Re: [PATCH] [AArch64] Enable pointer authentication support for aarch64 bare metal/kernel mode addresses

public inbox for gdb-patches@sourceware.org
 help / color / mirror / Atom feed

From: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
To: Luis Machado <luis.machado@arm.com>
Cc: gdb-patches@sourceware.org, jhb@FreeBSD.org
Subject: Re: [PATCH] [AArch64] Enable pointer authentication support for aarch64 bare metal/kernel mode addresses
Date: Tue, 20 Dec 2022 03:20:06 +0000	[thread overview]
Message-ID: <87ili692xl.fsf@linaro.org> (raw)
In-Reply-To: <20221216105722.1413765-1-luis.machado@arm.com>


Hello Luis,

Luis Machado <luis.machado@arm.com> writes:

> At the moment GDB only handles pointer authentication (pauth) for userspace
> addresses and if we're debugging a Linux-hosted program.
>
> The Linux Kernel can be configured to use pauth instructions for some
> additional security hardening, but GDB doesn't handle this well.
>
> To overcome this limitation, GDB needs a couple things:
>
> 1 - The target needs to advertise pauth support.
> 2 - The hook to remove non-address bits from a pointer needs to be registered
>     in aarch64-tdep.c as opposed to aarch64-linux-tdep.c.
>
> There is a patch for QEMU [1] that addresses the first point, and it makes
> QEMU's gdbstub expose a couple more pauth mask registers, so overall we will
> have up to 4 pauth masks (2 masks or 4 masks):
>
> pauth_dmask
> pauth_cmask
> pauth_dmask_high
> pauth_cmask_high
>
> pauth_dmask and pauth_cmask are the masks used to remove pauth signatures
> from userspace addresses. pauth_dmask_high and pauth_cmask_high masks are used
> to remove pauth signatures from kernel addresses.
>
> The second point is easily addressed by moving code around.
>
> When debugging a Linux Kernel built with pauth with an unpatched GDB, we get
> the following backtrace:
>
>  #0  __fput (file=0xffff0000c17a6400) at /repos/linux/fs/file_table.c:296
>  #1  0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
>  #2  0x30008000080ade30 [PAC] in ?? ()
>  #3  0x30d48000080ade30 in ?? ()
>  Backtrace stopped: previous frame identical to this frame (corrupt stack?)
>
> With a patched GDB, we get something a lot more meaningful:
>
>  #0  __fput (file=0xffff0000c1bcfa00) at /repos/linux/fs/file_table.c:296
>  #1  0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
>  #2  0xffff8000080ade30 [PAC] in task_work_run () at /repos/linux/kernel/task_work.c:179
>  #3  0xffff80000801db90 [PAC] in resume_user_mode_work (regs=0xffff80000a96beb0) at /repos/linux/include/linux/resume_user_mode.h:49
>  #4  do_notify_resume (regs=regs@entry=0xffff80000a96beb0, thread_flags=4) at /repos/linux/arch/arm64/kernel/signal.c:1127
>  #5  0xffff800008fb9974 [PAC] in prepare_exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:137
>  #6  exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:142
>  #7  el0_svc (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:638
>  #8  0xffff800008fb9d34 [PAC] in el0t_64_sync_handler (regs=<optimized out>) at /repos/linux/arch/arm64/kernel/entry-common.c:655
>  #9  0xffff800008011548 [PAC] in el0t_64_sync () at /repos/linux/arch/arm64/kernel/entry.S:586
>  Backtrace stopped: Cannot access memory at address 0xffff80000a96c0c8
>
> [1] https://gitlab.com/rth7680/qemu/-/commit/e440ce6de3e14bf19ee70935be9086c05359f07b
> ---
>  gdb/aarch64-linux-tdep.c |  40 ---------------
>  gdb/aarch64-tdep.c       | 103 ++++++++++++++++++++++++++++++++++-----
>  gdb/aarch64-tdep.h       |   2 +
>  gdb/arch/aarch64.h       |   6 +++
>  4 files changed, 100 insertions(+), 51 deletions(-)

I studied this patch and it looks good to me, so FWIW:

Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>

One question: is it possible to run the testsuite against QEMU bare
metal with pauth support? I would assume that there is at least one test
(probably a lot more?) that fails without this patch and passes with it.
Is that correct?

-- 
Thiago

next prev parent reply	other threads:[~2022-12-20  3:20 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-16 10:57 Luis Machado
2022-12-20  3:20 ` Thiago Jung Bauermann [this message]
2022-12-20  9:17   ` Luis Machado
2023-01-05 13:16 ` Luis Machado
2023-01-18 18:39   ` John Baldwin
2023-01-19  9:34     ` Luis Machado
2023-01-19 18:35       ` John Baldwin
2023-02-21  9:11 ` Luis Machado

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ili692xl.fsf@linaro.org \
    --to=thiago.bauermann@linaro.org \
    --cc=gdb-patches@sourceware.org \
    --cc=jhb@FreeBSD.org \
    --cc=luis.machado@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).