Received: by 2002:a05:6358:16cd:b0:dc:6189:e246 with SMTP id r13csp1067406rwl; Fri, 4 Nov 2022 09:23:06 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7tRlvQYLoh6tpFzlf9kUUj+3zsRcXyb126hdzb2rSysrOAuaBBI2R6cLvfVkIdcvG+o23m X-Received: by 2002:a17:90a:5509:b0:213:98ab:da74 with SMTP id b9-20020a17090a550900b0021398abda74mr38260103pji.208.1667578986485; Fri, 04 Nov 2022 09:23:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667578986; cv=none; d=google.com; s=arc-20160816; b=RCoqf5HNt6oRNYv9m+/KF48Tz+lEIDtP9RSaKyi2rKwg8TAEKyvp2i2pbSL49e/EEA fOPWkEvqZbcLySRZgBqjfuqaFSOy3Ce8MfOmM9b5+JVswHB/aRnQnFauSuvzMsKoFkZr pj+QtqoYayKOyqjNR7xEjB6k99mgCOMyjFtqDjlM76rn39ZEjJV+iUmzf8Cw1bplRpFk sCFcQOV0dtDz4GFukPRdWcCBvo64sXyqw6UiACRmxcSTSPUK7q/4racZfI2+dUVAJkup GfQ0mbXyUmRij8ELexLQ4yPMDOzaGv48zwb0b3FMDHOOqS/OI15lGU+PxRPpO/hl8qCb TYdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=qNA6zqr2PcAjMYx/Nu0Iq5CEVUmUE9jYrFW6GkDx7KA=; b=U0hfuOOhFtuda6UlaWIsE6W7L6fI9A460JT71Q1FXMNq5HwNse7VLN1GGHTWIr+j7n bizCsgg7FtPuJ+PxrGaZbhYa2ya7mHi4Tmlvus3YFvfdpJ9CExcPwK0bANqNU8clsW0E JPt0tjCtOkSpfY4IiB9/lHZznk5boAYQwuZjjtxslwKAuZUPRHWqbHFPCNgYNa7F2V4z JpVaPbS2ehkzzbRHgAlDvWGcHzJf/cgXbzl0t1NMWD1+qC2P9nDJVpkJUu6fKLA/JUMH XQWjId3yTkBgY3p5SIHkRB8kbLYcB16mz6wbtPuCKaRZNgRJVEeQH2qXBZCfGNf17GQD oDaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mq18-20020a17090b381200b00212cae10683si4780262pjb.69.2022.11.04.09.22.54; Fri, 04 Nov 2022 09:23:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230008AbiKDQUf (ORCPT + 96 others); Fri, 4 Nov 2022 12:20:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232065AbiKDQUX (ORCPT ); Fri, 4 Nov 2022 12:20:23 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F7084AF27 for ; Fri, 4 Nov 2022 09:19:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7A3DBB80C6A for ; Fri, 4 Nov 2022 16:19:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 815D7C433D6; Fri, 4 Nov 2022 16:19:54 +0000 (UTC) Date: Fri, 4 Nov 2022 16:19:50 +0000 From: Catalin Marinas To: Ard Biesheuvel Cc: Eric Biggers , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Will Deacon , Mark Rutland , Marc Zyngier , "Jason A . Donenfeld" , Kees Cook , Suzuki K Poulose , Adam Langley Subject: Re: [RFC PATCH] arm64: Enable data independent timing (DIT) in the kernel Message-ID: References: <20221027112741.1678057-1-ardb@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 04, 2022 at 10:29:10AM +0100, Ard Biesheuvel wrote: > On Fri, 4 Nov 2022 at 09:09, Eric Biggers wrote: > > On Thu, Oct 27, 2022 at 01:27:41PM +0200, Ard Biesheuvel wrote: > > > Given that running privileged code with DIT disabled on a CPU that > > > implements support for it may result in a side channel that exposes > > > privileged data to unprivileged user space processes, let's enable DIT > > > while running in the kernel if supported by all CPUs. > > > > This patch looks good to me, though I'm not an expert in low-level arm64 stuff. > > It's a bit unfortunate that we have to manually create the .inst to enable DIT > > instead of just using the assembler. But it looks like there's a reason for it > > (it's done for PAN et al. too), and based on the manual it looks correct. > > Yes. The reason is that the assembler requires -march=armv8.2-a to be > passed when using the DIT register (and similar requirements apply to > the other registers). However, doing so may result in object code that > can no longer run on pre-v8.2 cores, whereas the DIT accesses > themselves are only emitted in a carefully controlled manner anyway, > so keeping the arch baseline to v8.0 and using .inst is the cleanest > way around this. We worked around this already by defining asm-arch in arch/arm64/Makefile to the latest that the assembler supports while keeping the C compiler on armv8.0. Unlike the C compiler, the assembler shouldn't generate new instructions unless specifically asked through inline asm or .S files. We use this trick for MTE already (and LSE atomics), though we needed another __MTE_PREAMBLE as armv8.5-a wasn't sufficient for these instructions. I think we ended up with .inst initially as binutils did not support some of those instructions. We could try to clean them up but it's a bit of a hassle to check which versions your binutils supports. -- Catalin