From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34059C5519F for ; Wed, 18 Nov 2020 12:34:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C638D2145D for ; Wed, 18 Nov 2020 12:34:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726731AbgKRMdm (ORCPT ); Wed, 18 Nov 2020 07:33:42 -0500 Received: from mail.kernel.org ([198.145.29.99]:47748 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726181AbgKRMdm (ORCPT ); Wed, 18 Nov 2020 07:33:42 -0500 Received: from trantor (unknown [2.26.170.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 09AE6238E6; Wed, 18 Nov 2020 12:33:38 +0000 (UTC) Date: Wed, 18 Nov 2020 12:33:36 +0000 From: Catalin Marinas To: Szabolcs Nagy Cc: Peter Collingbourne , Florian Weimer , libc-alpha@sourceware.org, Kevin Brodsky , Linux API , Kostya Serebryany , Evgenii Stepanov , Andrey Konovalov , Vincenzo Frascino , Will Deacon , Dave Martin , Linux ARM Subject: Re: [PATCH v2] arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS) Message-ID: References: <20201014055106.25164-1-pcc@google.com> <87blfv6fj3.fsf@mid.deneb.enyo.de> <20201117183911.GI15033@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201117183911.GI15033@arm.com> Precedence: bulk List-ID: X-Mailing-List: linux-api@vger.kernel.org On Tue, Nov 17, 2020 at 06:39:13PM +0000, Szabolcs Nagy wrote: > The 11/17/2020 10:17, Peter Collingbourne via Libc-alpha wrote: > > On Tue, Nov 17, 2020 at 9:48 AM Florian Weimer wrote: > > > > > > * Peter Collingbourne: > > > > > > > This prctl allows the user program to control which PAC keys are enabled > > > > in a particular task. The main reason why this is useful is to enable a > > > > userspace ABI that uses PAC to sign and authenticate function pointers > > > > and other pointers exposed outside of the function, while still allowing > > > > binaries conforming to the ABI to interoperate with legacy binaries that > > > > do not sign or authenticate pointers. > > > > > > > > The idea is that a dynamic loader or early startup code would issue > > > > this prctl very early after establishing that a process may load legacy > > > > binaries, but before executing any PAC instructions. > > > > > > I thought that the silicon did not support this? I think the past discussion we had was around enabling PAC for kernel while disabling it for user. The hardware doesn't give us separate bits, so Peter's patch toggles them on kernel entry/return, with some overhead given by the MSR+ISB (to be added). > > See e.g. the documentation for SCTLR_EL1.EnIA [1] for details. There > > are also enable bits for the other three keys. > > i think it was insufficiently clear in the architecture > spec how that can be context switched. (but it probably > changed) The bits that we can't toggle easily have the comment "This field is permitted to be cached in the TLB" in the ARM ARM. Luckily, it's not the case for EnI*. -- Catalin