Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3109507imm; Fri, 19 Oct 2018 05:23:19 -0700 (PDT) X-Google-Smtp-Source: ACcGV603Cq1qCuwQtGaVX463lPrCImfFQOmbq8Na2tRfuhyRi64Nc8epusOEBqxJW5KYHkSbdR1v X-Received: by 2002:a17:902:e201:: with SMTP id ce1-v6mr32917031plb.47.1539951799141; Fri, 19 Oct 2018 05:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539951799; cv=none; d=google.com; s=arc-20160816; b=FGSDcSyBNcuDFm98+nH2lRMQr6LmbNRYyCwo81CZb2LfI6aIn8Q8TGVuUz/oLgOTVL MjC5uTL1I7g7Q8r926X2ZHVbjrhzMi3B4n++Yvq6/laTtsZIZWMt4qG1z8l3wfN04OC3 oNBtNZ0ExARclBEFeJpIuldimapYRuZ+7BNDMBNeaqxrsprWD/rS5gneZyPnp2wZoNv3 /UZHKCgnklVN+/bVqqVbESHuM0VPnSPHtJ++q/CXlriIOnEhHPvQ/k3ZeiHKkHSoWRBQ EUzRei3MTkdfCbOAp8grmDtHgERvoNmKDcnFutUjQ9R5Aqkzy9C7shLFBFiG58QhyW3V UHSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=gOInThOrQmxQZXT118or6xnxhVqG+PpdK7Qm78Gq5Mw=; b=cnPdv40PvL35JE1U7iVS8hPVZ85J81LOVdWFrzhbnSvEfWL9HgjOkvSd0R6rwheuDV euO2UJikSoI9xpeloMpcZwVO8WQMrkiMW6cAOJzNeffiKJ0eJGaPYvTCu5hWQqvXdFq2 msNsM/OnqpKTKTPBNesIElTXif+WsuGRU1kOJBgLB/dCDqB9eov73sdaoI3ZIh1oYptu HikELlqOj1SHv4bHq9376arI622UFdX2OfrmtZh8pQoQEDep79xz8YD5u0uMwnZ39ePk WBYrfdyKl8NBKtSV4vllUX0r9WJbLAw4Gn7TuUAPfL3UDANptiGQDrAXPtOxisWEn7LN oa6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 23-v6si24186328pgs.356.2018.10.19.05.23.04; Fri, 19 Oct 2018 05:23:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727510AbeJSU1z (ORCPT + 99 others); Fri, 19 Oct 2018 16:27:55 -0400 Received: from foss.arm.com ([217.140.101.70]:51540 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726867AbeJSU1y (ORCPT ); Fri, 19 Oct 2018 16:27:54 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6D35980D; Fri, 19 Oct 2018 05:22:02 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3B6D13F71D; Fri, 19 Oct 2018 05:22:02 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 459A51AE06FD; Fri, 19 Oct 2018 13:22:05 +0100 (BST) Date: Fri, 19 Oct 2018 13:22:05 +0100 From: Will Deacon To: Catalin Marinas Cc: Kristina Martsenko , Ramana Radhakrishnan , "linux-arm-kernel@lists.infradead.org" , Mark Rutland , "linux-arch@vger.kernel.org" , Andrew Jones , Jacob Bramley , Arnd Bergmann , Ard Biesheuvel , Marc Zyngier , Adam Wallis , Suzuki Poulose , Christoffer Dall , "kvmarm@lists.cs.columbia.edu" , Amit Kachhap , Dave P Martin , "linux-kernel@vger.kernel.org" , Kees Cook Subject: Re: [PATCH v5 11/17] arm64: docs: document pointer authentication Message-ID: <20181019122204.GE14246@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> <20181005084754.20950-12-kristina.martsenko@arm.com> <9acb0cd2-66b0-1c41-b1a8-7c70608e9a9b@foss.arm.com> <7b0de19b-45b9-f4df-25d1-c7e80fab49dc@arm.com> <20181019113556.ljbdmjo5pdw7muvz@mbp> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181019113556.ljbdmjo5pdw7muvz@mbp> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 19, 2018 at 12:35:56PM +0100, Catalin Marinas wrote: > On Tue, Oct 16, 2018 at 05:14:39PM +0100, Kristina Martsenko wrote: > > On 05/10/2018 10:04, Ramana Radhakrishnan wrote: > > > On 05/10/2018 09:47, Kristina Martsenko wrote: > > The other special case is the XPACLRI instruction, which is also in the > > HINT space. Currently it will trap and KVM will inject an exception into > > the guest. We should probably change this to NOP instead, as that's what > > applications will expect. Unfortunately there is no EnIA-like control to > > make it NOP. > > Very good catch. Basically if EL2 doesn't know about ptr auth (older > distro), EL1 may or may not know but leaves SCTLR_EL1 disabled (based on > CPUID), the default HCR_EL2 is to trap (I'm ignoring EL3 as that's like > to have ptr auth enabled, being built for the specific HW). So a user > app considering XPACLRI a NOP (or inoffensive) will get a SIGILL > (injected by the guest kernel following the injection of "Unknown > reason" exception by KVM). > > Ramana, is XPACLRI commonly generated by gcc and expects it to be a NOP? > Could we restrict it to only being used at run-time if the corresponding > HWCAP is set? This means redefining this instruction as no longer in the > NOP space. My main worry is that this instruction is used when unwinding C++ exceptions, so I think we'll see it fairly often. Effectively, the architecture means these instructions can result in a SIGILL if they are used under an OS/hypervisor that doesn't know about the feature (i.e. any mainline kernel release so far). I think that's a massive problem for the current implementation in GCC. Worse, if distributions are currently shipping binaries built with this, they basically have a ticking bomb in their applications where things will start crashing when they encounter CPUs that implement pointer authentication. Ramana: do you know whether people are building binaries with this stuff enabled by default? Will