On Wed, Nov 18, 2020 at 01:31:21PM +0000, Szabolcs Nagy wrote: > The 11/18/2020 12:33, Catalin Marinas wrote: > > On Tue, Nov 17, 2020 at 06:39:13PM +0000, Szabolcs Nagy wrote: > > > The 11/17/2020 10:17, Peter Collingbourne via Libc-alpha wrote: > > > > On Tue, Nov 17, 2020 at 9:48 AM Florian Weimer <fw@xxxxxxxxxxxxx> wrote: > > > > > > > > > > * Peter Collingbourne: > > > > > > > > > > > This prctl allows the user program to control which PAC keys are enabled > > > > > > in a particular task. The main reason why this is useful is to enable a > > > > > > userspace ABI that uses PAC to sign and authenticate function pointers > > > > > > and other pointers exposed outside of the function, while still allowing > > > > > > binaries conforming to the ABI to interoperate with legacy binaries that > > > > > > do not sign or authenticate pointers. > > > > > > > > > > > > The idea is that a dynamic loader or early startup code would issue > > > > > > this prctl very early after establishing that a process may load legacy > > > > > > binaries, but before executing any PAC instructions. > > > > > > > > > > I thought that the silicon did not support this? > > > > I think the past discussion we had was around enabling PAC for kernel > > while disabling it for user. The hardware doesn't give us separate bits, > > so Peter's patch toggles them on kernel entry/return, with some overhead > > given by the MSR+ISB (to be added). > > ah ok. i probably incorrectly thought that toggling that sys > register bit is too much overhead at kernel entry so assumed > we cannot have PAC off by default or set per process. I think Peter can rerun his benchmarks but with the ISB added after MSR. If they are not too bad, we can take this series. > (i think with the proposed prctl it's possible to disable PAC > at early ld.so startup and reenable it before calling into the > main exe entry code, if we ever need to disable PAC-RET.) > > i assume thread creation/fork inherits the setting but exec > does not (this is another point that may be worth adding to > the documentation). Yes, that's my understanding from the patch. It should be documented explicitly (I haven't read the doc updates, maybe it does this already). > if we run into issues in userspace with PAC then a prctl that > can be inherited across exec is a possible workaround (so PAC > can be disabled for an entire process tree). Can you do something similar to MTE with an environment variable forcing PAC off? -- Catalin
