Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp2369634imb; Mon, 4 Mar 2019 03:27:13 -0800 (PST) X-Google-Smtp-Source: AHgI3IZJyqfC8BtIEalmA4aUO8e4we4LmAHwnyG73yPC6fPl9fUmyk+Llr56uZ66/IYoA/l97tZl X-Received: by 2002:a62:7042:: with SMTP id l63mr19295248pfc.1.1551698833473; Mon, 04 Mar 2019 03:27:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551698833; cv=none; d=google.com; s=arc-20160816; b=IQpGAiShm30ZRL0W1FNDVS/BQwWwBxL4kPK2+jxvOSMXwaCnbra/adn+AS5UoyC5Fh n3AqV/z1dLbc+iJinpFW7twGr+15xUFSjNBraHSYgsZk9Gi059rrpJ+TohfeR2FQz8bM HzBBRtM/bgsRPbyI97J3wC2sHg0GWy+EnnSMfWtdeG7RXglnAy6VkCgdfFJhr2t91kvC 2r5qwRm/SgTcrLtfd8ZNKt/v9giETxfQiXv6kiaBJ3oZ4BIo+feExokkuvki3YVQ1s/M yMul6ES9Iy9JA2LQhBtpgt+u8qjcUWZMdyrCrRO8VoeFxzwF/29i+WF09RKET8IJhwmb 99cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=ELgzzKPcA7XBC8UsyYoxILKA7rsRD58SqYHks7PkjwI=; b=wJplneUBVfKqtdDaq/0AIEXh31R8NQohnyH1tfyVPWhjnKzxBSYRVbjS+KZdpT7SZE 13i1j+u/B+4kZKNfTezDymAA+g7OKci2zBwUFX1sFNdjVDiFGRCQJ/7q6rxI2D9JpX3L F1PPiMlDEXXF49R5s1AjD+dOQuULNMUvpAnrLur4pt2BAZsCuugFWAUypWCYnNAsaGIG ZSt9hYbiw6ihCrZ2wj7Sgod38HTYL7Wsdh/99UuB1t5CcezSu5bSOWwDjmvKxQLzAM39 ZaWjMfErhNI5viff0P+/HMcreJuXIH2PHtyzHRpTuQYsuTQjo4BC375QXcY3YfqJ64Uk HOkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f64si2514080plb.302.2019.03.04.03.26.57; Mon, 04 Mar 2019 03:27:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726281AbfCDLIZ (ORCPT + 99 others); Mon, 4 Mar 2019 06:08:25 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:60332 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726047AbfCDLIY (ORCPT ); Mon, 4 Mar 2019 06:08:24 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0555EEBD; Mon, 4 Mar 2019 03:08:24 -0800 (PST) Received: from [10.162.0.144] (a075553-lin.blr.arm.com [10.162.0.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5B9DB3F703; Mon, 4 Mar 2019 03:08:21 -0800 (PST) Subject: Re: [kvmtool PATCH v6 6/6] arm/kvm: arm64: Add a vcpu feature for pointer authentication To: Dave P Martin Cc: "linux-arm-kernel@lists.infradead.org" , Marc Zyngier , Catalin Marinas , Will Deacon , Kristina Martsenko , "kvmarm@lists.cs.columbia.edu" , Ramana Radhakrishnan , "linux-kernel@vger.kernel.org" References: <1550568271-5319-1-git-send-email-amit.kachhap@arm.com> <1550568271-5319-7-git-send-email-amit.kachhap@arm.com> <20190221155409.GA3567@e103592.cambridge.arm.com> <048f772a-1faf-5fa3-d82c-25212a5104af@arm.com> <20190301112452.GS16031@e103592.cambridge.arm.com> From: Amit Daniel Kachhap Message-ID: Date: Mon, 4 Mar 2019 16:38:18 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190301112452.GS16031@e103592.cambridge.arm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dave, On 3/1/19 4:54 PM, Dave P Martin wrote: > On Fri, Mar 01, 2019 at 10:37:54AM +0000, Amit Daniel Kachhap wrote: >> Hi, >> >> On 2/21/19 9:24 PM, Dave Martin wrote: >>> On Tue, Feb 19, 2019 at 02:54:31PM +0530, Amit Daniel Kachhap wrote: > > [...] > >>>> diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h >>>> index 04be43d..2074684 100644 >>>> --- a/arm/aarch64/include/kvm/kvm-config-arch.h >>>> +++ b/arm/aarch64/include/kvm/kvm-config-arch.h >>>> @@ -8,7 +8,9 @@ >>>> "Create PMUv3 device"), \ >>>> OPT_U64('\0', "kaslr-seed", &(cfg)->kaslr_seed, \ >>>> "Specify random seed for Kernel Address Space " \ >>>> - "Layout Randomization (KASLR)"), >>>> + "Layout Randomization (KASLR)"), \ >>>> + OPT_BOOLEAN('\0', "ptrauth", &(cfg)->has_ptrauth, \ >>>> + "Enable address authentication"), >>> >>> Nit: doesn't this enable address *and* generic authentication? The >>> discussion on what capababilities and enables the ABI exposes probably >>> needs to conclude before we can finalise this here. >> ok. >>> >>> However, I would recommend that we provide a single option here that >>> turns both address authentication and generic authentication on, even >>> if the ABI treats them independently. This is expected to be the common >>> case by far. >> ok >>> >>> We can always add more fine-grained options later if it turns out to be >>> necessary. >> Mark suggested to provide 2 flags [1] for Address and Generic >> authentication so I was thinking of adding 2 features like, >> >> +#define KVM_ARM_VCPU_PTRAUTH_ADDR 4 /* CPU uses pointer address >> authentication */ >> +#define KVM_ARM_VCPU_PTRAUTH_GENERIC 5 /* CPU uses pointer generic >> authentication */ >> >> And supply both of them concatenated in VCPU_INIT stage. Kernel KVM >> would expect both feature requested together. > > Seems reasonable. Do you mean the kernel would treat it as an error if > only one of these flags is passed to KVM_ARM_VCPU_INIT, or would KVM > simply treat them as independent? If both flags are passed together then only start using ptrauth otherwise keep ptrauth disabled. This is just to finalize the user side abi as of now and KVM can be updated later. Thanks, Amit D > > [...] > >>>> diff --git a/arm/kvm-cpu.c b/arm/kvm-cpu.c >>>> index 7780251..4ac80f8 100644 >>>> --- a/arm/kvm-cpu.c >>>> +++ b/arm/kvm-cpu.c >>>> @@ -68,6 +68,12 @@ struct kvm_cpu *kvm_cpu__arch_init(struct kvm *kvm, unsigned long cpu_id) >>>> vcpu_init.features[0] |= (1UL << KVM_ARM_VCPU_PSCI_0_2); >>>> } >>>> >>>> + /* Set KVM_ARM_VCPU_PTRAUTH if available */ >>>> + if (kvm__supports_extension(kvm, KVM_CAP_ARM_PTRAUTH)) { >>>> + if (kvm->cfg.arch.has_ptrauth) >>>> + vcpu_init.features[0] |= ARM_VCPU_PTRAUTH_FEATURE; >>>> + } >>>> + >>> >>> I'm not too keen on requiring a dummy #define for AArch32 here. How do >>> we handle other subarch-specific feature flags? Is there something we >>> can reuse? >> I will check it. > > OK > > Cheers > ---Dave >