lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Zpi3vjxLQ37Q_8OV@linux.dev>
Date: Wed, 17 Jul 2024 23:35:42 -0700
From: Oliver Upton <oliver.upton@...ux.dev>
To: Shaoqin Huang <shahuang@...hat.com>
Cc: Marc Zyngier <maz@...nel.org>, kvmarm@...ts.linux.dev,
	Mark Brown <broonie@...nel.org>, Eric Auger <eauger@...hat.com>,
	Sebastian Ott <sebott@...hat.com>,
	Cornelia Huck <cohuck@...hat.com>,
	James Morse <james.morse@....com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>, linux-arm-kernel@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 2/3] KVM: arm64: Allow userspace to change
 ID_AA64PFR1_EL1

On Wed, Jul 17, 2024 at 11:50:15PM -0400, Shaoqin Huang wrote:
> Allow userspace to change the guest-visible value of the register with
> different way of handling:
> 
>   - Since the RAS and MPAM is not writable in the ID_AA64PFR0_EL1
>     register, RAS_frac and MPAM_frac are also not writable in the
>     ID_AA64PFR1_EL1 register.
> 
>   - The MTE is controlled by an internal flag (KVM_ARCH_FLAG_MTE_ENABLED),
>     so it's not writable.

The flag isn't the relevant part, what's important about MTE is that it
already has a separate UAPI for controlling it (KVM_CAP_ARM_MTE).

>   - For those fields which KVM doesn't know how to handle, they have
>     are not exposed to the guest (being disabled in the register read
>     accessor), those fields value will always be 0. Allow those fields
>     writable is fine, since the userspace can only write 0 into those
>     fields. Maybe in the future KVM know how to handle some of the
>     fields, then they can be written into other value.
>     So let them writable.
>     Those fields include SME, RNDR_trap, NMI, GCS, THE, DF2, PFAR,
>     MTE_frac, MTEX.

This doesn't seem right. We're committing to a UAPI behavior the moment
these fields are advertised to userspace, which is rather difficult to
do for features that we don't even implement.

Please only advertise the fields known to KVM and leave the others
unadvertised.

>   - The BT, SSBS, CSV2_frac don't introduce any new registers which KVM
>     doesn't know how to handle, they can be written without ill effect.
>     So let them writable.

I think the handling of ARM_SMCCC_ARCH_WORKAROUND_2 needs to be updated
to consider the presence of FEAT_SSBS in the guest's ID registers.
Otherwise we'll wind up returning NOT_SUPPORTED and the guest will
conclude it is in a vulnerable state.

-- 
Thanks,
Oliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ