From: Mark Rutland <mark.rutland@arm.com>
To: Christoffer Dall <christoffer.dall@linaro.org>
Cc: linux-arm-kernel@lists.infradead.org, arnd@arndb.de,
catalin.marinas@arm.com, cdall@linaro.org,
kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org,
marc.zyngier@arm.com, suzuki.poulose@arm.com,
will.deacon@arm.com, yao.qi@arm.com,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org, awallis@codeaurora.org
Subject: Re: [PATCHv2 05/12] arm64: Don't trap host pointer auth use to EL2
Date: Mon, 12 Feb 2018 16:00:39 +0000
Message-ID: <20180212160039.br2emy3zt6ftmwfu@lakrids.cambridge.arm.com> (raw)
In-Reply-To: <20180206123906.GZ21802@cbox>
On Tue, Feb 06, 2018 at 01:39:06PM +0100, Christoffer Dall wrote:
> Hi Mark,
>
> On Mon, Nov 27, 2017 at 04:37:59PM +0000, Mark Rutland wrote:
> > To allow EL0 (and/or EL1) to use pointer authentication functionality,
> > we must ensure that pointer authentication instructions and accesses to
> > pointer authentication keys are not trapped to EL2 (where we will not be
> > able to handle them).
>
> ...on non-VHE systems, presumably?
For EL0 usage, we don't want to trap even in the absence of VHE, so I'll
drop the bit in brackets entirely.
> > This patch ensures that HCR_EL2 is configured appropriately when the
> > kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK},
> > ensuring that EL1 can access keys and permit EL0 use of instructions.
> > For VHE kernels, EL2 access is controlled by EL3, and we need not set
> > anything.
>
>
> for VHE kernels host EL0 (TGE && E2H) is unaffected by these settings,
> and it doesn't matter how we configure HCR_EL2.{API,APK}.
>
> (Because you do actually set these bits when the features are present if
> I read the code correctly).
Ah, true. I've taken your proposed wording.
> > This does not enable support for KVM guests, since KVM manages HCR_EL2
> > itself.
>
> (...when running VMs.)
>
>
> Besides the nits:
>
> Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Cheers!
Mark.
next prev parent reply index
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 16:37 [PATCHv2 00/12] ARMv8.3 pointer authentication userspace support Mark Rutland
2017-11-27 16:37 ` [PATCHv2 01/12] asm-generic: mm_hooks: allow hooks to be overridden individually Mark Rutland
2017-11-27 16:37 ` [PATCHv2 02/12] arm64: add pointer authentication register bits Mark Rutland
2017-11-27 16:37 ` [PATCHv2 03/12] arm64/cpufeature: add ARMv8.3 id_aa64isar1 bits Mark Rutland
2017-11-27 16:37 ` [PATCHv2 04/12] arm64/cpufeature: detect pointer authentication Mark Rutland
2017-11-27 16:37 ` [PATCHv2 05/12] arm64: Don't trap host pointer auth use to EL2 Mark Rutland
2018-02-06 12:39 ` Christoffer Dall
2018-02-12 16:00 ` Mark Rutland [this message]
2017-11-27 16:38 ` [PATCHv2 06/12] arm64: add basic pointer authentication support Mark Rutland
2018-05-22 19:06 ` Adam Wallis
2017-11-27 16:38 ` [PATCHv2 07/12] arm64: expose user PAC bit positions via ptrace Mark Rutland
2017-11-27 16:38 ` [PATCHv2 08/12] arm64: perf: strip PAC when unwinding userspace Mark Rutland
2017-11-27 16:38 ` [PATCHv2 09/12] arm64/kvm: preserve host HCR_EL2 value Mark Rutland
2018-02-06 12:39 ` Christoffer Dall
2018-04-09 14:57 ` Mark Rutland
2018-04-09 19:03 ` Christoffer Dall
2017-11-27 16:38 ` [PATCHv2 10/12] arm64/kvm: context-switch ptrauth registers Mark Rutland
2018-02-06 12:38 ` Christoffer Dall
2018-03-09 14:28 ` Mark Rutland
2018-04-09 12:58 ` Christoffer Dall
2018-04-09 14:37 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 11/12] arm64: enable pointer authentication Mark Rutland
2017-11-27 16:38 ` [PATCHv2 12/12] arm64: docs: document " Mark Rutland
2017-11-28 15:07 ` Andrew Jones
2017-12-04 12:39 ` Mark Rutland
2017-12-04 12:49 ` Andrew Jones
Reply instructions:
You may reply publically to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180212160039.br2emy3zt6ftmwfu@lakrids.cambridge.arm.com \
--to=mark.rutland@arm.com \
--cc=arnd@arndb.de \
--cc=awallis@codeaurora.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@linaro.org \
--cc=christoffer.dall@linaro.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=yao.qi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git