lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210520160035.GP17233@C02TD0UTHF1T.local>
Date:   Thu, 20 May 2021 17:00:35 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Derrick McKee <derrick.mckee@...il.com>
Cc:     Nathan.Burow@...mit.edu, Yianni Giannaris <yiannig@....edu>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Ensure kernel AI key is not changed on fork

On Thu, May 20, 2021 at 11:18:54AM -0400, Derrick McKee wrote:
> The kernel uses the IA key for PAC signing, 
> and this key should remain unchanged from the kernel point of view.
> This patch ensures that the IA key remains constant on fork, 
> if it has been previously set.
> The software is provided on an as-is basis.
> 
> Signed-off-by: Derrick McKee <derrick.mckee@...il.com>
> Signed-off-by: Yianni Giannaris <yiannig@....edu>

On the kernel side, we use a unique IA key per kernel thread, and while
this must remain the same *for that kernel thread*, the kernel IA key
should differ across kernel threads when a fork() occurs.

I think you're trying to use the keys in a different way than upstream
intends to, and we do not need this change as-is.

So NAK to this patch as it stands.

Thanks,
Mark.

> ---
>  arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
> index d50416be99be..9748413e72fd 100644
> --- a/arch/arm64/include/asm/pointer_auth.h
> +++ b/arch/arm64/include/asm/pointer_auth.h
> @@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
>  	ptrauth_keys_install_user(keys);
>  }
>  
> -static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
> +static __always_inline void
> +ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
>  {
> -	if (system_supports_address_auth())
> -		get_random_bytes(&keys->apia, sizeof(keys->apia));
> +	if (keys->apia.lo == 0 && keys->apia.hi == 0) {
> +		if (system_supports_address_auth())
> +			get_random_bytes(&keys->apia, sizeof(keys->apia));
> +	}
>  }
>  
>  static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
> -- 
> 2.31.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ