From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89B71C433DF for ; Wed, 14 Oct 2020 09:55:38 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0B22F20757 for ; Wed, 14 Oct 2020 09:55:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jvydUpdr" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0B22F20757 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ALoU/sD98mCPIAOSAIe+xqBElEMSu5p36Ldl/RxcM8k=; b=jvydUpdrHznRN7EV6PvAcHnlE c7E+WbCzZ2Z1YE3dp/NJk4SJ8KIsCB3vMUyZPhZUuptO/efgkz8ToNsOqBHIG9Jrso+D47vrRSh7U FVywvhQht8GrZs8tUnJOdtvZbOQNRtS07DbQvHsjb4knXhSi+gr8yJaQ0I9rWEFwfYp24LcVHevD5 PKGn3OryNH5RNZ4ATMlVZzckuaIhphLtjG7D0XFSD+4N6lqBDYc1pmEMTt5jxbIxlluzRMCE4VYwJ jt6/ZsvY9+prPngsLeIZaM88F7LJHK8ULCUwSGaE90SGw9TbCobgB47eJ/czqwIKzLka+VuTAp4Qp 3I6GiaQNA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSdU2-0000p3-7b; Wed, 14 Oct 2020 09:54:10 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kSdTy-0000of-Is for linux-arm-kernel@lists.infradead.org; Wed, 14 Oct 2020 09:54:07 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1961A30E; Wed, 14 Oct 2020 02:54:03 -0700 (PDT) Received: from arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 307F73F73C; Wed, 14 Oct 2020 02:54:02 -0700 (PDT) Date: Wed, 14 Oct 2020 10:53:59 +0100 From: Dave Martin To: Peter Collingbourne Subject: Re: [PATCH] arm64: reject prctl(PR_PAC_RESET_KEYS) on compat tasks Message-ID: <20201014095356.GK32292@arm.com> References: <20201014052430.11630-1-pcc@google.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201014052430.11630-1-pcc@google.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201014_055406_667821_E1EBE8C7 X-CRM114-Status: GOOD ( 25.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , Vincenzo Frascino , Will Deacon , Linux ARM , Kristina Martsenko Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Wed, Oct 14, 2020 at 06:24:30AM +0100, Peter Collingbourne wrote: > It doesn't make sense to issue prctl(PR_PAC_RESET_KEYS) on a > compat task because the 32-bit instruction set does not offer PAuth > instructions. For consistency with other 64-bit only prctls such as > {SET,GET}_TAGGED_ADDR_CTRL, reject the prctl on compat tasks. > > Although this is a userspace-visible change, maybe it isn't too late > to make this change given that the hardware isn't available yet and > it's very unlikely that anyone has 32-bit software that actually > depends on this succeeding. > > Link: https://linux-review.googlesource.com/id/Ie885a1ff84ab498cc9f62d6451e9f2cfd4b1d06a > Signed-off-by: Peter Collingbourne This does seem an anomaly, but it's not an isolated case. I suspect that some other prctls are also missing a compat check -- PR_SVE_SET_VL doesn't have it, for example. So, I'm not sure it's worth fixing this one case in isolation. Fixing all affected cases may have greater risk, and it won't stay fixed, since the compat check will likely often get forgotten when a new prctl is added. So, is this anomaly in any way harmful? Can the code be refactored in such a way as to make it hard to forget the check in future? Cheers ---Dave > --- > arch/arm64/kernel/pointer_auth.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/arm64/kernel/pointer_auth.c b/arch/arm64/kernel/pointer_auth.c > index 1e77736a4f66..245c3ee97ed8 100644 > --- a/arch/arm64/kernel/pointer_auth.c > +++ b/arch/arm64/kernel/pointer_auth.c > @@ -1,5 +1,6 @@ > // SPDX-License-Identifier: GPL-2.0 > > +#include > #include > #include > #include > @@ -17,6 +18,9 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) > if (!system_supports_address_auth() && !system_supports_generic_auth()) > return -EINVAL; > > + if (is_compat_task()) > + return -EINVAL; > + > if (!arg) { > ptrauth_keys_init_user(keys); > return 0; > -- > 2.28.0.1011.ga647a8990f-goog > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel