| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Apr 2018 11:27:03 +0100
From: Mark Rutland <mark.rutland@....com>
To: Catalin Marinas <catalin.marinas@....com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-arch@...r.kernel.org,
drjones@...hat.com, cdall@...nel.org, arnd@...db.de,
suzuki.poulose@....com, marc.zyngier@....com,
awallis@...eaurora.org, kernel-hardening@...ts.openwall.com,
will.deacon@....com, linux-kernel@...r.kernel.org,
ramana.radhakrishnan@....com, kvmarm@...ts.cs.columbia.edu
Subject: Re: [PATCHv3 07/11] arm64: add basic pointer authentication support
On Wed, Apr 25, 2018 at 12:23:32PM +0100, Catalin Marinas wrote:
> Hi Mark,
>
> On Tue, Apr 17, 2018 at 07:37:31PM +0100, Mark Rutland wrote:
> > diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h
> > index 39ec0b8a689e..caf0d3010112 100644
> > --- a/arch/arm64/include/asm/mmu_context.h
> > +++ b/arch/arm64/include/asm/mmu_context.h
> > @@ -29,7 +29,6 @@
> > #include <asm/cacheflush.h>
> > #include <asm/cpufeature.h>
> > #include <asm/proc-fns.h>
> > -#include <asm-generic/mm_hooks.h>
> > #include <asm/cputype.h>
> > #include <asm/pgtable.h>
> > #include <asm/sysreg.h>
> > @@ -168,7 +167,14 @@ static inline void cpu_replace_ttbr1(pgd_t *pgdp)
> > #define destroy_context(mm) do { } while(0)
> > void check_and_switch_context(struct mm_struct *mm, unsigned int cpu);
> >
> > -#define init_new_context(tsk,mm) ({ atomic64_set(&(mm)->context.id, 0); 0; })
> > +static inline int init_new_context(struct task_struct *tsk,
> > + struct mm_struct *mm)
> > +{
> > + atomic64_set(&mm->context.id, 0);
> > + mm_ctx_ptrauth_init(&mm->context);
> > +
> > + return 0;
> > +}
> >
> > #ifdef CONFIG_ARM64_SW_TTBR0_PAN
> > static inline void update_saved_ttbr0(struct task_struct *tsk,
> > @@ -216,6 +222,8 @@ static inline void __switch_mm(struct mm_struct *next)
> > return;
> > }
> >
> > + mm_ctx_ptrauth_switch(&next->context);
> > +
> > check_and_switch_context(next, cpu);
> > }
> >
> > @@ -241,6 +249,19 @@ switch_mm(struct mm_struct *prev, struct mm_struct *next,
> > void verify_cpu_asid_bits(void);
> > void post_ttbr_update_workaround(void);
> >
> > +static inline void arch_dup_mmap(struct mm_struct *oldmm,
> > + struct mm_struct *mm)
> > +{
> > + mm_ctx_ptrauth_dup(&oldmm->context, &mm->context);
> > +}
> > +#define arch_dup_mmap arch_dup_mmap
>
> IIUC, we could skip the arch_dup_mmap() and init_new_context() here for
> the fork() case since the ptrauth_keys would be copied as part of the
> dup_mm().
If we can hook into the exec*() path to init the keys, then I agree we
can do this...
> There is another situation where init_new_context() is called
> bprm_mm_init() -> mm_alloc() -> mm_init() -> init_new_context().
> However, in this case the core code also calls arch_bprm_mm_init(). So I
> think we only need to update the latter to get a new random key.
... and this seems to be the right place to do it, so I'll have a go.
> > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
> > new file mode 100644
> > index 000000000000..a2e8fb91fdee
> > --- /dev/null
> > +++ b/arch/arm64/include/asm/pointer_auth.h
> > @@ -0,0 +1,89 @@
> > +/*
> > + * Copyright (C) 2016 ARM Ltd.
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License version 2 as
> > + * published by the Free Software Foundation.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> > + */
>
> Nitpick: 2018. You could also use the SPDX header, save some lines.
Sure, I'll replace this with a SPDX GPL-2.0 line.
Thanks,
Mark.
Powered by blists - more mailing lists