linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Ensure kernel AI key is not changed on fork
       [not found] <20210430150438.GA57205@C02TD0UTHF1T.local>
@ 2021-05-20 15:18 ` Derrick McKee
  2021-05-20 16:00   ` Mark Rutland
  0 siblings, 1 reply; 3+ messages in thread
From: Derrick McKee @ 2021-05-20 15:18 UTC (permalink / raw)
  To: derrick.mckee
  Cc: Nathan.Burow, Yianni Giannaris, Catalin Marinas, Will Deacon,
	linux-arm-kernel, linux-kernel

The kernel uses the IA key for PAC signing, 
and this key should remain unchanged from the kernel point of view.
This patch ensures that the IA key remains constant on fork, 
if it has been previously set.
The software is provided on an as-is basis.

Signed-off-by: Derrick McKee <derrick.mckee@gmail.com>
Signed-off-by: Yianni Giannaris <yiannig@mit.edu>
---
 arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index d50416be99be..9748413e72fd 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
 	ptrauth_keys_install_user(keys);
 }
 
-static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
+static __always_inline void
+ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
 {
-	if (system_supports_address_auth())
-		get_random_bytes(&keys->apia, sizeof(keys->apia));
+	if (keys->apia.lo == 0 && keys->apia.hi == 0) {
+		if (system_supports_address_auth())
+			get_random_bytes(&keys->apia, sizeof(keys->apia));
+	}
 }
 
 static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
-- 
2.31.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] Ensure kernel AI key is not changed on fork
  2021-05-20 15:18 ` [PATCH] Ensure kernel AI key is not changed on fork Derrick McKee
@ 2021-05-20 16:00   ` Mark Rutland
  2021-05-20 18:24     ` Derrick McKee
  0 siblings, 1 reply; 3+ messages in thread
From: Mark Rutland @ 2021-05-20 16:00 UTC (permalink / raw)
  To: Derrick McKee
  Cc: Nathan.Burow, Yianni Giannaris, Catalin Marinas, Will Deacon,
	linux-arm-kernel, linux-kernel

On Thu, May 20, 2021 at 11:18:54AM -0400, Derrick McKee wrote:
> The kernel uses the IA key for PAC signing, 
> and this key should remain unchanged from the kernel point of view.
> This patch ensures that the IA key remains constant on fork, 
> if it has been previously set.
> The software is provided on an as-is basis.
> 
> Signed-off-by: Derrick McKee <derrick.mckee@gmail.com>
> Signed-off-by: Yianni Giannaris <yiannig@mit.edu>

On the kernel side, we use a unique IA key per kernel thread, and while
this must remain the same *for that kernel thread*, the kernel IA key
should differ across kernel threads when a fork() occurs.

I think you're trying to use the keys in a different way than upstream
intends to, and we do not need this change as-is.

So NAK to this patch as it stands.

Thanks,
Mark.

> ---
>  arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
> index d50416be99be..9748413e72fd 100644
> --- a/arch/arm64/include/asm/pointer_auth.h
> +++ b/arch/arm64/include/asm/pointer_auth.h
> @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
>  	ptrauth_keys_install_user(keys);
>  }
>  
> -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
> +static __always_inline void
> +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
>  {
> -	if (system_supports_address_auth())
> -		get_random_bytes(&keys->apia, sizeof(keys->apia));
> +	if (keys->apia.lo == 0 && keys->apia.hi == 0) {
> +		if (system_supports_address_auth())
> +			get_random_bytes(&keys->apia, sizeof(keys->apia));
> +	}
>  }
>  
>  static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
> -- 
> 2.31.1
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Ensure kernel AI key is not changed on fork
  2021-05-20 16:00   ` Mark Rutland
@ 2021-05-20 18:24     ` Derrick McKee
  0 siblings, 0 replies; 3+ messages in thread
From: Derrick McKee @ 2021-05-20 18:24 UTC (permalink / raw)
  To: Mark Rutland
  Cc: Nathan Harrison Burow, Yianni Giannaris, Catalin Marinas,
	Will Deacon, Linux ARM, LKML

On Thu, May 20, 2021 at 12:00 PM Mark Rutland <mark.rutland@arm.com> wrote:

> On the kernel side, we use a unique IA key per kernel thread, and while
> this must remain the same *for that kernel thread*, the kernel IA key
> should differ across kernel threads when a fork() occurs.

Thank you for the clarification.

> I think you're trying to use the keys in a different way than upstream
> intends to, and we do not need this change as-is.
>
> So NAK to this patch as it stands.

Given the above discussion, I agree with the NAK.

>
> > ---
> >  arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
> >  1 file changed, 6 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
> > index d50416be99be..9748413e72fd 100644
> > --- a/arch/arm64/include/asm/pointer_auth.h
> > +++ b/arch/arm64/include/asm/pointer_auth.h
> > @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
> >       ptrauth_keys_install_user(keys);
> >  }
> >
> > -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
> > +static __always_inline void
> > +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
> >  {
> > -     if (system_supports_address_auth())
> > -             get_random_bytes(&keys->apia, sizeof(keys->apia));
> > +     if (keys->apia.lo == 0 && keys->apia.hi == 0) {
> > +             if (system_supports_address_auth())
> > +                     get_random_bytes(&keys->apia, sizeof(keys->apia));
> > +     }
> >  }
> >
> >  static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
> > --
> > 2.31.1
> >



-- 
Derrick McKee
Phone: (703) 957-9362
Email: derrick.mckee@gmail.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-05-20 18:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20210430150438.GA57205@C02TD0UTHF1T.local>
2021-05-20 15:18 ` [PATCH] Ensure kernel AI key is not changed on fork Derrick McKee
2021-05-20 16:00   ` Mark Rutland
2021-05-20 18:24     ` Derrick McKee

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).