Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp387729img; Wed, 20 Mar 2019 23:42:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqx0t2+QrKrZ+4BdHXa1Jkv4zqVXkHduWjsLmVw9VaaUJ91fF8XtBqaUzg4SwGiyHV0mTyJn X-Received: by 2002:a62:3890:: with SMTP id f138mr1867956pfa.148.1553150537402; Wed, 20 Mar 2019 23:42:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553150537; cv=none; d=google.com; s=arc-20160816; b=Kdu8KDpSzsl6go++SW39+kfi4jNGRQPClYT5Bqiq3vGFUhtbzdnDLVSkJ9QM1Y4Hfe WwQTVvPG0MdDa/abr5VD8KH6ZhZnvx0QBwdo84s9Ohdh4bMnKT+wW5IgFVy/+lqz/BvJ 1df/cur7aeIMoRrmD9P310Genf1cIkxp0pxl8j6vecGW9X6H0ivbZES7JFvDU5tMlOk1 AKXBn9IClH4yrKF4QSTmOUMehPta5SscWd51yaxEf1NVZxXg+MK2z/qEcu9PMPEEPWS8 +ddGD/QxjwTNsQSHTG8iGcXWjZO32x07p32cEFpm1Ir9HWPJT+TpkjhQil8IPASwOOfD PWUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=UQA7m5RMBUOsoK+voKItrtVdFFAJ+5ljilIlMwZTJ8U=; b=fQ9EQrJvs05w8fJTY1QFo+wa3LN4DeLgAICSsTTYyu4OSv8Wxc/fnBrJ05mMZlK/hn I8LCYGCifZc+fMCPgmNAW8qftbCt4k+4qE6/+N/rUaDOZVnOUqe6wALOqRq6yQHsuwJa Hf81ZKGteIRyB1rbQUI7xKAR9e/EETM0ZaqfPIzTHhyRiXkWyc/vDlG15elmPoLVT3UV y2MgqtctpZQk4i70kisWRY2FqzGKavE+XeBqnHU5xrgdFTaYFGvI9c8pedse+P1DVTKm wA+zJfux1II1Lwh4sYc+1JKTqTrS3AJcDNsDRbY3iFsIucPP0+WL+RCsRxkDCijtISqJ 36zw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d22si3486761pgi.166.2019.03.20.23.42.02; Wed, 20 Mar 2019 23:42:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727833AbfCUGlJ (ORCPT + 99 others); Thu, 21 Mar 2019 02:41:09 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:51244 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726371AbfCUGlI (ORCPT ); Thu, 21 Mar 2019 02:41:08 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 42DB0A78; Wed, 20 Mar 2019 23:41:08 -0700 (PDT) Received: from [10.162.0.144] (a075553-lin.blr.arm.com [10.162.0.144]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7C4B13F59C; Wed, 20 Mar 2019 23:41:04 -0700 (PDT) Subject: Re: [PATCH v7 9/10] KVM: arm64: docs: document KVM support of pointer authentication To: Kristina Martsenko , Julien Thierry , linux-arm-kernel@lists.infradead.org Cc: Christoffer Dall , Marc Zyngier , Catalin Marinas , Will Deacon , Andrew Jones , Dave Martin , Ramana Radhakrishnan , kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Mark Rutland , James Morse References: <1552984243-7689-1-git-send-email-amit.kachhap@arm.com> <1552984243-7689-10-git-send-email-amit.kachhap@arm.com> <7bf19035-02ba-ae47-b08c-7d7622a45dbf@arm.com> <648d66dd-519c-7567-a3e1-c23208f68cf2@arm.com> <52d3f9c8-fc27-bf3d-f8f3-1b3921508a8c@arm.com> <6d84723d-e00e-e89f-4c42-d48d0eb03443@arm.com> From: Amit Daniel Kachhap Message-ID: <462c5f79-b0d6-8c4b-ce43-2dfcc0f3b7a6@arm.com> Date: Thu, 21 Mar 2019 12:11:01 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <6d84723d-e00e-e89f-4c42-d48d0eb03443@arm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Julien/Kristina, On 3/21/19 2:26 AM, Kristina Martsenko wrote: > On 20/03/2019 18:06, Julien Thierry wrote: >> >> >> On 20/03/2019 15:04, Kristina Martsenko wrote: >>> On 20/03/2019 13:37, Julien Thierry wrote: >>>> Hi Amit, >>>> >>>> On 19/03/2019 08:30, Amit Daniel Kachhap wrote: >>>>> This adds sections for KVM API extension for pointer authentication. >>>>> A brief description about usage of pointer authentication for KVM guests >>>>> is added in the arm64 documentations. >>> >>> [...] >>> >>>>> diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt >>>>> index 7de9eee..b5c66bc 100644 >>>>> --- a/Documentation/virtual/kvm/api.txt >>>>> +++ b/Documentation/virtual/kvm/api.txt >>>>> @@ -2659,6 +2659,12 @@ Possible features: >>>>> Depends on KVM_CAP_ARM_PSCI_0_2. >>>>> - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. >>>>> Depends on KVM_CAP_ARM_PMU_V3. >>>>> + - KVM_ARM_VCPU_PTRAUTH_ADDRESS: >>>>> + - KVM_ARM_VCPU_PTRAUTH_GENERIC: >>>>> + Enables Pointer authentication for the CPU. >>>>> + Depends on KVM_CAP_ARM_PTRAUTH and only on arm64 architecture. If >>>>> + set, then the KVM guest allows the execution of pointer authentication >>>>> + instructions. Otherwise, KVM treats these instructions as undefined. >>>>> >>>> >>>> Overall I feel one could easily get confused to whether >>>> PTRAUTH_ADDRESS/GENERIC are two individual features, whether one is a >>>> superset of the other, if the names are just an alias of one another, etc... >>>> >>>> I think the doc should at least stress out that *both* flags are >>>> required to enable ptrauth in a guest. However it raises the question, >>>> if we don't plan to support the features individually (because we >>>> can't), should we really expose two feature flags? I seems odd to >>>> introduce two flags that only do something if used together... >>> >>> Why can't we support the features individually? For example, if we ever >>> get a system where all CPUs support address authentication and none of >>> them support generic authentication, then we could still support address >>> authentication in the guest. >>> >>> >> >> That's a good point, I didn't think of that. >> >> Although, currently we don't have a way to detect that we are in such a >> configuration. So as is, both flags are required to enable either >> feature, and I feel the documentation should be clear on that aspect. > > For now we only support enabling both features together, so both flags > need to be set. I agree that the documentation should be made clear on this. > > In the future, if we need to, we can add "negative" cpucaps to detect > that a feature is absent on all CPUs. > >> >> Another option would be to introduce a flag that enables both for now, >> and if one day we decide to support the configuration you mentioned we >> could add "more modular" flags that allow you to control those features >> individually. While a bit cumbersome, I would find that less awkward >> than having two flags that only do something if both are present. > > That would work too. > > I find it more logical to have two flags since there are two features > (two ID register fields), and KVM enables two features for the guest. > The fact that KVM does not currently support enabling them separately is > a KVM implementation choice, and could change in the future. Kristina, this comments of yours is actually what this patch series is trying to do. I should have added more details about the necessity of keeping two flags and enhancement of them is actually a future work. Thanks, Amit Daniel > > Thanks, > Kristina >