Re: [PATCH] arm64: Introduce sysctl to disable pointer authentication

From: Steve Capper <steve.capper@arm.com>
To: Will Deacon <will@kernel.org>
Cc: mark.rutland@arm.com, catalin.marinas@arm.com, nd@arm.com,
	jeremy.linton@arm.com, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] arm64: Introduce sysctl to disable pointer authentication
Date: Wed, 8 Jul 2020 14:46:52 +0100	[thread overview]
Message-ID: <20200708134650.GA27102@capper-ampere.manchester.arm.com> (raw)
In-Reply-To: <20200708073621.GA25261@willie-the-truck>

Hi Will,

On Wed, Jul 08, 2020 at 08:36:21AM +0100, Will Deacon wrote:
> On Tue, Jul 07, 2020 at 06:32:32PM +0100, Steve Capper wrote:
> > Pointer authentication is a mandatory feature in the Armv8.3
> > architecture that provides protection against return oriented
> > programming attacks. (meaning that all Arm CPUs targetting at least
> > Armv8.3 will have this feature).
> > 
> > Once CONFIG_ARM64_PTR_AUTH=y, any systems with the hardware support for
> > pointer authentication will automatically have it enabled by the kernel.
> > 
> > There are, however, situations where end users may want to disable
> > pointer authentication. One could be tracking down/working around a bug
> > in userspace relating to pointer auth. Also, one may wish to quantify
> > the performance overhead of pointer auth by running a workload
> > with/without it.
> 
> If you're debugging userspace, just recompile your userspace application
> without ptr auth, in the same way that you might recompile with -g.
> 
> The performance argument sucks; this stuff needs to be fast otherwise it's
> pointless. If you really need that last bit of speed, try Gentoo ;)

I've tried Gentoo, and I liked it :-).

Apologies, I could have done a better job with the commit log...

I am trying to enable pointer authentication in distros. One concern I have
is that a pointer auth bug could slip through the cracks (with a lot of
hardware not yet supporting pointer auth), and then affect an end user.

Also, I have had interest from distros in the performance cost of pointer
auth, and there will very likely be folk switching it off/on again in
order to perform tests.

One approach to deploying this could be to have pointer auth disabled in
the kernel completely (via kconfig) and interested parties could then
switch kernels. Trouble with this is that distros ship single binaries so
it would be up to the end user to build/install another kernel + modules.
So this could be a barrier to adoption.

Having a mechanism in the kernel that an end user can employ to activate/
de-activate pointer auth would help with deployment greatly, and that is
what I was trying to achieve with this patch.

Another way to approach this could be via a kernel command line that
completely disables pointer auth? (i.e. kernel not activating pointer auth
at all, and userspace not seeing the feature)

Cheers,
-- 
Steve

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel