| Message ID | 1571300065-10236-7-git-send-email-amit.kachhap@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: return address signing | expand |
On Thu, Oct 17, 2019 at 01:44:20PM +0530, Amit Daniel Kachhap wrote: > From: Kristina Martsenko <kristina.martsenko@arm.com> > > We currently enable ptrauth for userspace, but do not use it within the > kernel. We're going to enable it for the kernel, and will need to manage > a separate set of ptrauth keys for the kernel. > > We currently keep all 5 keys in struct ptrauth_keys. However, as the > kernel will only need to use 1 key, it is a bit wasteful to allocate a > whole ptrauth_keys struct for every thread. > > Therefore, a subsequent patch will define a separate struct, with only 1 > key, for the kernel. In preparation for that, rename the existing struct > (and associated macros and functions) to reflect that they are specific > to userspace. > > Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com> This appears very mechanical; easy to review! ;) Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com> > --- > Changes since RFC v2: > - New patch in this version, to optimize struct usage [Dave] > > arch/arm64/include/asm/asm_pointer_auth.h | 10 +++++----- > arch/arm64/include/asm/pointer_auth.h | 6 +++--- > arch/arm64/include/asm/processor.h | 2 +- > arch/arm64/kernel/asm-offsets.c | 10 +++++----- > arch/arm64/kernel/pointer_auth.c | 4 ++-- > arch/arm64/kernel/ptrace.c | 16 ++++++++-------- > 6 files changed, 24 insertions(+), 24 deletions(-) > > diff --git a/arch/arm64/include/asm/asm_pointer_auth.h b/arch/arm64/include/asm/asm_pointer_auth.h > index cb21a06..3d39788 100644 > --- a/arch/arm64/include/asm/asm_pointer_auth.h > +++ b/arch/arm64/include/asm/asm_pointer_auth.h > @@ -15,21 +15,21 @@ > alternative_if_not ARM64_HAS_ADDRESS_AUTH > b .Laddr_auth_skip_\@ > alternative_else_nop_endif > - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIA] > + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIA] > msr_s SYS_APIAKEYLO_EL1, \tmp2 > msr_s SYS_APIAKEYHI_EL1, \tmp3 > - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIB] > + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIB] > msr_s SYS_APIBKEYLO_EL1, \tmp2 > msr_s SYS_APIBKEYHI_EL1, \tmp3 > - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDA] > + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDA] > msr_s SYS_APDAKEYLO_EL1, \tmp2 > msr_s SYS_APDAKEYHI_EL1, \tmp3 > - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDB] > + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDB] > msr_s SYS_APDBKEYLO_EL1, \tmp2 > msr_s SYS_APDBKEYHI_EL1, \tmp3 > .Laddr_auth_skip_\@: > alternative_if ARM64_HAS_GENERIC_AUTH > - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APGA] > + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APGA] > msr_s SYS_APGAKEYLO_EL1, \tmp2 > msr_s SYS_APGAKEYHI_EL1, \tmp3 > alternative_else_nop_endif > diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h > index 21c2115..cc42145 100644 > --- a/arch/arm64/include/asm/pointer_auth.h > +++ b/arch/arm64/include/asm/pointer_auth.h > @@ -22,7 +22,7 @@ struct ptrauth_key { > * We give each process its own keys, which are shared by all threads. The keys > * are inherited upon fork(), and reinitialised upon exec*(). > */ > -struct ptrauth_keys { > +struct ptrauth_keys_user { > struct ptrauth_key apia; > struct ptrauth_key apib; > struct ptrauth_key apda; > @@ -30,7 +30,7 @@ struct ptrauth_keys { > struct ptrauth_key apga; > }; > > -static inline void ptrauth_keys_init(struct ptrauth_keys *keys) > +static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) > { > if (system_supports_address_auth()) { > get_random_bytes(&keys->apia, sizeof(keys->apia)); > @@ -58,7 +58,7 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) > } > > #define ptrauth_thread_init_user(tsk) \ > - ptrauth_keys_init(&(tsk)->thread.keys_user) > + ptrauth_keys_init_user(&(tsk)->thread.keys_user) > > #else /* CONFIG_ARM64_PTR_AUTH */ > #define ptrauth_prctl_reset_keys(tsk, arg) (-EINVAL) > diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h > index 5623685..8ec792d 100644 > --- a/arch/arm64/include/asm/processor.h > +++ b/arch/arm64/include/asm/processor.h > @@ -144,7 +144,7 @@ struct thread_struct { > unsigned long fault_code; /* ESR_EL1 value */ > struct debug_info debug; /* debugging */ > #ifdef CONFIG_ARM64_PTR_AUTH > - struct ptrauth_keys keys_user; > + struct ptrauth_keys_user keys_user; > #endif > }; > > diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c > index ef0c24b..cf15182 100644 > --- a/arch/arm64/kernel/asm-offsets.c > +++ b/arch/arm64/kernel/asm-offsets.c > @@ -131,11 +131,11 @@ int main(void) > DEFINE(SDEI_EVENT_PRIORITY, offsetof(struct sdei_registered_event, priority)); > #endif > #ifdef CONFIG_ARM64_PTR_AUTH > - DEFINE(PTRAUTH_KEY_APIA, offsetof(struct ptrauth_keys, apia)); > - DEFINE(PTRAUTH_KEY_APIB, offsetof(struct ptrauth_keys, apib)); > - DEFINE(PTRAUTH_KEY_APDA, offsetof(struct ptrauth_keys, apda)); > - DEFINE(PTRAUTH_KEY_APDB, offsetof(struct ptrauth_keys, apdb)); > - DEFINE(PTRAUTH_KEY_APGA, offsetof(struct ptrauth_keys, apga)); > + DEFINE(PTRAUTH_USER_KEY_APIA, offsetof(struct ptrauth_keys_user, apia)); > + DEFINE(PTRAUTH_USER_KEY_APIB, offsetof(struct ptrauth_keys_user, apib)); > + DEFINE(PTRAUTH_USER_KEY_APDA, offsetof(struct ptrauth_keys_user, apda)); > + DEFINE(PTRAUTH_USER_KEY_APDB, offsetof(struct ptrauth_keys_user, apdb)); > + DEFINE(PTRAUTH_USER_KEY_APGA, offsetof(struct ptrauth_keys_user, apga)); > BLANK(); > #endif > return 0; > diff --git a/arch/arm64/kernel/pointer_auth.c b/arch/arm64/kernel/pointer_auth.c > index 95985be..1e77736 100644 > --- a/arch/arm64/kernel/pointer_auth.c > +++ b/arch/arm64/kernel/pointer_auth.c > @@ -9,7 +9,7 @@ > > int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) > { > - struct ptrauth_keys *keys = &tsk->thread.keys_user; > + struct ptrauth_keys_user *keys = &tsk->thread.keys_user; > unsigned long addr_key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY | > PR_PAC_APDAKEY | PR_PAC_APDBKEY; > unsigned long key_mask = addr_key_mask | PR_PAC_APGAKEY; > @@ -18,7 +18,7 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) > return -EINVAL; > > if (!arg) { > - ptrauth_keys_init(keys); > + ptrauth_keys_init_user(keys); > return 0; > } > > diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c > index 21176d0..0793739 100644 > --- a/arch/arm64/kernel/ptrace.c > +++ b/arch/arm64/kernel/ptrace.c > @@ -986,7 +986,7 @@ static struct ptrauth_key pac_key_from_user(__uint128_t ukey) > } > > static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, > - const struct ptrauth_keys *keys) > + const struct ptrauth_keys_user *keys) > { > ukeys->apiakey = pac_key_to_user(&keys->apia); > ukeys->apibkey = pac_key_to_user(&keys->apib); > @@ -994,7 +994,7 @@ static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, > ukeys->apdbkey = pac_key_to_user(&keys->apdb); > } > > -static void pac_address_keys_from_user(struct ptrauth_keys *keys, > +static void pac_address_keys_from_user(struct ptrauth_keys_user *keys, > const struct user_pac_address_keys *ukeys) > { > keys->apia = pac_key_from_user(ukeys->apiakey); > @@ -1008,7 +1008,7 @@ static int pac_address_keys_get(struct task_struct *target, > unsigned int pos, unsigned int count, > void *kbuf, void __user *ubuf) > { > - struct ptrauth_keys *keys = &target->thread.keys_user; > + struct ptrauth_keys_user *keys = &target->thread.keys_user; > struct user_pac_address_keys user_keys; > > if (!system_supports_address_auth()) > @@ -1025,7 +1025,7 @@ static int pac_address_keys_set(struct task_struct *target, > unsigned int pos, unsigned int count, > const void *kbuf, const void __user *ubuf) > { > - struct ptrauth_keys *keys = &target->thread.keys_user; > + struct ptrauth_keys_user *keys = &target->thread.keys_user; > struct user_pac_address_keys user_keys; > int ret; > > @@ -1043,12 +1043,12 @@ static int pac_address_keys_set(struct task_struct *target, > } > > static void pac_generic_keys_to_user(struct user_pac_generic_keys *ukeys, > - const struct ptrauth_keys *keys) > + const struct ptrauth_keys_user *keys) > { > ukeys->apgakey = pac_key_to_user(&keys->apga); > } > > -static void pac_generic_keys_from_user(struct ptrauth_keys *keys, > +static void pac_generic_keys_from_user(struct ptrauth_keys_user *keys, > const struct user_pac_generic_keys *ukeys) > { > keys->apga = pac_key_from_user(ukeys->apgakey); > @@ -1059,7 +1059,7 @@ static int pac_generic_keys_get(struct task_struct *target, > unsigned int pos, unsigned int count, > void *kbuf, void __user *ubuf) > { > - struct ptrauth_keys *keys = &target->thread.keys_user; > + struct ptrauth_keys_user *keys = &target->thread.keys_user; > struct user_pac_generic_keys user_keys; > > if (!system_supports_generic_auth()) > @@ -1076,7 +1076,7 @@ static int pac_generic_keys_set(struct task_struct *target, > unsigned int pos, unsigned int count, > const void *kbuf, const void __user *ubuf) > { > - struct ptrauth_keys *keys = &target->thread.keys_user; > + struct ptrauth_keys_user *keys = &target->thread.keys_user; > struct user_pac_generic_keys user_keys; > int ret; > > -- > 2.7.4 >
diff --git a/arch/arm64/include/asm/asm_pointer_auth.h b/arch/arm64/include/asm/asm_pointer_auth.h index cb21a06..3d39788 100644 --- a/arch/arm64/include/asm/asm_pointer_auth.h +++ b/arch/arm64/include/asm/asm_pointer_auth.h @@ -15,21 +15,21 @@ alternative_if_not ARM64_HAS_ADDRESS_AUTH b .Laddr_auth_skip_\@ alternative_else_nop_endif - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIA] + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIA] msr_s SYS_APIAKEYLO_EL1, \tmp2 msr_s SYS_APIAKEYHI_EL1, \tmp3 - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APIB] + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIB] msr_s SYS_APIBKEYLO_EL1, \tmp2 msr_s SYS_APIBKEYHI_EL1, \tmp3 - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDA] + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDA] msr_s SYS_APDAKEYLO_EL1, \tmp2 msr_s SYS_APDAKEYHI_EL1, \tmp3 - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APDB] + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDB] msr_s SYS_APDBKEYLO_EL1, \tmp2 msr_s SYS_APDBKEYHI_EL1, \tmp3 .Laddr_auth_skip_\@: alternative_if ARM64_HAS_GENERIC_AUTH - ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_KEY_APGA] + ldp \tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APGA] msr_s SYS_APGAKEYLO_EL1, \tmp2 msr_s SYS_APGAKEYHI_EL1, \tmp3 alternative_else_nop_endif diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 21c2115..cc42145 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -22,7 +22,7 @@ struct ptrauth_key { * We give each process its own keys, which are shared by all threads. The keys * are inherited upon fork(), and reinitialised upon exec*(). */ -struct ptrauth_keys { +struct ptrauth_keys_user { struct ptrauth_key apia; struct ptrauth_key apib; struct ptrauth_key apda; @@ -30,7 +30,7 @@ struct ptrauth_keys { struct ptrauth_key apga; }; -static inline void ptrauth_keys_init(struct ptrauth_keys *keys) +static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys) { if (system_supports_address_auth()) { get_random_bytes(&keys->apia, sizeof(keys->apia)); @@ -58,7 +58,7 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) } #define ptrauth_thread_init_user(tsk) \ - ptrauth_keys_init(&(tsk)->thread.keys_user) + ptrauth_keys_init_user(&(tsk)->thread.keys_user) #else /* CONFIG_ARM64_PTR_AUTH */ #define ptrauth_prctl_reset_keys(tsk, arg) (-EINVAL) diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 5623685..8ec792d 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -144,7 +144,7 @@ struct thread_struct { unsigned long fault_code; /* ESR_EL1 value */ struct debug_info debug; /* debugging */ #ifdef CONFIG_ARM64_PTR_AUTH - struct ptrauth_keys keys_user; + struct ptrauth_keys_user keys_user; #endif }; diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index ef0c24b..cf15182 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -131,11 +131,11 @@ int main(void) DEFINE(SDEI_EVENT_PRIORITY, offsetof(struct sdei_registered_event, priority)); #endif #ifdef CONFIG_ARM64_PTR_AUTH - DEFINE(PTRAUTH_KEY_APIA, offsetof(struct ptrauth_keys, apia)); - DEFINE(PTRAUTH_KEY_APIB, offsetof(struct ptrauth_keys, apib)); - DEFINE(PTRAUTH_KEY_APDA, offsetof(struct ptrauth_keys, apda)); - DEFINE(PTRAUTH_KEY_APDB, offsetof(struct ptrauth_keys, apdb)); - DEFINE(PTRAUTH_KEY_APGA, offsetof(struct ptrauth_keys, apga)); + DEFINE(PTRAUTH_USER_KEY_APIA, offsetof(struct ptrauth_keys_user, apia)); + DEFINE(PTRAUTH_USER_KEY_APIB, offsetof(struct ptrauth_keys_user, apib)); + DEFINE(PTRAUTH_USER_KEY_APDA, offsetof(struct ptrauth_keys_user, apda)); + DEFINE(PTRAUTH_USER_KEY_APDB, offsetof(struct ptrauth_keys_user, apdb)); + DEFINE(PTRAUTH_USER_KEY_APGA, offsetof(struct ptrauth_keys_user, apga)); BLANK(); #endif return 0; diff --git a/arch/arm64/kernel/pointer_auth.c b/arch/arm64/kernel/pointer_auth.c index 95985be..1e77736 100644 --- a/arch/arm64/kernel/pointer_auth.c +++ b/arch/arm64/kernel/pointer_auth.c @@ -9,7 +9,7 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) { - struct ptrauth_keys *keys = &tsk->thread.keys_user; + struct ptrauth_keys_user *keys = &tsk->thread.keys_user; unsigned long addr_key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY; unsigned long key_mask = addr_key_mask | PR_PAC_APGAKEY; @@ -18,7 +18,7 @@ int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) return -EINVAL; if (!arg) { - ptrauth_keys_init(keys); + ptrauth_keys_init_user(keys); return 0; } diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 21176d0..0793739 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -986,7 +986,7 @@ static struct ptrauth_key pac_key_from_user(__uint128_t ukey) } static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, - const struct ptrauth_keys *keys) + const struct ptrauth_keys_user *keys) { ukeys->apiakey = pac_key_to_user(&keys->apia); ukeys->apibkey = pac_key_to_user(&keys->apib); @@ -994,7 +994,7 @@ static void pac_address_keys_to_user(struct user_pac_address_keys *ukeys, ukeys->apdbkey = pac_key_to_user(&keys->apdb); } -static void pac_address_keys_from_user(struct ptrauth_keys *keys, +static void pac_address_keys_from_user(struct ptrauth_keys_user *keys, const struct user_pac_address_keys *ukeys) { keys->apia = pac_key_from_user(ukeys->apiakey); @@ -1008,7 +1008,7 @@ static int pac_address_keys_get(struct task_struct *target, unsigned int pos, unsigned int count, void *kbuf, void __user *ubuf) { - struct ptrauth_keys *keys = &target->thread.keys_user; + struct ptrauth_keys_user *keys = &target->thread.keys_user; struct user_pac_address_keys user_keys; if (!system_supports_address_auth()) @@ -1025,7 +1025,7 @@ static int pac_address_keys_set(struct task_struct *target, unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { - struct ptrauth_keys *keys = &target->thread.keys_user; + struct ptrauth_keys_user *keys = &target->thread.keys_user; struct user_pac_address_keys user_keys; int ret; @@ -1043,12 +1043,12 @@ static int pac_address_keys_set(struct task_struct *target, } static void pac_generic_keys_to_user(struct user_pac_generic_keys *ukeys, - const struct ptrauth_keys *keys) + const struct ptrauth_keys_user *keys) { ukeys->apgakey = pac_key_to_user(&keys->apga); } -static void pac_generic_keys_from_user(struct ptrauth_keys *keys, +static void pac_generic_keys_from_user(struct ptrauth_keys_user *keys, const struct user_pac_generic_keys *ukeys) { keys->apga = pac_key_from_user(ukeys->apgakey); @@ -1059,7 +1059,7 @@ static int pac_generic_keys_get(struct task_struct *target, unsigned int pos, unsigned int count, void *kbuf, void __user *ubuf) { - struct ptrauth_keys *keys = &target->thread.keys_user; + struct ptrauth_keys_user *keys = &target->thread.keys_user; struct user_pac_generic_keys user_keys; if (!system_supports_generic_auth()) @@ -1076,7 +1076,7 @@ static int pac_generic_keys_set(struct task_struct *target, unsigned int pos, unsigned int count, const void *kbuf, const void __user *ubuf) { - struct ptrauth_keys *keys = &target->thread.keys_user; + struct ptrauth_keys_user *keys = &target->thread.keys_user; struct user_pac_generic_keys user_keys; int ret;