp-Source: ABdhPJxQn4wsyaTGXl4YhhOlKKrH2szrJi140lvL+6U1rjX/wtcev3yVhBGOs6kutpvp/yFA7XRITk6rhthTpzns3Y4= X-Received: by 2002:a1f:3f4d:: with SMTP id m74mr331947vka.12.1602697559565; Wed, 14 Oct 2020 10:45:59 -0700 (PDT) MIME-Version: 1.0 References: <20201014052430.11630-1-pcc@google.com> <20201014095356.GK32292@arm.com> In-Reply-To: <20201014095356.GK32292@arm.com> From: Peter Collingbourne Date: Wed, 14 Oct 2020 10:45:48 -0700 Message-ID: Subject: Re: [PATCH] arm64: reject prctl(PR_PAC_RESET_KEYS) on compat tasks To: Dave Martin X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201014_134604_029541_5C0E1553 X-CRM114-Status: GOOD ( 28.25 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , Vincenzo Frascino , Will Deacon , Linux ARM , Kristina Martsenko Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Oct 14, 2020 at 2:54 AM Dave Martin wrote: > > On Wed, Oct 14, 2020 at 06:24:30AM +0100, Peter Collingbourne wrote: > > It doesn't make sense to issue prctl(PR_PAC_RESET_KEYS) on a > > compat task because the 32-bit instruction set does not offer PAuth > > instructions. For consistency with other 64-bit only prctls such as > > {SET,GET}_TAGGED_ADDR_CTRL, reject the prctl on compat tasks. > > > > Although this is a userspace-visible change, maybe it isn't too late > > to make this change given that the hardware isn't available yet and > > it's very unlikely that anyone has 32-bit software that actually > > depends on this succeeding. > > > > Link: https://linux-review.googlesource.com/id/Ie885a1ff84ab498cc9f62d6451e9f2cfd4b1d06a > > Signed-off-by: Peter Collingbourne > > This does seem an anomaly, but it's not an isolated case. I suspect > that some other prctls are also missing a compat check -- PR_SVE_SET_VL > doesn't have it, for example. > > So, I'm not sure it's worth fixing this one case in isolation. Fixing > all affected cases may have greater risk, and it won't stay fixed, since > the compat check will likely often get forgotten when a new prctl is > added. The only other affected cases involve SVE and that doesn't have hardware available yet either, right? I'm going by the binutils CPU list, which is the closest thing that I'm aware of to an official list of all microarchitectures and their supported ISA features: https://github.com/bminor/binutils-gdb/blob/6248f5e4fc4ad1e433156520e44ac3217c39a621/gas/config/tc-aarch64.c#L8888 (and I know that Neoverse V1/N2 isn't available yet) > So, is this anomaly in any way harmful? Not as far as I can tell, at least for this specific prctl. > Can the code be refactored in such a way as to make it hard to forget > the check in future? I've never been a fan of the arch-specific prctls being listed in kernel/sys.c. It seems better to me to have that handling be moved into a new arch hook and that should let us remove some boilerplate as well. We can make the default case in the prctl syscall handler look like this: default: return arch_handle_prctrl(option, arg2, arg3, arg4, arg5); And move the arch-specific prctls into a switch in arch_handle_prctl(). Now, since (as far as I can tell) all of the arm64-specific prctls do not make sense on compat tasks, we can add an: if (is_compat_task()) return -EINVAL; to the top of arch_handle_prctl() and any new arm64-specific prctls will get the compat check by default. Of course, if we add a new compat-compatible prctl in the future, we may add it to a new switch before the if statement. Peter _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel