From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=3hH0=4S=linaro.org=thiago.bauermann@sourceware.org>
Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com [IPv6:2001:4860:4864:20::32])
	by sourceware.org (Postfix) with ESMTPS id 1BAF43858D1E
	for <gdb-patches@sourceware.org>; Tue, 20 Dec 2022 03:20:11 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1BAF43858D1E
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org
Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-1447c7aa004so13979467fac.11
        for <gdb-patches@sourceware.org>; Mon, 19 Dec 2022 19:20:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:message-id:date:in-reply-to:subject:cc:to:from
         :user-agent:references:from:to:cc:subject:date:message-id:reply-to;
        bh=g6cdLH51loiIoEf85hVQg2Yt2B2q1fI2U0UyFGED5hk=;
        b=GHuyWMTpa5T14kgxw4eXd54SiGdyBAH7RRmsX6jlUjHsN4U0nf5FyCMQH6Ajz9u6iI
         jN6r2y1ni4piYEX9OoXLfX9TGYctfbHJoxl1aUpo1x/yExDF6RnUgPdddcMW7bvoHBh/
         awVAhJ0IGUllD2P11R9iHUAC4BOkBo+yoEKckxDpNxkQPyqJHaQPJ7d5PWslD+nYjRXU
         L4zwy1zbm1Q5lCp8egs7eGOeMv9UoYdDYQeE/bEuZUG7w/Qy/MUoeCf+P98py6Xn64C7
         WyFxmeoBs46HAKGZ1QZGpkgVaWklRQ0GQGnKxAYwlOpP8syXJokgWoO/Ucif5bWKwiN5
         1RlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=mime-version:message-id:date:in-reply-to:subject:cc:to:from
         :user-agent:references:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=g6cdLH51loiIoEf85hVQg2Yt2B2q1fI2U0UyFGED5hk=;
        b=DGG3nQ7LKD0mLb1iiqxhlS/K+1fbXQECDYEqLNkhdtmXUDRkgYtgavAD1Y48HDis+G
         cv3gnzTdsfJQRJ/+8uNcIzeRN+tGLrIqIevlJp7FiGqZRB2o1/gaMtu7qdoyL0XlT9GR
         5kdyi4mAGhr3eBSwR1PEchfCV3f3pNQ0JMrQ6Fujm22ihh7WDtibHB9TJrNsoArdLLRt
         aGJm79Uswl1kiyioKDh0gRGLsyiGD+1ZqmbZab9hPyIQ5mCqxAT+UbIuQIBGekm6pK4U
         ltY6B3sXZL4R43FptJkdfcF311BV4986go8B9Sxh5F4ZNaoNBBu2cNzoQHOIcTWN7BB3
         9jjw==
X-Gm-Message-State: ANoB5plqql85INUjSBN0URwK+MNO/VuFM6YKkbtryZfZgLn9ZMmSSYX6
	tgEXTLkDytVQSADUgfFRi8xbYA==
X-Google-Smtp-Source: AA0mqf6xizo9rW7wx7D0JwMLCiNg+7d2SruaOvAqZLDwu4zQsw81LdqtAdmfPmxdpMZa9LACxS7JoA==
X-Received: by 2002:a05:6870:d614:b0:144:7a86:ae38 with SMTP id a20-20020a056870d61400b001447a86ae38mr24546048oaq.5.1671506410338;
        Mon, 19 Dec 2022 19:20:10 -0800 (PST)
Received: from localhost ([2804:14d:7e39:8470:f43c:ff24:cb90:9cda])
        by smtp.gmail.com with ESMTPSA id e14-20020a056870238e00b00130d060ce80sm5594492oap.31.2022.12.19.19.20.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 19 Dec 2022 19:20:09 -0800 (PST)
References: <20221216105722.1413765-1-luis.machado@arm.com>
User-agent: mu4e 1.8.11; emacs 28.2
From: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
To: Luis Machado <luis.machado@arm.com>
Cc: gdb-patches@sourceware.org, jhb@FreeBSD.org
Subject: Re: [PATCH] [AArch64] Enable pointer authentication support for
 aarch64 bare metal/kernel mode addresses
In-reply-to: <20221216105722.1413765-1-luis.machado@arm.com>
Date: Tue, 20 Dec 2022 03:20:06 +0000
Message-ID: <87ili692xl.fsf@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb-patches.sourceware.org>


Hello Luis,

Luis Machado <luis.machado@arm.com> writes:

> At the moment GDB only handles pointer authentication (pauth) for userspace
> addresses and if we're debugging a Linux-hosted program.
>
> The Linux Kernel can be configured to use pauth instructions for some
> additional security hardening, but GDB doesn't handle this well.
>
> To overcome this limitation, GDB needs a couple things:
>
> 1 - The target needs to advertise pauth support.
> 2 - The hook to remove non-address bits from a pointer needs to be registered
>     in aarch64-tdep.c as opposed to aarch64-linux-tdep.c.
>
> There is a patch for QEMU [1] that addresses the first point, and it makes
> QEMU's gdbstub expose a couple more pauth mask registers, so overall we will
> have up to 4 pauth masks (2 masks or 4 masks):
>
> pauth_dmask
> pauth_cmask
> pauth_dmask_high
> pauth_cmask_high
>
> pauth_dmask and pauth_cmask are the masks used to remove pauth signatures
> from userspace addresses. pauth_dmask_high and pauth_cmask_high masks are used
> to remove pauth signatures from kernel addresses.
>
> The second point is easily addressed by moving code around.
>
> When debugging a Linux Kernel built with pauth with an unpatched GDB, we get
> the following backtrace:
>
>  #0  __fput (file=0xffff0000c17a6400) at /repos/linux/fs/file_table.c:296
>  #1  0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
>  #2  0x30008000080ade30 [PAC] in ?? ()
>  #3  0x30d48000080ade30 in ?? ()
>  Backtrace stopped: previous frame identical to this frame (corrupt stack?)
>
> With a patched GDB, we get something a lot more meaningful:
>
>  #0  __fput (file=0xffff0000c1bcfa00) at /repos/linux/fs/file_table.c:296
>  #1  0xffff8000082bd1f0 in ____fput (work=<optimized out>) at /repos/linux/fs/file_table.c:348
>  #2  0xffff8000080ade30 [PAC] in task_work_run () at /repos/linux/kernel/task_work.c:179
>  #3  0xffff80000801db90 [PAC] in resume_user_mode_work (regs=0xffff80000a96beb0) at /repos/linux/include/linux/resume_user_mode.h:49
>  #4  do_notify_resume (regs=regs@entry=0xffff80000a96beb0, thread_flags=4) at /repos/linux/arch/arm64/kernel/signal.c:1127
>  #5  0xffff800008fb9974 [PAC] in prepare_exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:137
>  #6  exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:142
>  #7  el0_svc (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:638
>  #8  0xffff800008fb9d34 [PAC] in el0t_64_sync_handler (regs=<optimized out>) at /repos/linux/arch/arm64/kernel/entry-common.c:655
>  #9  0xffff800008011548 [PAC] in el0t_64_sync () at /repos/linux/arch/arm64/kernel/entry.S:586
>  Backtrace stopped: Cannot access memory at address 0xffff80000a96c0c8
>
> [1] https://gitlab.com/rth7680/qemu/-/commit/e440ce6de3e14bf19ee70935be9086c05359f07b
> ---
>  gdb/aarch64-linux-tdep.c |  40 ---------------
>  gdb/aarch64-tdep.c       | 103 ++++++++++++++++++++++++++++++++++-----
>  gdb/aarch64-tdep.h       |   2 +
>  gdb/arch/aarch64.h       |   6 +++
>  4 files changed, 100 insertions(+), 51 deletions(-)

I studied this patch and it looks good to me, so FWIW:

Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>

One question: is it possible to run the testsuite against QEMU bare
metal with pauth support? I would assume that there is at least one test
(probably a lot more?) that fails without this patch and passes with it.
Is that correct?

-- 
Thiago