[PATCH v3] arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS)
Peter Collingbourne
pcc at google.com
Thu Nov 19 22:32:41 EST 2020
On Thu, Nov 19, 2020 at 2:40 AM Szabolcs Nagy <szabolcs.nagy at arm.com> wrote:
>
> The 11/18/2020 21:20, Peter Collingbourne via Libc-alpha wrote:
> > This prctl allows the user program to control which PAC keys are enabled
> > in a particular task. The main reason why this is useful is to enable a
> > userspace ABI that uses PAC to sign and authenticate function pointers
> > and other pointers exposed outside of the function, while still allowing
> > binaries conforming to the ABI to interoperate with legacy binaries that
> > do not sign or authenticate pointers.
> >
> > The idea is that a dynamic loader or early startup code would issue
> > this prctl very early after establishing that a process may load legacy
> > binaries, but before executing any PAC instructions.
> >
> > Signed-off-by: Peter Collingbourne <pcc at google.com>
> > Link: https://linux-review.googlesource.com/id/Ibc41a5e6a76b275efbaa126b31119dc197b927a5
>
> i would mention in the commit that the overhead of the kernel entry
> code change was measured to be small.
Done.
> > ---
> > v3:
> > - fix some style nits
> > - move kernel entry ISB to after setting EnIA
> > - rename sctlr -> sctlr_user
> > - remove init_sctlr
> >
> > v2:
> > - added prctl(PR_PAC_GET_ENABLED_KEYS)
> > - added ptrace APIs for getting and setting the set of enabled
> > keys
> > - optimized the instruction sequence for kernel entry/exit
> > - rebased on top of MTE series
> ...
> > +Enabling and disabling keys
> > +---------------------------
> > +
> > +The prctl PR_PAC_SET_ENABLED_KEYS allows the user program to control which
> > +PAC keys are enabled in a particular task. It takes two arguments, the
> > +first being a bitmask of PR_PAC_APIAKEY, PR_PAC_APIBKEY, PR_PAC_APDAKEY
> > +and PR_PAC_APDBKEY specifying which keys shall be affected by this prctl,
> > +and the second being a bitmask of the same bits specifying whether the key
> > +should be enabled or disabled. For example::
> > +
> > + prctl(PR_PAC_SET_ENABLED_KEYS,
> > + PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY,
> > + PR_PAC_APIBKEY, 0, 0);
> > +
> > +disables all keys except the IB key.
> > +
> > +The main reason why this is useful is to enable a userspace ABI that uses PAC
> > +instructions to sign and authenticate function pointers and other pointers
> > +exposed outside of the function, while still allowing binaries conforming to
> > +the ABI to interoperate with legacy binaries that do not sign or authenticate
> > +pointers.
> > +
> > +The idea is that a dynamic loader or early startup code would issue this
> > +prctl very early after establishing that a process may load legacy binaries,
> > +but before executing any PAC instructions.
>
> please document how the setting is inherited across clone, fork, exec
> and the setting at process startup (since it wont be inherited across
> exec and not every reader knows what setting is required for bw compat).
Done. (Sorry, I said that I would do that then forgot to actually do
it.) While I was here I also documented the perf difference between IA
and the other keys.
Peter
More information about the linux-arm-kernel
mailing list