From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2082.outbound.protection.outlook.com [40.107.241.82]) by sourceware.org (Postfix) with ESMTPS id AF6C03858D20 for ; Tue, 20 Dec 2022 09:17:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AF6C03858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TsYVzOKJOBWYbrvTQu+PvnriMUp57IX9CBiwP99zTrE=; b=PgZxgkzmWOkV3TL8+Cx4mOGpQXLcH5jdL3bD7i8I53puTfgO4Ws9mx0ZQprjrkGWVt1A4TlEzZeJTiqqYBfRCyaj47x5vPNzpRcxKMEUPtdRQRY1CTjgYcoOm+woRY8OVNJOHwFNdxNozE941TIqOefCsvrf2xrojVnKOMbkW14= Received: from FR3P281CA0119.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a3::19) by GVXPR08MB8234.eurprd08.prod.outlook.com (2603:10a6:150:17::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.6; Tue, 20 Dec 2022 09:17:37 +0000 Received: from VI1EUR03FT015.eop-EUR03.prod.protection.outlook.com (2603:10a6:d10:a3:cafe::79) by FR3P281CA0119.outlook.office365.com (2603:10a6:d10:a3::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.10 via Frontend Transport; Tue, 20 Dec 2022 09:17:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VI1EUR03FT015.mail.protection.outlook.com (100.127.144.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.6 via Frontend Transport; Tue, 20 Dec 2022 09:17:36 +0000 Received: ("Tessian outbound baf1b7a96f25:v132"); Tue, 20 Dec 2022 09:17:36 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 789e1c044fd18179 X-CR-MTA-TID: 64aa7808 Received: from d97fd90d7538.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 52F07D39-36FB-4810-BD48-9173AC81C0B7.1; Tue, 20 Dec 2022 09:17:29 +0000 Received: from EUR02-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d97fd90d7538.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 20 Dec 2022 09:17:29 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HO6H/AZH99aPZKhhII+dBzdjuULXL4a8rMj3GTbJLwHqPV6zufGpldtSqvVhaBV/RI29GOl2ExDbTbLXqJO/3AW9IKqYccF491p1qoeyk6Jy0DoVv9TdDU1+AF76x5COh+5/N6xm5RE5bToOcL0q1JBsbUcFZmkZX9vC6ZDWDnp5R2swBLBVH5kR1Lw/gWEu+a4mOrSBk80MJfz6URsjbhOZJjlJbbVIPHlJJD7lA19J0H6uHvKgU9IkpiHSi6a/7DlxTlrfpK2tOG8RxCk+I3zKGWu7wKyjuHMisonsQAQdZAAsPDpSDU8+zErE9DW+AN0ej4uF7vVkPehAOMkbgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TsYVzOKJOBWYbrvTQu+PvnriMUp57IX9CBiwP99zTrE=; b=oevk+1mz3DsBN5G1+zMIZfiuNtn/PfWiZffNa/oDVW/nqxFgE07RGTUQREnri0wEjiK49MQWHp0VUTdO0zMEsmXQ+TAdg7H5E3UIQaCXJcKmcu4vKH9gwkWP+kmhV8dU8ZBq5TyaisIM9JAuW5b0GfA3JD4GjykGXc/CSu/Htfj3GuIOIuZNGyKtGbL2zp/o7VE0EKS6/5sC5tepFvqCa2f/7sX5XbFl85jOJpS5cusScinYBGxa9IRDKuSqaNaCZmDWVzkgc97eYumK5yhX6huKs4azTT0HSBhRGWBkwRZkZ8z1Il1G0Ncef2U7i1vXOtU/1yMZpoTiiW/F/YHxeQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TsYVzOKJOBWYbrvTQu+PvnriMUp57IX9CBiwP99zTrE=; b=PgZxgkzmWOkV3TL8+Cx4mOGpQXLcH5jdL3bD7i8I53puTfgO4Ws9mx0ZQprjrkGWVt1A4TlEzZeJTiqqYBfRCyaj47x5vPNzpRcxKMEUPtdRQRY1CTjgYcoOm+woRY8OVNJOHwFNdxNozE941TIqOefCsvrf2xrojVnKOMbkW14= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) by AS8PR08MB10027.eurprd08.prod.outlook.com (2603:10a6:20b:63b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.6; Tue, 20 Dec 2022 09:17:27 +0000 Received: from VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::eed7:25a3:e4ea:187a]) by VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::eed7:25a3:e4ea:187a%7]) with mapi id 15.20.5944.006; Tue, 20 Dec 2022 09:17:26 +0000 Message-ID: Date: Tue, 20 Dec 2022 09:17:25 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH] [AArch64] Enable pointer authentication support for aarch64 bare metal/kernel mode addresses Content-Language: en-US To: Thiago Jung Bauermann Cc: gdb-patches@sourceware.org, jhb@FreeBSD.org References: <20221216105722.1413765-1-luis.machado@arm.com> <87ili692xl.fsf@linaro.org> From: Luis Machado In-Reply-To: <87ili692xl.fsf@linaro.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: LNXP265CA0090.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:76::30) To VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: VI1PR08MB3919:EE_|AS8PR08MB10027:EE_|VI1EUR03FT015:EE_|GVXPR08MB8234:EE_ X-MS-Office365-Filtering-Correlation-Id: fff39825-9428-4b10-dfcc-08dae26b08b7 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: zSjrRX0Pr1Ps7ZnQIBeQ6UoQljkYfIp5cvcdD3KNmJ0WSKYutjSKSzRCLHP3AoitBmFm3vHLt/OnZafSC4rVM/r8hz1Pu0cZTa8ASzGSBbNObtlKDa7LF0cxOC7I03KwH0i4IzXOgq3C5s3/+p8JxXcnaU7MOpu8zrIKPs2Zs1lvGn95eDzkA3FNK6HkiM5z8N6KmSpRfWM/39nTrXy4cV/ZKsd+xLmh3lK+NYwxtnI+ScxCJLozwLXPG+I+CRhKb8eiId/u4ObUUNkJPeY77jCKlBO8wT5Q5edf5lhd0qMld21unKGIvor/I2Wc8mRYpuBZYD8m4cmME2bCQTLL/B0ZSAWTgNrRlfDvojLZKWl6IXNuNG+ZHyhOzLxTiLJ/R372tUwcggip7j0OHXJnql0dqMULEbCbBFddFmjoTbB3W7GdvWZagcBvSJhcpLHe30INtr1zbk6M7hIvBXKfgT2gzoCOBmSmbMA9oJxayH7o7K502FuHlwnGiiqFZiiYwS0U4HmmWXRWPrGBJId9y9QPciAOMZ5TXU0/JoUR+8tnT9WxmknLm2UwYsOx15bnaDu0L1zWV+WMwdsL4TvcopTrKQqMQxgycxi0MlcgXBShcFJojR0K2SVJbDxyzQt1uwDZtZ1lt6ukxc+/vVL0pQv2Eab+2qVJR7hJcp1H9PNe2b3H+NUtik53WcOsxf/y2R51EpxUvtx1MD8a9Fuz/k3MNuvTsXZG2MOgnk/jtuejkmppN4wcC8HIYE5qZEJx X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR08MB3919.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(396003)(366004)(376002)(39860400002)(136003)(451199015)(31686004)(36756003)(66476007)(66556008)(66946007)(8676002)(6512007)(26005)(186003)(478600001)(4326008)(41300700001)(2616005)(2906002)(86362001)(83380400001)(44832011)(5660300002)(8936002)(53546011)(6486002)(6916009)(316002)(6506007)(31696002)(38100700002)(966005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB10027 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR03FT015.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: ffc2cb54-6784-4d24-0c7f-08dae26b021c X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8fVmjHulCDiRsV93kHbPiB3mrrjxkDu4+2LGV5YbKtATOXb9We+3sy4Dc0dC4s+2xTNtRr4ioHp0tOwrnwaMdAjhhHdRiwUMDWZlIk2PqS7aK/ho7kXSUg5LrXJI0gqHoyCIX3aokBQkayobtizZZ/E7ZlT78j8u205N1O1WuJh6khqasPRwS4mOrWd9xMN7zlELhXdoVg3xHcXklyvRqvvi5MzgclUWGg8PI4kUcWublBfYf2tUYHWcD4ip44f9iKeUkhv0/VIi7U5/wz134mnYsXh/U5zOXcp3VQ4emHG3+XOncBRJIKe8jBHhgg8eY99Xem59qFjkWCMEakuVjONLBJwj6Ci806ALzKQQIgK36pxRLKJdMs3u22ODXCwtg8T7vifZYloMWBoTffmhrwBO2ctXkbSV6QnT1SdJT5Wv9Oni+r4NJpkmHs7ofrZXe5wMY/hP4YG0wcAQLmRea7TpW1jFnqQzwKhtR5aclzxQw5F1RnociYm97C1iYAFAJZY6M/7jlmDD9j77joIcL9QW82QLSYRWiSEpjC48MTWsFfnghvyRGGGHC/QMDUmuS05n4UyWZvUsn7GEWlF9ijGDKV+tmq+Jeo8eqxQV9JA0Jx4kgwn2AQRqSy0WvPp8zNntJL1Zr5bPvSf9YnIGrchWLSvfdm/Cas6gJ+u4gBcsjQXE5XYsw0/CIBN21FUlmsjaBXwAJPvdOTPz3gRvp/I+RhzLk1ffLNyCnc3JuJb3LrQDFEwogde8SV5Ynnl+0f6lZJaJBCXM0YzAvNcnDA== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(396003)(376002)(346002)(136003)(451199015)(36840700001)(46966006)(40470700004)(31686004)(83380400001)(336012)(47076005)(2616005)(53546011)(31696002)(316002)(40460700003)(40480700001)(36756003)(86362001)(6512007)(356005)(81166007)(82310400005)(2906002)(8936002)(6486002)(478600001)(82740400003)(966005)(186003)(26005)(70586007)(36860700001)(8676002)(41300700001)(5660300002)(6506007)(107886003)(70206006)(4326008)(6862004)(44832011)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Dec 2022 09:17:36.1055 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fff39825-9428-4b10-dfcc-08dae26b08b7 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VI1EUR03FT015.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR08MB8234 X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 12/20/22 03:20, Thiago Jung Bauermann wrote: > > Hello Luis, > > Luis Machado writes: > >> At the moment GDB only handles pointer authentication (pauth) for userspace >> addresses and if we're debugging a Linux-hosted program. >> >> The Linux Kernel can be configured to use pauth instructions for some >> additional security hardening, but GDB doesn't handle this well. >> >> To overcome this limitation, GDB needs a couple things: >> >> 1 - The target needs to advertise pauth support. >> 2 - The hook to remove non-address bits from a pointer needs to be registered >> in aarch64-tdep.c as opposed to aarch64-linux-tdep.c. >> >> There is a patch for QEMU [1] that addresses the first point, and it makes >> QEMU's gdbstub expose a couple more pauth mask registers, so overall we will >> have up to 4 pauth masks (2 masks or 4 masks): >> >> pauth_dmask >> pauth_cmask >> pauth_dmask_high >> pauth_cmask_high >> >> pauth_dmask and pauth_cmask are the masks used to remove pauth signatures >> from userspace addresses. pauth_dmask_high and pauth_cmask_high masks are used >> to remove pauth signatures from kernel addresses. >> >> The second point is easily addressed by moving code around. >> >> When debugging a Linux Kernel built with pauth with an unpatched GDB, we get >> the following backtrace: >> >> #0 __fput (file=0xffff0000c17a6400) at /repos/linux/fs/file_table.c:296 >> #1 0xffff8000082bd1f0 in ____fput (work=) at /repos/linux/fs/file_table.c:348 >> #2 0x30008000080ade30 [PAC] in ?? () >> #3 0x30d48000080ade30 in ?? () >> Backtrace stopped: previous frame identical to this frame (corrupt stack?) >> >> With a patched GDB, we get something a lot more meaningful: >> >> #0 __fput (file=0xffff0000c1bcfa00) at /repos/linux/fs/file_table.c:296 >> #1 0xffff8000082bd1f0 in ____fput (work=) at /repos/linux/fs/file_table.c:348 >> #2 0xffff8000080ade30 [PAC] in task_work_run () at /repos/linux/kernel/task_work.c:179 >> #3 0xffff80000801db90 [PAC] in resume_user_mode_work (regs=0xffff80000a96beb0) at /repos/linux/include/linux/resume_user_mode.h:49 >> #4 do_notify_resume (regs=regs@entry=0xffff80000a96beb0, thread_flags=4) at /repos/linux/arch/arm64/kernel/signal.c:1127 >> #5 0xffff800008fb9974 [PAC] in prepare_exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:137 >> #6 exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:142 >> #7 el0_svc (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:638 >> #8 0xffff800008fb9d34 [PAC] in el0t_64_sync_handler (regs=) at /repos/linux/arch/arm64/kernel/entry-common.c:655 >> #9 0xffff800008011548 [PAC] in el0t_64_sync () at /repos/linux/arch/arm64/kernel/entry.S:586 >> Backtrace stopped: Cannot access memory at address 0xffff80000a96c0c8 >> >> [1] https://gitlab.com/rth7680/qemu/-/commit/e440ce6de3e14bf19ee70935be9086c05359f07b >> --- >> gdb/aarch64-linux-tdep.c | 40 --------------- >> gdb/aarch64-tdep.c | 103 ++++++++++++++++++++++++++++++++++----- >> gdb/aarch64-tdep.h | 2 + >> gdb/arch/aarch64.h | 6 +++ >> 4 files changed, 100 insertions(+), 51 deletions(-) > > I studied this patch and it looks good to me, so FWIW: > > Reviewed-by: Thiago Jung Bauermann > > One question: is it possible to run the testsuite against QEMU bare > metal with pauth support? I would assume that there is at least one test > (probably a lot more?) that fails without this patch and passes with it. > Is that correct? > There isn't a specific test for this, but if you force pointer authentication in the compiler and the use of high addresses (VA select bit 55 on), the regular GDB tests that do any sort of backtrace will fail without this patch. Hardware watchpoints should also be affected by the pointer authentication bits. The difficulty is setting up a gdb testsuite run against QEMU (or any other simulator). It would be nice to have that though.