Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3350732yba; Tue, 16 Apr 2019 09:34:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqxVi7uldgGMu/xInTycroaWUPjE57KkNY+2K1F37OnLlegnVLkr9wVXoWiysF4fj50HOi2V X-Received: by 2002:a17:902:b181:: with SMTP id s1mr75556263plr.9.1555432472161; Tue, 16 Apr 2019 09:34:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555432472; cv=none; d=google.com; s=arc-20160816; b=aPrFqM7LknJpFuIaav2/tzUYukXeRueEshKpllYUnzZFxieo09lNobj2hUsD8H56zi FHriqBWMOzqLTUp6ZrlnRMA1IIlJltwO8tNQt3kSOI2EdWDdqmzmj+N+pGr4+MbCPzTF oQkSpRFZYcTi6zygK2CiDXYsMqllScxHd12SkwUtp40vUx0KR+kd7Z6d45On/XjYKjG0 JVl5mJGk8jJk50uIasV5etsGgMCkaXWBaPpzjmGb1PSztE6Goj1Aw7+x+xz/yr8o6GV5 +SXWtoWeledEmfXxUwWs8FHTS9FF7ljhR2YBpbTswpqIJHzQYKSx5pD6oZmGgq0gy/4R e29g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=XisrZnsDST3/M2dvzi1MnQvfjEHQdSbnqqgXdfGk/kY=; b=Gr6t2Qh34YuzcXFyD7jieSyfLI8myByTdk7fkaSRsNwHBu4qeuOiIe7nB2XKpoGznu i5mSLaMH1wurup8GOtYWlCBi97iPcehteiWm9BN7JYtq9ShgdaJ6tG3Q3PqU0wziNgcQ RdiQLyEZtDBK/ywW4iAhxFjOVNuCASWzb/qTNVuHhNbRXBc6wckF2S/MVX+c3bPwe6d1 qY4hWYJRTOMuaa4+V+QQqIq8TPgx4yrOJjbTzgIiCG8Jn9S7Y36d633MIzSnJxilHwil HFvQVEsCBxVKX2e2rtomGVcX1yN0pf9Qju6u4hAm46LTGK1yQJa2vQt4USiNI+WKiBya 644g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5si28088224pfo.84.2019.04.16.09.34.16; Tue, 16 Apr 2019 09:34:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729702AbfDPQcR (ORCPT + 99 others); Tue, 16 Apr 2019 12:32:17 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:59366 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726647AbfDPQcR (ORCPT ); Tue, 16 Apr 2019 12:32:17 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9D23080D; Tue, 16 Apr 2019 09:32:16 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F07A53F59C; Tue, 16 Apr 2019 09:32:14 -0700 (PDT) Date: Tue, 16 Apr 2019 17:32:12 +0100 From: Dave Martin To: Amit Daniel Kachhap Cc: linux-arm-kernel@lists.infradead.org, Marc Zyngier , Catalin Marinas , Will Deacon , Kristina Martsenko , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , linux-kernel@vger.kernel.org Subject: Re: [PATCH v9 4/5] KVM: arm64: Add capability to advertise ptrauth for guest Message-ID: <20190416163212.GX3567@e103592.cambridge.arm.com> References: <1555039236-10608-1-git-send-email-amit.kachhap@arm.com> <1555039236-10608-5-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1555039236-10608-5-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 12, 2019 at 08:50:35AM +0530, Amit Daniel Kachhap wrote: > This patch advertises the capability of two cpu feature called address > pointer authentication and generic pointer authentication. These > capabilities depend upon system support for pointer authentication and > VHE mode. > > The current arm64 KVM partially implements pointer authentication and > support of address/generic authentication are tied together. However, > separate ABI requirements for both of them is added so that any future > isolated implementation will not require any ABI changes. > > Signed-off-by: Amit Daniel Kachhap > Cc: Mark Rutland > Cc: Marc Zyngier > Cc: Christoffer Dall > Cc: kvmarm@lists.cs.columbia.edu > --- > Changes since v8: > * Keep the capability check same for the 2 vcpu ptrauth features. [Dave Martin] > > Documentation/virtual/kvm/api.txt | 2 ++ > arch/arm64/kvm/reset.c | 5 +++++ > include/uapi/linux/kvm.h | 2 ++ > 3 files changed, 9 insertions(+) > > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt > index 9d202f4..56021d0 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -2756,9 +2756,11 @@ Possible features: > - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication > for the CPU and supported only on arm64 architecture. > Must be requested if KVM_ARM_VCPU_PTRAUTH_GENERIC is also requested. > + Depends on KVM_CAP_ARM_PTRAUTH_ADDRESS. What if KVM_CAP_ARM_PTRAUTH_ADDRESS is absent and KVM_ARM_VCPU_PTRAUTH_GENERIC is requested? By these rules, we have a contradiction: userspace both must request and must not request KVM_ARM_VCPU_PTRAUTH_ADDRESS. We could qualify as follows: Depends on KVM_CAP_ARM_PTRAUTH_ADDRESS. Must be requested if KVM_CAP_ARM_PTRAUTH_ADDRESS is present and KVM_ARM_VCPU_PTRAUTH_GENERIC is also requested. > - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication > for the CPU and supported only on arm64 architecture. > Must be requested if KVM_ARM_VCPU_PTRAUTH_ADDRESS is also requested. > + Depends on KVM_CAP_ARM_PTRAUTH_GENERIC. Similarly. Or, we go back to having a single cap and a single feature, and add more caps/features later on if we decide it's possible to support address/generic auth separately later on. Otherwise, we end up with complex rules that can't be tested. This is a high price to pay for forwards compatibility: userspace's conformance to the rules can't be fully tested, so there's a fair chance it won't work properly anyway when hardware/KVM with just one auth type appears. [...] Thoughts? Cheers ---Dave