lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2019 18:18:16 +0530 From: Amit Daniel Kachhap <amit.kachhap@....com> To: Dave Martin <Dave.Martin@....com> Cc: Marc Zyngier <marc.zyngier@....com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, linux-kernel@...r.kernel.org, Kristina Martsenko <kristina.martsenko@....com>, Ramana Radhakrishnan <ramana.radhakrishnan@....com>, kvmarm@...ts.cs.columbia.edu, linux-arm-kernel@...ts.infradead.org Subject: Re: [kvmtool PATCH v10 5/5] KVM: arm/arm64: Add a vcpu feature for pointer authentication Hi Dave, On 5/28/19 3:41 PM, Dave Martin wrote: > On Wed, Apr 24, 2019 at 02:41:21PM +0100, Dave Martin wrote: >> On Wed, Apr 24, 2019 at 12:32:22PM +0530, Amit Daniel Kachhap wrote: >>> Hi, >>> >>> On 4/23/19 9:16 PM, Dave Martin wrote: > > [...] > >>>>> diff --git a/arm/kvm-cpu.c b/arm/kvm-cpu.c >>>>> index 7780251..acd1d5f 100644 >>>>> --- a/arm/kvm-cpu.c >>>>> +++ b/arm/kvm-cpu.c >>>>> @@ -68,6 +68,18 @@ struct kvm_cpu *kvm_cpu__arch_init(struct kvm *kvm, unsigned long cpu_id) >>>>> vcpu_init.features[0] |= (1UL << KVM_ARM_VCPU_PSCI_0_2); >>>>> } >>>>> + /* Check Pointer Authentication command line arguments. */ >>>>> + if (kvm->cfg.arch.enable_ptrauth && kvm->cfg.arch.disable_ptrauth) >>>>> + die("Both enable-ptrauth and disable-ptrauth option cannot be present"); >>>> >>>> Preferably, print the leading dashes, the same as the user would see >>>> on the command line (e.g., --enable-ptrauth, --disable-ptrauth). >>>> >>>> For brevity, we could write something like: >>>> >>>> die("--enable-ptrauth conflicts with --disable-ptrauth"); > > [...] > >>>>> @@ -106,8 +118,12 @@ struct kvm_cpu *kvm_cpu__arch_init(struct kvm *kvm, unsigned long cpu_id) >>>>> die("Unable to find matching target"); >>>>> } >>>>> - if (err || target->init(vcpu)) >>>>> - die("Unable to initialise vcpu"); >>>>> + if (err || target->init(vcpu)) { >>>>> + if (kvm->cfg.arch.enable_ptrauth) >>>>> + die("Unable to initialise vcpu with pointer authentication feature"); >>>> >>>> We don't special-case this error message for any other feature yet: >>>> there are a variety of reasons why we might have failed, so suggesting >>>> that the failure is something to do with ptrauth may be misleading to >>>> the user. >>>> >>>> If we want to be more informative, we could do something like the >>>> following: >>>> >>>> bool supported; >>>> >>>> supported = kvm__supports_extension(kvm, KVM_CAP_ARM_PTRAUTH_ADDRESS) && >>>> kvm__supports_extension(kvm, KVM_CAP_ARM_PTRAUTH_GENERIC); >>>> >>>> if (kvm->cfg.arch.enable_ptrauth && !supported) >>>> die("--enable-ptrauth not supported on this host"); >>>> >>>> if (supported && !kvm->cfg.arch.disable_ptrauth) >>>> vcpu_init.features[0] |= ARM_VCPU_PTRAUTH_FEATURE; >>>> >>>> /* ... */ >>>> >>>> if (err || target->init(vcpu)) >>>> die("Unable to initialise vcpu"); >>>> >>>> We don't do this for any other feature today, but since it helps the >>>> user to understand what went wrong it's probably a good idea. >>> Yes this is more clear. As Mark has picked the core guest ptrauth patches. I >>> will post this changes as standalone. >> >> Sounds good. (I also need to do that separately for SVE...) > > Were you planning to repost this? > > Alternatively, I can fix up the diagnostic messages discussed here and > post it together with the SVE support. I'll do that locally for now, > but let me know what you plan to do. I'd like to get the SVE support > posted soon so that people can test it. I will clean up the print messages as you suggested and repost it shortly. Thanks, Amit Daniel > > Cheers > ---Dave >
Powered by blists - more mailing lists