From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cmarinas@kernel.org>
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by sourceware.org (Postfix) with ESMTPS id 7A9613945C07
 for <libc-alpha@sourceware.org>; Wed, 18 Nov 2020 20:47:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 7A9613945C07
Received: from trantor (unknown [2.26.170.190])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.kernel.org (Postfix) with ESMTPSA id 0511324686
 for <libc-alpha@sourceware.org>; Wed, 18 Nov 2020 20:46:59 +0000 (UTC)
Resent-From: Catalin Marinas <catalin.marinas@arm.com>
Resent-Date: Wed, 18 Nov 2020 20:46:57 +0000
Resent-Message-ID: <X7WIQS+DCH3Rvmc8@trantor>
Resent-To: libc-alpha@sourceware.org
Received: from AM4PR0802MB2289.eurprd08.prod.outlook.com
 (2603:10a6:200:62::12) by VI1PR0802MB2141.eurprd08.prod.outlook.com with
 HTTPS; Wed, 18 Nov 2020 19:06:41 +0000
Received: from AM6P191CA0059.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:7f::36)
 by AM4PR0802MB2289.eurprd08.prod.outlook.com (2603:10a6:200:62::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20; Wed, 18 Nov
 2020 19:06:39 +0000
Received: from VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:209:7f:cafe::61) by AM6P191CA0059.outlook.office365.com
 (2603:10a6:209:7f::36) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend
 Transport; Wed, 18 Nov 2020 19:06:39 +0000
Received-SPF: Pass (protection.outlook.com: domain of google.com designates
 209.85.166.68 as permitted sender) receiver=protection.outlook.com;
 client-ip=209.85.166.68; helo=mail-io1-f68.google.com;
Received: from 64aa7808-inbound-1.mta.getcheckrecipient.com (34.249.187.16) by
 VE1EUR03FT040.mail.protection.outlook.com (10.152.18.210) with
 Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3589.20 via Frontend Transport; Wed, 18 Nov 2020 19:06:39 +0000
Received: ("Tessian outbound 05db67179dd3:v71");
 Wed, 18 Nov 2020 19:06:38 +0000
Received: from mail-io1-f68.google.com (209.85.166.68) by
 VE1EUR03FT033.mail.protection.outlook.com (10.152.18.147) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3589.20 via Frontend Transport; Wed, 18 Nov 2020 19:06:06 +0000
X-TS-Email-ID: 574b85e5-53e5-4249-afa9-52cfa3794558
Received: from e7528c8cd24c.1
 by 64aa7808-inbound-1.mta.getcheckrecipient.com id
 1093C21A-29A0-4E7A-B816-DBFE63FEF36C.1; 
 Wed, 18 Nov 2020 19:06:10 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 by 64aa7808-inbound-1.mta.getcheckrecipient.com with ESMTPS id e7528c8cd24c.1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
 Wed, 18 Nov 2020 19:06:10 +0000
Received: from AM6P194CA0024.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:90::37)
 by DBBPR08MB4757.eurprd08.prod.outlook.com (2603:10a6:10:f0::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.25; Wed, 18 Nov
 2020 19:06:06 +0000
Received: from VE1EUR03FT033.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:209:90:cafe::d3) by AM6P194CA0024.outlook.office365.com
 (2603:10a6:209:90::37) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.20 via Frontend
 Transport; Wed, 18 Nov 2020 19:06:06 +0000
Authentication-Results-Original: spf=pass (sender IP is 209.85.166.68)
 smtp.mailfrom=google.com; arm.com; dkim=pass (signature was verified)
 header.d=google.com;arm.com; dmarc=pass action=none
 header.from=google.com;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of google.com designates
 209.85.166.68 as permitted sender) receiver=protection.outlook.com;
 client-ip=209.85.166.68; helo=mail-io1-f68.google.com;
Received: from mail-io1-f68.google.com (209.85.166.68) by
 VE1EUR03FT033.mail.protection.outlook.com (10.152.18.147) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3589.20 via Frontend Transport; Wed, 18 Nov 2020 19:06:06 +0000
Received: by mail-io1-f68.google.com with SMTP id r9so3185297ioo.7
 for <catalin.marinas@arm.com>; Wed, 18 Nov 2020 11:06:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=Ee067VJcwdxUc3ftbuvjK6kCxcAaxiVZ8ffPztdFzfk=;
 b=C4699Ps/eTTkZ5V6njG1Fq3UxrJLNuTV0kRJoUs4ByiXJi1I2fO+trb+OM4tmlf2mY
 4BAPHkeay5DQVgDU99xOl/pKnwHlRggnaIKe+CVZJZSSvxZ4wL2+P/cngzKMWSLeWLgf
 b0KqZGE2XgIF5jqZ3Z1EY6cHU9ac99IQ+90zEuPp6euyNhAGEfgZ07lvoZ9HdazVIGgW
 XcSpwBb3YVIwQedP0OK42jxah49veizi7TLdwP+nCPqElhcz1ezYa1FHAwqujKxv/DQh
 K46bJpcTyZagt1tOQ5EBgVAN4dQlBJoMi4lEN2wpGhiYaxT4+vhq2FAIkCRRxQl1dtQG
 D2Sg==
X-Gm-Message-State: AOAM532FA3suN7dSNeUBcsjvSV08VWADzb2FDEjkAk/jfMQTQ6sRMp+I
 2Z/BPOk85VvU1uSVwb/opZYE3NTNVCkYt7RNFr5A+Q==
X-Google-Smtp-Source: ABdhPJwXYd1me09sJbtRxvat0lzWNk8YKiIbjxC6vTjkhCmuBjuOqVG3cwXOyBmCx3U21qtn2FXwsKM9ECuroR81wQo=
X-Received: by 2002:a02:cc77:: with SMTP id j23mr9917746jaq.20.1605726364728; 
 Wed, 18 Nov 2020 11:06:04 -0800 (PST)
References: <20201014055106.25164-1-pcc@google.com>
 <20201118175539.GH6882@arm.com>
In-Reply-To: <20201118175539.GH6882@arm.com>
From: Peter Collingbourne <pcc@google.com>
Date: Wed, 18 Nov 2020 11:05:54 -0800
Message-ID: <CAMn1gO7DMx7ty3+09M49wAs-JCEH1H2T13-VxKXCeUz0oGj=Wg@mail.gmail.com>
Subject: Re: [PATCH v2] arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS)
To: Dave Martin <Dave.Martin@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
 Evgenii Stepanov <eugenis@google.com>, Kostya Serebryany <kcc@google.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>, 
 Andrey Konovalov <andreyknvl@google.com>, Kevin Brodsky <kevin.brodsky@arm.com>,
 Linux API <linux-api@vger.kernel.org>, Will Deacon <will@kernel.org>, 
 Linux ARM <linux-arm-kernel@lists.infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-EOPAttributedMessage: 1
X-MS-Office365-Filtering-HT: Tenant
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 820a2e04-c3a4-40b6-62e8-08d88bf51401
X-MS-TrafficTypeDiagnostic: DBBPR08MB4757:|AM4PR0802MB2289:
X-MS-Exchange-AtpMessageProperties: SA
x-checktessianinbound: true
MS-Exchange-Organization-PhishThresholdLevel: 2
NoDisclaimer: true
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;OLM:10000;
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: =?utf-8?B?K0RlbEN0THY0VUFUMGlqQkxPcmQ3VGFPRm5iUEtTN0R3SE82cWFsV0Rhd0dR?=
 =?utf-8?B?S25BT3ViRjJvUmlqVEFWbHo3aXFMc3UyWEMxU2Q4dHQybHdqQmt2QW1RSkgv?=
 =?utf-8?B?U0NvNERqQ3JTMHFiZUlzQWRsVk9aOHlUa1M4dFZRcHdwUTJQbVg5US9TdUM3?=
 =?utf-8?B?ZEdiRWhXZWdzVnI4dnpjNFhvcE1ibC9vVG9VUlgvNjJ3VU0yTlVpdFgzWS9Y?=
 =?utf-8?B?UFM0b3JmSm9ydGxoZXZVL3FLem5HZ0t2Tng3ZjM4Ui94UFo3R1dQK3UydkYv?=
 =?utf-8?B?SVdtUjgySThqemRhM1JobzRKZ1BMQWt2VjI1UHVEMExEbEZoMjBVYzQxS2hw?=
 =?utf-8?B?dEJSM1BNZWNFQXFTeXQ0cWFBUVc1aVlXcDZPWjJBOUpWUW5NTGVRV1JENHpk?=
 =?utf-8?B?aGtMc1k3TVVsNTVVaUxBOGRqcjBPY09jUVYrWkdtNGZZY1crdHd4VWJpMi9i?=
 =?utf-8?B?UG1Xd0ViSW00UTlCOWd6cGxlQTFyWmwvUUxpQTdwK0cybHBFaWdlRGdXVmRw?=
 =?utf-8?B?U2JlTXFoWTdJNDgzV3FudU1sbnpzTnRXMkk4MUM5aS9ueDMzTGR0d1ZKZmVn?=
 =?utf-8?B?cFNlM1NjcDZFMnlFUW8xaEFIL3dadXBjVVErY2tRUm1ZNDQ5Q2UyVkJ1aWtm?=
 =?utf-8?B?TjlxSEs1Nko1UytPQ1dNbDZIR3Irc2wyV0xKdm1uYkd1UURaNjNId2pGOSs4?=
 =?utf-8?B?a1B6d0s5RVpZT3lraVdJZjJCVGx1dCtkV1daNVZ2VC9mc0Q1Ti9lWU5yckIv?=
 =?utf-8?B?QmcyZi9hdmQ1WmpESmhNV0kwUDRhWFVhQmVEV3pUNi9GOW83TGZtcCs1Mlgv?=
 =?utf-8?B?ZWZnZzZqWmlmYVNkWFdZMUQ0eTFpVmNVT3hkeVVZNEoyNnlHd0pOMWkxaEhi?=
 =?utf-8?B?S0lXd2hVN0svYmhieHFFemE3aGRYaGgzVjBkZ1FGUzJ5Rm5PdUU3Y3RTTVls?=
 =?utf-8?B?TEtFT3Y4TmJVWlZSQ3lqcTFiMkwrT2Y4MUxEV1d2RWlzZEY2UVk1eXlnT1F2?=
 =?utf-8?B?c0cxdk5nc0NydlhSN0UxWmVTUVNYS2VmNzdUakFua1pJTVJvOGVTaEYyUkZF?=
 =?utf-8?B?SytlSkxhbkJCTEhRZlRMM1NLaVZ2VlBLbmlYcGZtTmxCU1VUenE1U0xXck9R?=
 =?utf-8?B?UjRDTXQ3MUgwTHJEUW5rcnRibnFjK2RXYWtDdHh3T3o2T2g1cGJyT3M0dURD?=
 =?utf-8?B?OWdFTUdEaGxFMGE3ZEsyZWRiK29OTExyc3dKOVB6eFhUamdOSkZEa0VMMU5Z?=
 =?utf-8?B?bUN0RGtpS25JMWtkVXdDdHh1eU1OT0tuVVRISTRaT2ppZElrMFF6U3VFQ1Rq?=
 =?utf-8?B?OWYxZ0lOUGlvUDZLTWhZSDhwYlVuWklLM3hVN3VlOUlNOUtMZUVXd3JIQkVI?=
 =?utf-8?B?d3JNWkNjai9CZ3NsV3ZCV3BEcEh5aHQ2Qm9oWXpuZFIyY0NzK09WVUZTdWpQ?=
 =?utf-8?B?eWtyb3RTTytrL1pXNWN1Z09ncFY5N28wMnY4V3c0clMvUlF3Q2xOVEZWRGpX?=
 =?utf-8?B?U0VhaG5FU20wbC8yNTgrSlRWaW9VS1lSdVplZHNLZWVNRGhxeGZaVmMyalBO?=
 =?utf-8?B?TVB1aWpCSTdkRDhTMHNkQmkxZitHQlpoL0ZWanYzd0UwVVZGSEhzbDJSVjBX?=
 =?utf-8?B?VU44R0EySmpjTXZ2MS9oT0g0dndyQVhSY1dwVlVhLzRwY2svMzhjbTIyVDNK?=
 =?utf-8?B?SDRsNURWck8rd0RkdUlLSXBRUm1vS2NuV2tiNTROcHprNFVLamxvVXRTcktZ?=
 =?utf-8?B?MGE4K1pydHp4V0FjTFQyelNLQjM2SWR0OUVJa3FXemFwYUh5Q0tlWG5OaGNR?=
 =?utf-8?B?dkk3MkVqc3ByT2Q2NTlsaXM5ZTBhTGJCTHNKdUtVZE1ibERhN0lyRjlTU2N6?=
 =?utf-8?B?K3RpY3R3MVp0bjlPUnorckp0a2xDak0zNU11VTBOUlpzOVZnMDZlM2dHYXFG?=
 =?utf-8?B?NkQvbVRxM3dsbTZkTC8yZEF1VWtGaERLK1lzUGVHa2pFZHNvMWFXNWZKV1ox?=
 =?utf-8?B?aTZKUGJ6YVNBPT0=?=
X-Forefront-Antispam-Report-Untrusted: CIP:209.85.166.68; CTRY:US; LANG:en;
 SCL:-1; SRV:; IPV:NLI; SFV:SKN; H:mail-io1-f68.google.com;
 PTR:mail-io1-f68.google.com; CAT:NONE; SFS:; DIR:INB; 
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4757
X-OrganizationHeadersPreserved: DBBPR08MB4757.eurprd08.prod.outlook.com
Original-Authentication-Results: spf=pass (sender IP is 209.85.166.68)
 smtp.mailfrom=google.com; arm.com; dkim=pass (signature was verified)
 header.d=google.com;arm.com; dmarc=pass action=none
 header.from=google.com;compauth=pass reason=100
X-MS-Exchange-Organization-ExpirationStartTime: 18 Nov 2020 19:06:39.1808 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id: 820a2e04-c3a4-40b6-62e8-08d88bf51401
X-MS-Exchange-Organization-MessageDirectionality: Originating
X-MS-Exchange-SkipListedInternetSender: ip=[209.85.166.68];
 domain=mail-io1-f68.google.com
X-MS-Exchange-ExternalOriginalInternetSender: ip=[209.85.166.68];
 domain=mail-io1-f68.google.com
X-MS-Exchange-Organization-SCL: -1
X-CrossPremisesHeadersPromoted: VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com
X-CrossPremisesHeadersFiltered: VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT040.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthSource: VE1EUR03FT033.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-OriginatorOrg: arm.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 4dd9e005-0273-484e-c706-08d88bf50065
X-Microsoft-Antispam: BCL:0;
X-Forefront-Antispam-Report: CIP:34.249.187.16; CTRY:US; LANG:en; SCL:-1; SRV:;
 IPV:NLI; SFV:SKN; H:mail-io1-f68.google.com; PTR:mail-io1-f68.google.com;
 CAT:NONE; SFS:; DIR:INB; 
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Nov 2020 19:06:39.0129 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 820a2e04-c3a4-40b6-62e8-08d88bf51401
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[34.249.187.16];
 Helo=[64aa7808-inbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT033.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2289
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.4132906
X-MS-Exchange-Processed-By-BccFoldering: 15.20.3589.022
X-Microsoft-Antispam-Mailbox-Delivery: ucf:1; jmr:0; auth:0; dest:C;
 OFR:CustomRules; ENG:(750128)(520002050)(944506458)(944626604); 
X-Microsoft-Antispam-Message-Info: =?utf-8?B?cnhNZlJoakJma2NJbmliNkFOQXU2ek81YTRqTEgxNjlZcmdHMThBTWFMOThS?=
 =?utf-8?B?aTl0Qkl3SkpCbTZaNmNuQnJwaU1pWHJTYjVnZW1RVldUdmdsMXNRWjM1bzB1?=
 =?utf-8?B?OE1SS3NnbnpMU2puVjErWjlzZ3RLc2lwOWtPZTNNbWRCMGs5ek1NelVpbEVz?=
 =?utf-8?B?RGUvWVp2NzZNS0Frc3RTQk90d0tvVmRSajhQZ0drMHEvVW1nTHFRcGxDVFA5?=
 =?utf-8?B?NEhkY3o4Ukt2Tlh0NTN4dXl5R1p1cXRrUUpqbnl1MjNCZUk1SWxHQjMyVDNq?=
 =?utf-8?B?cm5iaVlxTEZWcHFzY1RyS2grb3BVbUkrN04rZUlxMisrMmdUQUxWR2lrRjJY?=
 =?utf-8?B?ZzdoOC9HdldYamduNjlFNDQ0Rzc2d003NkRKRUlhUG1vVHFWOEZpanBwRkJD?=
 =?utf-8?B?RlZGRXBkbi9Hems1SkRIcnhXQUZJU1BuWmU0cmNsK25CWlhjL29HcUdadjBN?=
 =?utf-8?B?bHNnZmtFTERKWlJ2a2pqd3FadlA5TExsSjVlb2gvcnI4RjhWUkt6U3FwUlp3?=
 =?utf-8?B?RzNKOWVVMHBsK3FkOFlXTzJhbzN5c2hhSHlJcnVnbStWcVRGTGlCQlNHd2c1?=
 =?utf-8?B?dlJqQXUzTDhLblFYbVZXUU0wRVdMRGE5VWl2bUFieEd5SWhDZFl0aW9qZ0JE?=
 =?utf-8?B?QmFybUZ3SUxXM0gzVTg2bTZucFZTdWFjSURiMUtpVGFYc0NVcHZtRmN0SGJ1?=
 =?utf-8?B?S2FYUGFETEdVZjdKa0sweFl5NDZWNmNzMkcwOHFIRFpuRXVoRVZodXZCRGtL?=
 =?utf-8?B?Z2ZBMVpjSk1temRJRDNDcXlUWFFEZUVWM3Jva2c2Q2hZZHJLYjAxZVpjQXVR?=
 =?utf-8?B?VGdpdXIybUVQcDJId3ZHeWxTdlZJUGxCaDFPVitBaklqTjNnM1dZNCtMUVl4?=
 =?utf-8?B?U2pMUXBMckRLcU9wQ1FYYW5DSTVKOE1Vd1pZZTNsNE5CekthQjZ5WFVYbERa?=
 =?utf-8?B?NHV6ZHRXczAzT0srbmIwL1V2RUVvOGU5bmxzMVpjbUxqTmZGVyt2eUs3azVP?=
 =?utf-8?B?cFJ3RHV3ZDRGcE9qamtKRG9MYTVBdVV4NlRUdHNYaFhkR3VPaHVuR2czUjBS?=
 =?utf-8?B?QmN6MitJT2dJR092NmdoK254NUZ2aFM0dENHVmRCSG1iZDlFQkhOeklPdmUx?=
 =?utf-8?B?QytmWGRTTncyeHZCOW1oT0UvSDZObHJmNzZBQkY3ZHBTM2lzMHIvTDdIR09m?=
 =?utf-8?B?RWVDdjlDSTJETmdqNXNib2ljdnB0YzJacU1oeFNoay9ZbEZMZ0l6T0JWSTJn?=
 =?utf-8?B?M0xWbEVMRS9uT2M5UFBySmlvR055NHc4SUtHcHY4NjFucUNoZGFSZzBQNlRj?=
 =?utf-8?B?cG1reDI2QzV6MkRxNFh1YjFGZHBQdUVPUDFhcWRVOGFkZlM4dE8zeE1vTWNR?=
 =?utf-8?B?MkZCczVtekdmY3o0dmRtYUY3VjZtYlErcVROdVNSck5oRElZQkN3NWhGWEI1?=
 =?utf-8?B?bDU4UmFGN1MrTXZBTjVXaDM1YTFLRzV6TFIzTG1EQ0dGWE0wZlF0NVRGQjlW?=
 =?utf-8?B?bzhZSE5JQW1JT2oyVm56b1RUdzhtWHMyY2YxWnVSSWZqM0J1RkpqaEdNc1Fk?=
 =?utf-8?B?SzlCZkQ0RWZwWUgyUHZ2WUhJeXFXakNsQ3RHU0FBakpUM2JUWU5nZzMvdGJo?=
 =?utf-8?B?TElLdlM0OXhsMjdHUzBrMnNJR0ZlV2lERnIzcW5jVkZxd3VBcDJReEdSQTFH?=
 =?utf-8?B?V29mdEZ3aGVocXdXTXhqRGpBR05zcHMwV1dvU1dESUNvUURHNmdmb3hqZHRQ?=
 =?utf-8?B?V1FjeGtvVFNjcC9lblZPajk5RkUwTnd6a2xPWGoveHFyTlZ4blFYNmFYM0lM?=
 =?utf-8?B?R3QrYXlmVmVxeTBMbFd3TEdJZHRybDZEUnc1QlNUZGtyZjZ6ZUNNS0RZL2hG?=
 =?utf-8?B?Q2hQZitKOUplVTdiMERoVnJQMW5OdnJ4amlCMmVmdW9leVRUdDhQcFY1NDhM?=
 =?utf-8?B?OEZtWUdiZXozRTRkQ0phbHlNcWwxTW94NGZQTGwremI1bmxlaVpRbmk0dWJt?=
 =?utf-8?B?UjlBOEhLU0hOVmtMRXM4U2FLLzFRQjI5VTZjRHJZbUNSTUJOZ3RPTU9lak9s?=
 =?utf-8?B?bWhVb3UraXpvUm93b1BBYzVSZ3ZCV0dHVnp0R0dOU3d4RDVOUVQxYkE1Qzhu?=
 =?utf-8?B?djBlRTFwTmdsb2YvNVA0RzA0YjZTVDc2dGNwQXJTYmI0YUNQZlJXRlF2ZjEy?=
 =?utf-8?Q?AitHF8FZSAYOUKgFbQHOtkM=3D?=
MIME-Version: 1.0
X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_MED,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,
 SPF_HELO_NONE, SPF_PASS, TXREP, UNPARSEABLE_RELAY,
 USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 20:47:03 -0000

On Wed, Nov 18, 2020 at 9:55 AM Dave Martin <Dave.Martin@arm.com> wrote:
>
> On Tue, Oct 13, 2020 at 10:51:06PM -0700, Peter Collingbourne wrote:
> > This prctl allows the user program to control which PAC keys are enabled
> > in a particular task. The main reason why this is useful is to enable a
> > userspace ABI that uses PAC to sign and authenticate function pointers
> > and other pointers exposed outside of the function, while still allowing
> > binaries conforming to the ABI to interoperate with legacy binaries that
> > do not sign or authenticate pointers.
>
> Does this boil down to using the B key(s) to sign pointers that flow
> across library boundaries?

Right, the B key or whichever I key you select as part of the
interprocedural ABI (most likely B to avoid the kernel's entry/exit
slow path if it needs to be disabled).

> ld.so would then need a control to turn off the B key off if, say,
> the main program or some random library it uses hasn't been rebuilt
> to enable this signing.
>
> (I think we discussed this before, but I keep forgetting the exact
> rationale.)

See [1] where we discussed this before.

> > The idea is that a dynamic loader or early startup code would issue
> > this prctl very early after establishing that a process may load legacy
> > binaries, but before executing any PAC instructions.
>
> We probably need a new program property in ELF to describe this.

There is a draft PAuth ABI [2] which will specify how the feature
works in ELF. I believe that the specification will include details of
how the ELF markings are going to work.

> Currently, there is GNU_PROPERTY_AARCH64_FEATURE_1_PAC, which does not
> specify a key -- but I think it could be defined retrospectively to
> apply to just the APIA key, say.
>
> This raises the question of whether the kernel should actually turn the
> keys on or off based on these flags.  For historical compatibility,
> probably not -- but we could perhaps do that for the B key since the ABI
> for use of the B key is entirely unstandardised so far.

I would be against having the kernel read any ELF properties at this
point. All of the processing can be done in the dynamic loader, and
ELF properties are strictly less powerful than having the dynamic
loader decide what to do. It's not enough to look at the main
executable anyway because you would also need to read the recursive
dynamic libraries and that's a task better done in userspace.
Userspace may also require more complex logic than what can be
expressed with ELF properties (for example, on Android we would need
the same executable to be launched twice, once with keys enabled and
once with keys disabled). If we do anything at all it should probably
be based on whatever we come up with for the PAuth ABI which hasn't
been finalized yet.

> I'll take a look at the patch tomorrow -- my brain isn't functioning
> right now.

Thanks.

Peter

[1] https://lore.kernel.org/linux-arm-kernel/CAMn1gO5JV4-xDO0TAJcY8DmNVgZb_sBH=RUEQY1gTUmmFPGHqQ@mail.gmail.com/
[2] https://github.com/ARM-software/abi-aa/blob/master/pauthabielf64/pauthabielf64.rst