From: Kees Cook <keescook@chromium.org>
To: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Will Deacon <will.deacon@arm.com>,
Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
Amit Kachhap <Amit.Kachhap@arm.com>,
Dave Martin <Dave.Martin@arm.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [RFC v2 2/7] arm64: install user ptrauth keys at kernel exit time
Date: Wed, 29 May 2019 19:04:17 -0700 [thread overview]
Message-ID: <201905291901.0430DB6E@keescook> (raw)
In-Reply-To: <20190529190332.29753-3-kristina.martsenko@arm.com>
On Wed, May 29, 2019 at 08:03:27PM +0100, Kristina Martsenko wrote:
> As we're going to enable pointer auth within the kernel and use a
> different APIAKey for the kernel itself, then move the user APIAKey
> switch to EL0 exception return.
>
> The other 4 keys could remain switched during task switch, but are also
> moved to keep things simple.
>
> Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
>
> Changes since RFC v1:
> - Install all 5 keys on kernel_exit
> - Updated prctl to have keys installed on kernel exit
> - Renamed ptrauth-asm.h to asm_pointer_auth.h
> - Minor cleanups
> - Updated the commit message
>
> arch/arm64/include/asm/asm_pointer_auth.h | 43 +++++++++++++++++++++++++++++++
> arch/arm64/include/asm/pointer_auth.h | 23 +----------------
> arch/arm64/kernel/asm-offsets.c | 11 ++++++++
> arch/arm64/kernel/entry.S | 3 +++
> arch/arm64/kernel/pointer_auth.c | 3 ---
> arch/arm64/kernel/process.c | 1 -
> 6 files changed, 58 insertions(+), 26 deletions(-)
> create mode 100644 arch/arm64/include/asm/asm_pointer_auth.h
>
> diff --git a/arch/arm64/include/asm/asm_pointer_auth.h b/arch/arm64/include/asm/asm_pointer_auth.h
> new file mode 100644
> index 000000000000..e3bfddfe80b6
> --- /dev/null
> +++ b/arch/arm64/include/asm/asm_pointer_auth.h
> @@ -0,0 +1,43 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef __ASM_ASM_POINTER_AUTH_H
> +#define __ASM_ASM_POINTER_AUTH_H
> +
> +#include <asm/alternative.h>
> +#include <asm/asm-offsets.h>
> +#include <asm/cpufeature.h>
> +#include <asm/sysreg.h>
> +
> +#ifdef CONFIG_ARM64_PTR_AUTH
> +
> + .macro ptrauth_keys_install_user tsk, tmp1, tmp2, tmp3
> + mov \tmp1, #THREAD_KEYS_USER
> + add \tmp1, \tsk, \tmp1
> +alternative_if ARM64_HAS_ADDRESS_AUTH
> + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIA]
> + msr_s SYS_APIAKEYLO_EL1, \tmp2
> + msr_s SYS_APIAKEYHI_EL1, \tmp3
> + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIB]
> + msr_s SYS_APIBKEYLO_EL1, \tmp2
> + msr_s SYS_APIBKEYHI_EL1, \tmp3
> + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDA]
> + msr_s SYS_APDAKEYLO_EL1, \tmp2
> + msr_s SYS_APDAKEYHI_EL1, \tmp3
> + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDB]
> + msr_s SYS_APDBKEYLO_EL1, \tmp2
> + msr_s SYS_APDBKEYHI_EL1, \tmp3
> +alternative_else_nop_endif
> +alternative_if ARM64_HAS_GENERIC_AUTH
> + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APGA]
> + msr_s SYS_APGAKEYLO_EL1, \tmp2
> + msr_s SYS_APGAKEYHI_EL1, \tmp3
> +alternative_else_nop_endif
> + .endm
> +
> +#else /* CONFIG_ARM64_PTR_AUTH */
> +
> + .macro ptrauth_keys_install_user tsk, tmp1, tmp2, tmp3
> + .endm
> +
> +#endif /* CONFIG_ARM64_PTR_AUTH */
> +
> +#endif /* __ASM_ASM_POINTER_AUTH_H */
> diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
> index 15d49515efdd..fc8dc70cc19f 100644
> --- a/arch/arm64/include/asm/pointer_auth.h
> +++ b/arch/arm64/include/asm/pointer_auth.h
> @@ -50,19 +50,6 @@ do { \
> write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1); \
> } while (0)
>
> -static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
> -{
> - if (system_supports_address_auth()) {
> - __ptrauth_key_install(APIA, keys->apia);
> - __ptrauth_key_install(APIB, keys->apib);
> - __ptrauth_key_install(APDA, keys->apda);
> - __ptrauth_key_install(APDB, keys->apdb);
> - }
> -
> - if (system_supports_generic_auth())
> - __ptrauth_key_install(APGA, keys->apga);
> -}
> -
> extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
>
> /*
> @@ -78,20 +65,12 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
> }
>
> #define ptrauth_thread_init_user(tsk) \
> -do { \
> - struct task_struct *__ptiu_tsk = (tsk); \
> - ptrauth_keys_init(&__ptiu_tsk->thread.keys_user); \
> - ptrauth_keys_switch(&__ptiu_tsk->thread.keys_user); \
> -} while (0)
> -
> -#define ptrauth_thread_switch(tsk) \
> - ptrauth_keys_switch(&(tsk)->thread.keys_user)
> + ptrauth_keys_init(&(tsk)->thread.keys_user)
>
> #else /* CONFIG_ARM64_PTR_AUTH */
> #define ptrauth_prctl_reset_keys(tsk, arg) (-EINVAL)
> #define ptrauth_strip_insn_pac(lr) (lr)
> #define ptrauth_thread_init_user(tsk)
> -#define ptrauth_thread_switch(tsk)
> #endif /* CONFIG_ARM64_PTR_AUTH */
>
> #endif /* __ASM_POINTER_AUTH_H */
> diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
> index 7f40dcbdd51d..edc471e4acb1 100644
> --- a/arch/arm64/kernel/asm-offsets.c
> +++ b/arch/arm64/kernel/asm-offsets.c
> @@ -51,6 +51,9 @@ int main(void)
> #endif
> BLANK();
> DEFINE(THREAD_CPU_CONTEXT, offsetof(struct task_struct, thread.cpu_context));
> +#ifdef CONFIG_ARM64_PTR_AUTH
> + DEFINE(THREAD_KEYS_USER, offsetof(struct task_struct, thread.keys_user));
> +#endif
> BLANK();
> DEFINE(S_X0, offsetof(struct pt_regs, regs[0]));
> DEFINE(S_X2, offsetof(struct pt_regs, regs[2]));
> @@ -153,5 +156,13 @@ int main(void)
> DEFINE(SDEI_EVENT_INTREGS, offsetof(struct sdei_registered_event, interrupted_regs));
> DEFINE(SDEI_EVENT_PRIORITY, offsetof(struct sdei_registered_event, priority));
> #endif
> +#ifdef CONFIG_ARM64_PTR_AUTH
> + DEFINE(PTRAUTH_KEY_APIA, offsetof(struct ptrauth_keys, apia));
> + DEFINE(PTRAUTH_KEY_APIB, offsetof(struct ptrauth_keys, apib));
> + DEFINE(PTRAUTH_KEY_APDA, offsetof(struct ptrauth_keys, apda));
> + DEFINE(PTRAUTH_KEY_APDB, offsetof(struct ptrauth_keys, apdb));
> + DEFINE(PTRAUTH_KEY_APGA, offsetof(struct ptrauth_keys, apga));
> + BLANK();
> +#endif
> return 0;
> }
> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
> index c50a7a75f2e0..73a28d88f78d 100644
> --- a/arch/arm64/kernel/entry.S
> +++ b/arch/arm64/kernel/entry.S
> @@ -25,6 +25,7 @@
> #include <asm/alternative.h>
> #include <asm/assembler.h>
> #include <asm/asm-offsets.h>
> +#include <asm/asm_pointer_auth.h>
> #include <asm/cpufeature.h>
> #include <asm/errno.h>
> #include <asm/esr.h>
> @@ -336,6 +337,8 @@ alternative_if ARM64_WORKAROUND_845719
> alternative_else_nop_endif
> #endif
> 3:
> + ptrauth_keys_install_user tsk, x0, x1, x2
> +
> apply_ssbd 0, x0, x1
> .endif
>
> diff --git a/arch/arm64/kernel/pointer_auth.c b/arch/arm64/kernel/pointer_auth.c
> index c507b584259d..95985be67891 100644
> --- a/arch/arm64/kernel/pointer_auth.c
> +++ b/arch/arm64/kernel/pointer_auth.c
> @@ -19,7 +19,6 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg)
>
> if (!arg) {
> ptrauth_keys_init(keys);
> - ptrauth_keys_switch(keys);
> return 0;
> }
>
> @@ -41,7 +40,5 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg)
> if (arg & PR_PAC_APGAKEY)
> get_random_bytes(&keys->apga, sizeof(keys->apga));
>
> - ptrauth_keys_switch(keys);
> -
> return 0;
> }
> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> index 3767fb21a5b8..a9b30111b725 100644
> --- a/arch/arm64/kernel/process.c
> +++ b/arch/arm64/kernel/process.c
> @@ -481,7 +481,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
> contextidr_thread_switch(next);
> entry_task_switch(next);
> uao_thread_switch(next);
> - ptrauth_thread_switch(next);
>
> /*
> * Complete any pending TLB or cache maintenance on this CPU in case
> --
> 2.11.0
>
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-05-30 2:04 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-29 19:03 [RFC v2 0/7] arm64: return address signing Kristina Martsenko
2019-05-29 19:03 ` [RFC v2 1/7] arm64: cpufeature: add pointer auth meta-capabilities Kristina Martsenko
2019-05-30 1:58 ` Kees Cook
2019-05-30 10:50 ` Suzuki K Poulose
2019-06-13 16:13 ` Suzuki K Poulose
2019-05-29 19:03 ` [RFC v2 2/7] arm64: install user ptrauth keys at kernel exit time Kristina Martsenko
2019-05-30 2:04 ` Kees Cook [this message]
2019-06-06 16:26 ` Catalin Marinas
2019-05-29 19:03 ` [RFC v2 3/7] arm64: cpufeature: handle conflicts based on capability Kristina Martsenko
2019-05-30 2:49 ` Kees Cook
2019-05-30 14:16 ` Suzuki K Poulose
2019-05-31 14:00 ` Kristina Martsenko
2019-05-31 15:08 ` Suzuki K Poulose
2019-05-29 19:03 ` [RFC v2 4/7] arm64: enable ptrauth earlier Kristina Martsenko
2019-05-30 3:11 ` Kees Cook
2019-06-13 15:41 ` Suzuki K Poulose
2019-05-29 19:03 ` [RFC v2 5/7] arm64: initialize and switch ptrauth kernel keys Kristina Martsenko
2019-05-30 3:34 ` Kees Cook
2019-05-30 16:26 ` Kristina Martsenko
2019-06-04 10:03 ` Dave Martin
2019-06-06 16:44 ` Catalin Marinas
2019-06-12 16:21 ` Kristina Martsenko
2019-06-13 10:44 ` Catalin Marinas
2019-05-29 19:03 ` [RFC v2 6/7] arm64: unwind: strip PAC from kernel addresses Kristina Martsenko
2019-05-30 3:36 ` Kees Cook
2019-05-29 19:03 ` [RFC v2 7/7] arm64: compile the kernel with ptrauth return address signing Kristina Martsenko
2019-05-30 3:45 ` Kees Cook
2019-05-30 3:09 ` [RFC v2 0/7] arm64: " Kees Cook
2019-05-30 7:25 ` Will Deacon
2019-05-30 8:39 ` Ard Biesheuvel
2019-05-30 9:11 ` Ramana Radhakrishnan
2019-05-30 9:12 ` Ramana Radhakrishnan
2019-06-06 17:44 ` Kristina Martsenko
2019-06-08 4:09 ` Kees Cook
[not found] ` <DB7PR08MB3865C4AA36C9C465B2A687DABF180@DB7PR08MB3865.eurprd08.prod.outlook.com>
2019-05-30 15:57 ` Kees Cook
[not found] ` <DB7PR08MB3865A83066179CE419D171EDBF180@DB7PR08MB3865.eurprd08.prod.outlook.com>
2019-05-30 18:05 ` Kees Cook
2019-05-31 9:22 ` Will Deacon
2019-06-02 15:43 ` Kees Cook
2019-06-03 10:40 ` Will Deacon
2019-06-04 13:52 ` Luke Cheeseman
2019-06-06 17:43 ` Kristina Martsenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201905291901.0430DB6E@keescook \
--to=keescook@chromium.org \
--cc=Amit.Kachhap@arm.com \
--cc=Dave.Martin@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=kristina.martsenko@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=ramana.radhakrishnan@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.