[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52d3f9c8-fc27-bf3d-f8f3-1b3921508a8c@arm.com>
Date: Wed, 20 Mar 2019 18:06:46 +0000
From: Julien Thierry <julien.thierry@....com>
To: Kristina Martsenko <kristina.martsenko@....com>,
Amit Daniel Kachhap <amit.kachhap@....com>,
linux-arm-kernel@...ts.infradead.org
Cc: Christoffer Dall <christoffer.dall@....com>,
Marc Zyngier <marc.zyngier@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Andrew Jones <drjones@...hat.com>,
Dave Martin <Dave.Martin@....com>,
Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
kvmarm@...ts.cs.columbia.edu, linux-kernel@...r.kernel.org,
Mark Rutland <mark.rutland@....com>,
James Morse <james.morse@....com>
Subject: Re: [PATCH v7 9/10] KVM: arm64: docs: document KVM support of pointer
authentication
On 20/03/2019 15:04, Kristina Martsenko wrote:
> On 20/03/2019 13:37, Julien Thierry wrote:
>> Hi Amit,
>>
>> On 19/03/2019 08:30, Amit Daniel Kachhap wrote:
>>> This adds sections for KVM API extension for pointer authentication.
>>> A brief description about usage of pointer authentication for KVM guests
>>> is added in the arm64 documentations.
>
> [...]
>
>>> diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
>>> index 7de9eee..b5c66bc 100644
>>> --- a/Documentation/virtual/kvm/api.txt
>>> +++ b/Documentation/virtual/kvm/api.txt
>>> @@ -2659,6 +2659,12 @@ Possible features:
>>> Depends on KVM_CAP_ARM_PSCI_0_2.
>>> - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU.
>>> Depends on KVM_CAP_ARM_PMU_V3.
>>> + - KVM_ARM_VCPU_PTRAUTH_ADDRESS:
>>> + - KVM_ARM_VCPU_PTRAUTH_GENERIC:
>>> + Enables Pointer authentication for the CPU.
>>> + Depends on KVM_CAP_ARM_PTRAUTH and only on arm64 architecture. If
>>> + set, then the KVM guest allows the execution of pointer authentication
>>> + instructions. Otherwise, KVM treats these instructions as undefined.
>>>
>>
>> Overall I feel one could easily get confused to whether
>> PTRAUTH_ADDRESS/GENERIC are two individual features, whether one is a
>> superset of the other, if the names are just an alias of one another, etc...
>>
>> I think the doc should at least stress out that *both* flags are
>> required to enable ptrauth in a guest. However it raises the question,
>> if we don't plan to support the features individually (because we
>> can't), should we really expose two feature flags? I seems odd to
>> introduce two flags that only do something if used together...
>
> Why can't we support the features individually? For example, if we ever
> get a system where all CPUs support address authentication and none of
> them support generic authentication, then we could still support address
> authentication in the guest.
>
>
That's a good point, I didn't think of that.
Although, currently we don't have a way to detect that we are in such a
configuration. So as is, both flags are required to enable either
feature, and I feel the documentation should be clear on that aspect.
Another option would be to introduce a flag that enables both for now,
and if one day we decide to support the configuration you mentioned we
could add "more modular" flags that allow you to control those features
individually. While a bit cumbersome, I would find that less awkward
than having two flags that only do something if both are present.
Thanks,
--
Julien Thierry
Powered by blists - more mailing lists