| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2019 18:38:13 +0530
From: Amit Daniel Kachhap <amit.kachhap@....com>
To: Marc Zyngier <marc.zyngier@....com>,
linux-arm-kernel@...ts.infradead.org
Cc: Christoffer Dall <christoffer.dall@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Andrew Jones <drjones@...hat.com>,
Dave Martin <Dave.Martin@....com>,
Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
kvmarm@...ts.cs.columbia.edu,
Kristina Martsenko <kristina.martsenko@....com>,
linux-kernel@...r.kernel.org, Mark Rutland <mark.rutland@....com>,
James Morse <james.morse@....com>,
Julien Thierry <julien.thierry@....com>
Subject: Re: [PATCH v9 1/5] KVM: arm64: Add a vcpu flag to control ptrauth for
guest
Hi,
On 4/17/19 2:05 PM, Marc Zyngier wrote:
> On 12/04/2019 04:20, Amit Daniel Kachhap wrote:
>> A per vcpu flag is added to check if pointer authentication is
>> enabled for the vcpu or not. This flag may be enabled according to
>> the necessary user policies and host capabilities.
>>
>> This patch also adds a helper to check the flag.
>>
>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@....com>
>> Cc: Mark Rutland <mark.rutland@....com>
>> Cc: Marc Zyngier <marc.zyngier@....com>
>> Cc: Christoffer Dall <christoffer.dall@....com>
>> Cc: kvmarm@...ts.cs.columbia.edu
>> ---
>>
>> Changes since v8:
>> * Added a new per vcpu flag which will store Pointer Authentication enable
>> status instead of checking them again. [Dave Martin]
>>
>> arch/arm64/include/asm/kvm_host.h | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
>> index 9d57cf8..31dbc7c 100644
>> --- a/arch/arm64/include/asm/kvm_host.h
>> +++ b/arch/arm64/include/asm/kvm_host.h
>> @@ -355,10 +355,14 @@ struct kvm_vcpu_arch {
>> #define KVM_ARM64_HOST_SVE_ENABLED (1 << 4) /* SVE enabled for EL0 */
>> #define KVM_ARM64_GUEST_HAS_SVE (1 << 5) /* SVE exposed to guest */
>> #define KVM_ARM64_VCPU_SVE_FINALIZED (1 << 6) /* SVE config completed */
>> +#define KVM_ARM64_GUEST_HAS_PTRAUTH (1 << 7) /* PTRAUTH exposed to guest */
>>
>> #define vcpu_has_sve(vcpu) (system_supports_sve() && \
>> ((vcpu)->arch.flags & KVM_ARM64_GUEST_HAS_SVE))
>>
>> +#define vcpu_has_ptrauth(vcpu) \
>> + ((vcpu)->arch.flags & KVM_ARM64_GUEST_HAS_PTRAUTH)
>> +
>
> Just as for SVE, please first check that the system has PTRAUTH.
> Something like:
>
> (cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH_ARCH) && \
> ((vcpu)->arch.flags & KVM_ARM64_GUEST_HAS_PTRAUTH))
In the subsequent patches, vcpu->arch.flags is only set to
KVM_ARM64_GUEST_HAS_PTRAUTH when all host capability check conditions
matches such as system_supports_address_auth(),
system_supports_generic_auth() so doing them again is repetitive in my view.
Thanks,
Amit D
>
> This will save an extra load on unsuspecting CPUs thanks to the static
> key embedded in the capability structure.
>
> Thanks,
>
> M.
>
Powered by blists - more mailing lists