From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2046.outbound.protection.outlook.com [40.107.21.46]) by sourceware.org (Postfix) with ESMTPS id 1FF75385771C; Wed, 4 Oct 2023 14:51:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1FF75385771C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VclixwepFaj4Kq0OlX5H2mmNYpeuJzTxdY8kB1H62pk=; b=VI4cGX8B+WrxNEnl9Fzdjhhv0soI+o1TbQiM2VfU9GYwqo2GusEKIGDpHeuuU3T9kZt1ApasgpLf/Ekn4+lEXHhoMmoQ/V0AD0GgjUPnGvH226Jj5Hn7d0UEyC6qCTTLnWPn3Edmx6784iwMXeSKLGKYrXl/6lMcbx/62ylR8gY= Received: from DUZPR01CA0009.eurprd01.prod.exchangelabs.com (2603:10a6:10:3c3::16) by PAWPR08MB9032.eurprd08.prod.outlook.com (2603:10a6:102:335::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.35; Wed, 4 Oct 2023 14:51:29 +0000 Received: from DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:3c3:cafe::35) by DUZPR01CA0009.outlook.office365.com (2603:10a6:10:3c3::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.26 via Frontend Transport; Wed, 4 Oct 2023 14:51:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT036.mail.protection.outlook.com (100.127.142.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.26 via Frontend Transport; Wed, 4 Oct 2023 14:51:29 +0000 Received: ("Tessian outbound fdf44c93bd44:v211"); Wed, 04 Oct 2023 14:51:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 77c59095a5c1a263 X-CR-MTA-TID: 64aa7808 Received: from 8ee65b7a0f97.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id FA395DED-37A6-4158-A756-8D5E77ADC4C2.1; Wed, 04 Oct 2023 14:51:23 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 8ee65b7a0f97.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 04 Oct 2023 14:51:23 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MyrOMggYZT7Gl1Ed0+rdA0gJNZB2gb7ehJA23DiLfIw3o3gQTAVBOb73bJjN0MglX+xgFpad/J4U3rQo/huEuFv5zg1wCpAayZkwW/d0QRyjDOz08COE+yjeR74cLouxKpD7bSu6pSIrM2fUzgbUblFa6b37hmU6IuMXmCpE1Ji/09gwqvAXolXv+lldMQjm7Gydys5IJ8ru77tWKZYDqh8rfE8PEzaW3HxhsFGupYIFlgajOj/2dR0H09UXrQtw7SvNtMNdJWfZZhbtinQHy9GtJRlPXgMbt03SM1Q0CtJH8ZUIzmPDV4wEky6d6rR7OfYngCeIIihKpM+GxWoK1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VclixwepFaj4Kq0OlX5H2mmNYpeuJzTxdY8kB1H62pk=; b=ls2s+uKY9iSclYxvgCg//7TssEe/b5hMRo8fvioXzTHgcUs6QeSNjqXB59a//6vOfagNQemlF+3NkSg3OvKVB/WQTspl8WJdeG7s/OUHLaQjKIowN52dtKl7g/hqKcGtexl9GeIgCfcgs9wFO+TH1z7u/cQby8Xj4j0+U7gmIG6ZtIPzKAzIWxktWsQ8VfRf4m6uwYL/pwzVaEJKgm+Z42ZokF5tVZSLZKluxETftfmk7Z351+9D/jvDAoIY9pPktD+EI+atg8NM9/1hyZlK6Gv3LTVUSwWzw86R6EcQAHFmCCIu07/gU0i4QXmUKddB7snASHp18kgclGsvXMYVlw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VclixwepFaj4Kq0OlX5H2mmNYpeuJzTxdY8kB1H62pk=; b=VI4cGX8B+WrxNEnl9Fzdjhhv0soI+o1TbQiM2VfU9GYwqo2GusEKIGDpHeuuU3T9kZt1ApasgpLf/Ekn4+lEXHhoMmoQ/V0AD0GgjUPnGvH226Jj5Hn7d0UEyC6qCTTLnWPn3Edmx6784iwMXeSKLGKYrXl/6lMcbx/62ylR8gY= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from PAXPR08MB7172.eurprd08.prod.outlook.com (2603:10a6:102:20a::19) by DB8PR08MB5385.eurprd08.prod.outlook.com (2603:10a6:10:119::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33; Wed, 4 Oct 2023 14:51:20 +0000 Received: from PAXPR08MB7172.eurprd08.prod.outlook.com ([fe80::736d:8f20:56bd:a219]) by PAXPR08MB7172.eurprd08.prod.outlook.com ([fe80::736d:8f20:56bd:a219%3]) with mapi id 15.20.6838.029; Wed, 4 Oct 2023 14:51:20 +0000 Date: Wed, 4 Oct 2023 15:51:03 +0100 From: Szabolcs Nagy To: Siddhesh Poyarekar , libc-alpha@sourceware.org Cc: adhemerval.zanella@linaro.org, fweimer@redhat.com, carlos@redhat.com Subject: Re: [PATCH 2/2] aarch64: Make glibc.mem.tagging SXID_ERASE Message-ID: References: Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: LO4P123CA0373.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18e::18) To PAXPR08MB7172.eurprd08.prod.outlook.com (2603:10a6:102:20a::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: PAXPR08MB7172:EE_|DB8PR08MB5385:EE_|DBAEUR03FT036:EE_|PAWPR08MB9032:EE_ X-MS-Office365-Filtering-Correlation-Id: ba35ed88-17f1-4d9e-361d-08dbc4e964a4 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: T14AnPxRt4tJGzvP4XXCIk74mww2HyuGoquAa7geLUrFa4Tuggkkxj26wRLRFQd5LZpcpq7UqDiopRXj7jDhaJjGpJmxi14qk0ukwZNKDVx0HXZdYKQesILXJApXOMIJ+w77NLS8m7LShR3Zs+npJUeV0uRdTvMQmzNkvWDNUsJIKl5JXFAvwxL+dorkWpFvxDpMddUQOrYKMSaq5RUu/oImYQdtYuBsZPmJQrM14u5FoH7z4N+CAexsGX/6oIAnfJ3sXfA5QQn8tLfMgYt2yMf9mBzkH6Ra8+q+FjpcTidJFCxTfSbONqSbteu2VxxDVopYOSS2QKfS5+5S1NtPV417MIAOYn4CPt1dcO+D5lLS4MzrVLnOxsPmliSJCeipb/nHJxEx4pVeZ+zKtSFp8CF8b4s/ynIJjyj7utCy4Ht26DaZYbIbSqTT7oxj0iXs4Utv5fWqjyivC82DSmh0wh218BFFInV7oPbbitvZApvypf5AvSGo3DqSdaT5afJC0Rn2VRlEQsGm/IFp+tAESoeAoeNS0pVfCgOpW391brPhPo5y2ddIRkSovfOO/EIO X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAXPR08MB7172.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(376002)(136003)(346002)(396003)(39860400002)(230922051799003)(451199024)(1800799009)(186009)(64100799003)(6512007)(66899024)(86362001)(26005)(66556008)(66946007)(66476007)(36756003)(2906002)(41300700001)(8676002)(38100700002)(4326008)(8936002)(5660300002)(316002)(44832011)(2616005)(6486002)(6506007)(6666004)(478600001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5385 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 2afc3327-cb0e-4800-4b30-08dbc4e95d4a X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: w+znk085ntwo8zyF/H5OkLKrDpTJakkdFmz5oWBzRJ73wjxdpHQoDF+TNU9LlnOomHBofHpwgEB4/jcvhe42htPTXNQuz1/LQD9Qxl1V2V+vfV9Fmb2bKa+CWm5oAfZOw3vstklz5DXhTFoijgnEZzjfB23MErZfVftZg/Tqsn+rdhQGFl4qwZ3j4v6wgI4hL09Evlmys7pD6ajoMR0bufgXPsnU67rrgnmOVYbCBPZVCo4y85Vsj8OXz0HtVOBz0XpE4VYNhbk73P2zPa7/yFHJDoavJ7ULQRPHgvVosLlqrAhOLOaIFKdq36koGGrcnovuOMVwwEmY1DLPG79JCxf78QKziBgr2l1DBZnwiguAh7mhz2nGj8omo1CWToIpSeVdAJnSzWbLCnAxeeO7gPSFSBuiamekWCXle1pXpqDnZ5XPVnDTsyml6IIarfauqqPrg5h7k2HKn72fjUEYtp0c+nElZ5B9LtulB/Sb0Muhor4lGQRk+rkdT+LBUWjeBELfI65WVOy6TgfJdSVp2JeZQtbaTfBcKs4kOQmmgVsK2Moi/KFVs9uMB+aVJb0A2R5f5+sFjBRrYxJUfpQ8mhWNm9QaZgIVkM8/3R06y6grcajDeBnwsJaK7ZdnaJkPjucR/1JMN7hYEHzTAFykAMvbtOFnDerr1s2vRiwH4vN46IlojFYOWRpcJS1JeHpJJflBjicGKhXUzeFkFwp0JUCDAms4cHJwUpNLBJetKc/3UOYzXb51mcNNFc9zoZkL X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(346002)(396003)(39860400002)(230922051799003)(451199024)(64100799003)(186009)(82310400011)(1800799009)(46966006)(40470700004)(36840700001)(40460700003)(40480700001)(66899024)(6512007)(6666004)(6506007)(6486002)(478600001)(47076005)(36860700001)(86362001)(356005)(82740400003)(81166007)(2906002)(336012)(107886003)(26005)(2616005)(36756003)(44832011)(70206006)(70586007)(5660300002)(41300700001)(4326008)(8936002)(8676002)(450100002)(316002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2023 14:51:29.7964 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ba35ed88-17f1-4d9e-361d-08dbc4e964a4 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT036.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9032 X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: The 10/04/2023 10:23, Siddhesh Poyarekar wrote: > The actual problem I'm trying to solve is to get rid of SXID_IGNORE and > SXID_NONE and the first step is to drop users of those levels. Supporting > those levels requires additional processing in __libc_enable_secure, which > is a source of bugs like CVE-2023-4911. I'm not convinced that we really > *need* to have tunables go across sxid boundaries, so I want to flip the > question around: do you think it is *necessary* for memory tagging tunables > to percolate sxid boundaries? If not, then they should stay at SXID_ERASE. ... > The end goal here is to drop everything but SXID_ERASE so that we don't have > to do string twiddling under __libc_enable_secure. > > The other alternative to achieve the same effect (i.e. not twiddle strings > in __libc_enable_secure) could be to make *everything* SXID_IGNORE, which > would then leave GLIBC_TUNABLES untouched for non-setuid children to do what > they please with it. personally i think setuid binaries should not touch the env, just ignore it, so everything SXID_IGNORE. it's not just the string twiddling but tunables_strdup is a problem too (it can fail, needs early alloc,..). ideally tunables_init would be a nop with AT_SECURE and otherwise parsed the env var without malloc and touching the env[] array passed by the kernel.