lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Mar 2019 13:50:59 +0000
From:   Dave Martin <Dave.Martin@....com>
To:     Amit Daniel Kachhap <amit.kachhap@....com>
Cc:     Kristina Martsenko <kristina.martsenko@....com>,
        Marc Zyngier <marc.zyngier@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        linux-kernel@...r.kernel.org,
        Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
        kvmarm@...ts.cs.columbia.edu, linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v7 9/10] KVM: arm64: docs: document KVM support of
 pointer authentication

On Wed, Mar 27, 2019 at 05:19:28PM +0530, Amit Daniel Kachhap wrote:
> Hi,
> 
> On 3/27/19 4:14 PM, Dave Martin wrote:
> >On Mon, Mar 25, 2019 at 08:05:49PM +0000, Kristina Martsenko wrote:
> >>On 19/03/2019 08:30, Amit Daniel Kachhap wrote:
> >>>This adds sections for KVM API extension for pointer authentication.
> >>>A brief description about usage of pointer authentication for KVM guests
> >>>is added in the arm64 documentations.
> >>>
> >>>Signed-off-by: Amit Daniel Kachhap <amit.kachhap@....com>
> >>>Cc: Mark Rutland <mark.rutland@....com>
> >>>Cc: Christoffer Dall <christoffer.dall@....com>
> >>>Cc: Marc Zyngier <marc.zyngier@....com>
> >>>Cc: kvmarm@...ts.cs.columbia.edu
> >>
> >>I think it makes sense to also update the Kconfig symbol description for
> >>CONFIG_ARM64_PTR_AUTH, since it currently only mentions userspace
> >>support, but now the option also enables KVM guest support.
> >>
> >>It's also worth mentioning that CONFIG_ARM64_VHE=y is required for guest
> >>support.
> >
> >Is it worth making this dependency explicit in Kconfig?
> Currently there is discrepancy that userspace supports ptrauth in both
> nVHE/VHE mode and KVM guest only in VHE mode. I suppose adding explicit
> dependency flag here makes both of them similar.

Looking at the history, for SVE this Kconfig restriction has always been
present.  Since ptrauth initially upstreamed without an equivalent
restriction in Kconfig, adding it now could be seen as a regression.

So, maybe it's not worth it here.

You could add a separate option, say

config ARM64_PTR_AUTH_KVM
	bool "Pointer authentication support for KVM guests"
	default y
	depends on ARM64_PTR_AUTH && ARM64_VHE && KVM

...but that may be overkill.

Cheers,
---Dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ