Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp3199585imb; Tue, 5 Mar 2019 03:32:39 -0800 (PST) X-Google-Smtp-Source: APXvYqzAwXX50HG1eUV+FdQDpHnViYnRRt+dCQz2sAyzm4HquXGFk0x8ezL+S5UB5yiw5FJjRsoC X-Received: by 2002:a62:1bd4:: with SMTP id b203mr1389676pfb.144.1551785559585; Tue, 05 Mar 2019 03:32:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551785559; cv=none; d=google.com; s=arc-20160816; b=0CMLGVBcRKIbHH5wqGIT6wuQlYZmcXFaKJ933Q9K+rQkf8FmpWVp7/H1lW56Oj/SLx lU2dtakfqSa5v9VJdhXO/pJEHM6qjzzV6RjKt/3Wtqv5j9ivNA5+DgOImb5hcrEXXB1E CVwaySj72hAupIEHJqEtaHBM40MtxeBVvqjvz/v4Rc/SK037vMvFE/KVMvJle+TuE4M2 4WkUeHlpkksgeI4o6mw6ohouZxBH7WVfw9mtSB1O8pl8j8H61qM7gnU7rLwLvaB0zJPh 4euwe6CwCQk8jljFPXOx8PBqm1GWEVzTo4fvYrleUr1Dt3BMtUps9/irNVkiINFJLpfr CN2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=sxFOtvigXFdJT/M1XE6xmJ1UQmjgZKLPVaEY73zwJLY=; b=yk1+Ps2tGHF5jpz3sCYr5BuZavFm0fwByfVW+C6fEYl4x+WN97KYyVvayoL6/K0KLE u1rkZ1nsF34iv3QqLiUMokTb5Gem7y+BNdHK+aKgYhsom99qsV0eQ2XG0EgOB+SJay1m ih+Tqb9zoadOMVmq87YP37oHKxfKcjf3IYj5x0jYqL7AcY747zwrpHm4dapLT1Rb2LQr l3JJ8k/Q9SAKFjNlEYx91hfoxlqJ0v3GzQyB8JSO2HLruuZ/jY0YzzB8nls+QDmCJbNp VQARxXOPbGGwq3GNM/MSF9rjBFG2m3guZ+8YgNxyEe9hYbvermBI0wTCMMciU+bJB7jd IZBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m3si7352259pgq.343.2019.03.05.03.32.24; Tue, 05 Mar 2019 03:32:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727615AbfCELL4 (ORCPT + 99 others); Tue, 5 Mar 2019 06:11:56 -0500 Received: from foss.arm.com ([217.140.101.70]:46574 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727037AbfCELLz (ORCPT ); Tue, 5 Mar 2019 06:11:55 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5C4CC1596; Tue, 5 Mar 2019 03:11:55 -0800 (PST) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B09843F71D; Tue, 5 Mar 2019 03:11:53 -0800 (PST) Date: Tue, 5 Mar 2019 11:11:51 +0000 From: Dave Martin To: Amit Daniel Kachhap Cc: Marc Zyngier , Catalin Marinas , Will Deacon , "linux-kernel@vger.kernel.org" , Kristina Martsenko , Ramana Radhakrishnan , "kvmarm@lists.cs.columbia.edu" , "linux-arm-kernel@lists.infradead.org" Subject: Re: [kvmtool PATCH v6 6/6] arm/kvm: arm64: Add a vcpu feature for pointer authentication Message-ID: <20190305111149.GK3567@e103592.cambridge.arm.com> References: <1550568271-5319-1-git-send-email-amit.kachhap@arm.com> <1550568271-5319-7-git-send-email-amit.kachhap@arm.com> <20190221155409.GA3567@e103592.cambridge.arm.com> <048f772a-1faf-5fa3-d82c-25212a5104af@arm.com> <20190301112452.GS16031@e103592.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 04, 2019 at 04:38:18PM +0530, Amit Daniel Kachhap wrote: > > Hi Dave, > > On 3/1/19 4:54 PM, Dave P Martin wrote: > >On Fri, Mar 01, 2019 at 10:37:54AM +0000, Amit Daniel Kachhap wrote: > >>Hi, > >> > >>On 2/21/19 9:24 PM, Dave Martin wrote: > >>>On Tue, Feb 19, 2019 at 02:54:31PM +0530, Amit Daniel Kachhap wrote: > > > >[...] > > > >>>>diff --git a/arm/aarch64/include/kvm/kvm-config-arch.h b/arm/aarch64/include/kvm/kvm-config-arch.h > >>>>index 04be43d..2074684 100644 > >>>>--- a/arm/aarch64/include/kvm/kvm-config-arch.h > >>>>+++ b/arm/aarch64/include/kvm/kvm-config-arch.h > >>>>@@ -8,7 +8,9 @@ > >>>> "Create PMUv3 device"), \ > >>>> OPT_U64('\0', "kaslr-seed", &(cfg)->kaslr_seed, \ > >>>> "Specify random seed for Kernel Address Space " \ > >>>>- "Layout Randomization (KASLR)"), > >>>>+ "Layout Randomization (KASLR)"), \ > >>>>+ OPT_BOOLEAN('\0', "ptrauth", &(cfg)->has_ptrauth, \ > >>>>+ "Enable address authentication"), > >>> > >>>Nit: doesn't this enable address *and* generic authentication? The > >>>discussion on what capababilities and enables the ABI exposes probably > >>>needs to conclude before we can finalise this here. > >>ok. > >>> > >>>However, I would recommend that we provide a single option here that > >>>turns both address authentication and generic authentication on, even > >>>if the ABI treats them independently. This is expected to be the common > >>>case by far. > >>ok > >>> > >>>We can always add more fine-grained options later if it turns out to be > >>>necessary. > >>Mark suggested to provide 2 flags [1] for Address and Generic > >>authentication so I was thinking of adding 2 features like, > >> > >>+#define KVM_ARM_VCPU_PTRAUTH_ADDR 4 /* CPU uses pointer address > >>authentication */ > >>+#define KVM_ARM_VCPU_PTRAUTH_GENERIC 5 /* CPU uses pointer generic > >>authentication */ > >> > >>And supply both of them concatenated in VCPU_INIT stage. Kernel KVM > >>would expect both feature requested together. > > > >Seems reasonable. Do you mean the kernel would treat it as an error if > >only one of these flags is passed to KVM_ARM_VCPU_INIT, or would KVM > >simply treat them as independent? > If both flags are passed together then only start using ptrauth otherwise > keep ptrauth disabled. This is just to finalize the user side abi as of now > and KVM can be updated later. If just flag is passed, I think KVM_ARM_VCPU_INIT should just fail. Otherwise we risk userspace becoming accidentally reliant on behaviour that may change in the future. Cheers ---Dave