From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1BD5C12002 for ; Fri, 16 Jul 2021 18:39:10 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AE020613F1 for ; Fri, 16 Jul 2021 18:39:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AE020613F1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date: Message-ID:From:References:Cc:To:Subject:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8AJXoD5Bre4mJhHwFJFKurex/cgj8h/MjdFjnbA8818=; b=gNdG3TiHgpdzicqSwhVOFMSO89 uTKjJHdRYt8cjWFSs1NwZNJ3KAa1YD3XcDA3mCng4FkhS9u8Nvr5cH+fW87x4KUUpilQT4LD4Oi+5 d8ZYgp6JF/A9brgRS6r1QclRIUxKiEOHYKwY6xdDoGKW5ekm7/+/NSKKZa2BmLWmg8shPMuOQV53A h9o3FgnkbyuQDmY48PVjXyiRjQLXvf51bSuVayZ37TiJ93EvM8mCMi8v7LHdSGhm5eXbDQeBfANIs DrrHLuUJnunm+QxkJ1NxOpxB90tgSVoovqR/3eEVRtdWWnddmKFieFvDHIlumcNlSAWelKWT2sl1d OS5eYXEA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m4Si3-0054ie-Rs; Fri, 16 Jul 2021 18:37:16 +0000 Received: from mail-pj1-x1029.google.com ([2607:f8b0:4864:20::1029]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m4Shz-0054i5-RK for linux-arm-kernel@lists.infradead.org; Fri, 16 Jul 2021 18:37:13 +0000 Received: by mail-pj1-x1029.google.com with SMTP id me13-20020a17090b17cdb0290173bac8b9c9so9345120pjb.3 for ; Fri, 16 Jul 2021 11:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=GM7T6ace97MnRYKBfx/rcZMkps5OWUmzR0Om+WtBfqQ=; b=B0O23RT0p4OQWoDg77HHNT/4hr695yj7EwLTLAn6/7ysFBgYd7bNa8UOEOhnpV20at WEnJr08PtXw+39si2Pp/9juSDR4ygNJ/Xqx5kZiDlg3Ctsvly4DZvp6wSx57xm684JN8 LOhN86m0PPETS0pBu1YgYNfrNOiZMeqp44eX+VFJ9PD7yYzpiEcqPBFL28hJf4rK3gGC oIdOjQhOj01qA+1dwXP99JQuaJFvIGzP+GgU0R3lNe4AzzBDeCmUPXJ4PBpkJn4e7KHL buMlfgXEUMoFm+YrBJvyUW8ZyC+UTEEfA+lC6irbvyrxgAkH3kdV/rSJGV9v4gBJW/2I IlFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=GM7T6ace97MnRYKBfx/rcZMkps5OWUmzR0Om+WtBfqQ=; b=q8owWplg1oHEHG92Ws6H+0o4E47i4kHjRuQB2AGPuZdpnDciD6MDLoUhdofNsICFoH GZQr40TBMfQi5zJF9dn6KhRbEb0rR3Bjfl26rKaA2fIOzYV/TALcoNjsd3TrzH6Ix49D DdKGXoMKF1cUi1TsS7du1Vwx/smUFHTi2A5/Vek3Dd3Q6wE8DRgMSDWcONjuT/OEiuS2 y6jQoz/cy/dN2LPSIgbqJ/1iNOXwiIjvB/eMoTIf+nHru8JJXBJ8d2JIMWd8JeCtB2rg mJ0Lb3SzgHgsxdlAWAL9rvoOm7bb65g6pNGtUYepYgVLWr8FXN7ihSwLFAl+ceu/Ae3O VFgw== X-Gm-Message-State: AOAM5304MAcAyMWzhe2TEzl9u+7Q0PRsAS8M+G2ivPkkc3ZzdGiPINie CVInHcUlhIUCNrlfjHqxIy/DAjgSzKlhif6c X-Google-Smtp-Source: ABdhPJwCWVo3sD4MSYfWdeGbcc5K1V3OSXD/J1aMfb8uEGzQcGGvp3KSvdrbnQP/I3uoohHoyMwFmA== X-Received: by 2002:a17:902:7085:b029:114:eb3f:fe29 with SMTP id z5-20020a1709027085b0290114eb3ffe29mr8877955plk.40.1626460630083; Fri, 16 Jul 2021 11:37:10 -0700 (PDT) Received: from [0.0.0.0] ([2604:a880:1:20::1f:7001]) by smtp.gmail.com with ESMTPSA id k16sm10338409pfu.83.2021.07.16.11.37.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 16 Jul 2021 11:37:09 -0700 (PDT) Subject: Re: [PATCH] ARM64: Provide the ARM64_TBI option To: Peter Collingbourne , Robin Murphy Cc: Will Deacon , Yuan Li , Catalin Marinas , Linux ARM References: <20210714180640.22229-1-lydorazoe@gmail.com> <854a541f-0156-2465-b640-47c0d065f87f@arm.com> <20210715161124.GA1330@willie-the-truck> From: twd2 Message-ID: <7bfced24-3319-9008-bee4-d2d4f47dd261@gmail.com> Date: Sat, 17 Jul 2021 02:37:05 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210716_113711_943103_2BA3C6E4 X-CRM114-Status: GOOD ( 20.51 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org MTE is indeed strong mitigation, but I'm curious that when will commercial chips featuring MTE be carried out :) Or we would have to depend on other mitigations like PAC for a while. Thanks. Wende On 2021/7/17 0:14, Peter Collingbourne wrote: > On Fri, Jul 16, 2021 at 1:09 AM Robin Murphy wrote: >> On 2021-07-15 17:11, Will Deacon wrote: >>> On Wed, Jul 14, 2021 at 07:43:03PM +0100, Robin Murphy wrote: >>>> On 2021-07-14 19:06, Yuan Li wrote: >>>>> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI >>>>> on by default, but, it does not provide any option to turn the feature off. >>>>> >>>>> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is >>>>> turned off, the PA will be able to use the top byte, resulting longer pointer >>>>> authentication codes, which is more secure. >>>>> >>>>> This patch changes the default support for the TBI to an option that can be >>>>> turned off. >>>> This would have to be something that processes explicitly opt in to. See >>>> Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will* >>>> break existing userspace software. >>> Maybe the patch from Peter: >>> >>> https://lore.kernel.org/r/20210622051204.3682580-1-pcc@google.com >>> >>> is a better starting point? >> Yeah, a command-line opt-in is certainly a more reasonable approach. >> However it still seems to me that it would make most sense as a >> per-process thing like the tagged address syscall ABI, since it's of no >> automatic benefit to existing software built without pointer auth, and >> AFAICS it's really up to individual programs whether they care more >> about stronger signing than tagged pointers. It was bad enough when we >> changed the VA_BITS default to 48 and discovered just how many things >> were using the Mozilla JIT, so I'm not sure I relish the thought of >> going through the same process with TBI0 ;) >> >> >> Come to think of it I guess any option should probably disable the >> tagged address syscall ABI, as that doesn't make much sense without >> TBI0. Are we likely to want a signed pointer syscall ABI as well? >> >> Robin. > Bear in mind that disabling TBI0 disables the ability to use MTE. At > least from our perspective, MTE is considered a more valuable > mitigation than PAC. That's why we're only intending to disable TBI > for code pointers, not for data pointers (via TBID0). > > As Catalin wrote in [1], having this be a per-process option would be > more expensive, and may even be infeasible with the current > architecture. That's why we decided to go with a command line option. > > Peter > > [1] https://lore.kernel.org/linux-arm-kernel/20201124184742.GC42276@C02TF0J2HF1T.local/ _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel