Message ID | 1610152163-16554-1-git-send-email-sramana@codeaurora.org (mailing list archive) |
---|---|
Headers | show |
Series | arm64: cpufeature: Add filter function to control | expand |
Hi Srinivas, On 2021-01-09 00:29, Srinivas Ramana wrote: > This patchset adds a control function for cpufeature framework > so that the feature can be controlled at runtime. > > Defer PAC on boot core and use the filter function added to disable > PAC from command line. This will help toggling the feature on systems > that do not support PAC or where PAC needs to be disabled at runtime, > without modifying the core kernel. > > The idea of adding the filter function for cpufeature is taken from > https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-25-catalin.marinas@arm.com/ > https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-24-catalin.marinas@arm.com/ > > Srinivas Ramana (3): > arm64: Defer enabling pointer authentication on boot core > arm64: cpufeature: Add a filter function to cpufeature > arm64: Enable control of pointer authentication using early param > > Documentation/admin-guide/kernel-parameters.txt | 6 +++ > arch/arm64/include/asm/cpufeature.h | 8 +++- > arch/arm64/include/asm/pointer_auth.h | 10 +++++ > arch/arm64/include/asm/stackprotector.h | 1 + > arch/arm64/kernel/cpufeature.c | 53 > +++++++++++++++++++------ > arch/arm64/kernel/head.S | 4 -- > 6 files changed, 64 insertions(+), 18 deletions(-) I've been working for some time on a similar series to allow a feature set to be disabled during the early boot phase, initially to prevent booting a kernel with VHE, but the mechanism is generic enough to deal with most architectural features. I took the liberty to lift your first patch and to add it to my series[1], further allowing PAuth to be disabled at boot time on top of BTI and VHE. I'd appreciate your comments on this. Thanks, M. [1] https://lore.kernel.org/r/20210111132811.2455113-1-maz@kernel.org
Hi Marc, On 1/11/2021 5:40 AM, Marc Zyngier wrote: > Hi Srinivas, > > On 2021-01-09 00:29, Srinivas Ramana wrote: >> This patchset adds a control function for cpufeature framework >> so that the feature can be controlled at runtime. >> >> Defer PAC on boot core and use the filter function added to disable >> PAC from command line. This will help toggling the feature on systems >> that do not support PAC or where PAC needs to be disabled at runtime, >> without modifying the core kernel. >> >> The idea of adding the filter function for cpufeature is taken from >> https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-25-catalin.marinas@arm.com/ >> >> https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-24-catalin.marinas@arm.com/ >> >> >> Srinivas Ramana (3): >> arm64: Defer enabling pointer authentication on boot core >> arm64: cpufeature: Add a filter function to cpufeature >> arm64: Enable control of pointer authentication using early param >> >> Documentation/admin-guide/kernel-parameters.txt | 6 +++ >> arch/arm64/include/asm/cpufeature.h | 8 +++- >> arch/arm64/include/asm/pointer_auth.h | 10 +++++ >> arch/arm64/include/asm/stackprotector.h | 1 + >> arch/arm64/kernel/cpufeature.c | 53 >> +++++++++++++++++++------ >> arch/arm64/kernel/head.S | 4 -- >> 6 files changed, 64 insertions(+), 18 deletions(-) > > I've been working for some time on a similar series to allow a feature > set to be disabled during the early boot phase, initially to prevent > booting a kernel with VHE, but the mechanism is generic enough to > deal with most architectural features. > > I took the liberty to lift your first patch and to add it to my > series[1], > further allowing PAuth to be disabled at boot time on top of BTI and VHE. > > I'd appreciate your comments on this. Thanks for sending this series. It seems to be more flexible compared you what we did. Following your discussion on allowing EXACT ftr_reg values. Btw, do you have plan to add MTE in similar lines to control the feature? We may be needing this on some systems. > > Thanks, > > M. > > [1] https://lore.kernel.org/r/20210111132811.2455113-1-maz@kernel.org Thanks, -- Srinivas R
On 2021-01-14 07:15, Srinivas Ramana wrote: > Hi Marc, > > On 1/11/2021 5:40 AM, Marc Zyngier wrote: >> Hi Srinivas, >> >> On 2021-01-09 00:29, Srinivas Ramana wrote: >>> This patchset adds a control function for cpufeature framework >>> so that the feature can be controlled at runtime. >>> >>> Defer PAC on boot core and use the filter function added to disable >>> PAC from command line. This will help toggling the feature on systems >>> that do not support PAC or where PAC needs to be disabled at runtime, >>> without modifying the core kernel. >>> >>> The idea of adding the filter function for cpufeature is taken from >>> https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-25-catalin.marinas@arm.com/ >>> https://lore.kernel.org/linux-arm-kernel/20200515171612.1020-24-catalin.marinas@arm.com/ >>> Srinivas Ramana (3): >>> arm64: Defer enabling pointer authentication on boot core >>> arm64: cpufeature: Add a filter function to cpufeature >>> arm64: Enable control of pointer authentication using early param >>> >>> Documentation/admin-guide/kernel-parameters.txt | 6 +++ >>> arch/arm64/include/asm/cpufeature.h | 8 +++- >>> arch/arm64/include/asm/pointer_auth.h | 10 +++++ >>> arch/arm64/include/asm/stackprotector.h | 1 + >>> arch/arm64/kernel/cpufeature.c | 53 >>> +++++++++++++++++++------ >>> arch/arm64/kernel/head.S | 4 -- >>> 6 files changed, 64 insertions(+), 18 deletions(-) >> >> I've been working for some time on a similar series to allow a feature >> set to be disabled during the early boot phase, initially to prevent >> booting a kernel with VHE, but the mechanism is generic enough to >> deal with most architectural features. >> >> I took the liberty to lift your first patch and to add it to my >> series[1], >> further allowing PAuth to be disabled at boot time on top of BTI and >> VHE. >> >> I'd appreciate your comments on this. > Thanks for sending this series. It seems to be more flexible compared > you what we did. > Following your discussion on allowing EXACT ftr_reg values. > > > Btw, do you have plan to add MTE in similar lines to control the > feature? > We may be needing this on some systems. I don't have any need for this at the moment, as my initial goal was to enable a different boot flow for VHE. The BTI "support" was added as a way to demonstrate the use of __read_sysreg_by_encoding(), and your patches were a good opportunity to converge on a single solution. But if you write the patches that do that, I can add them to the series, and Catalin/Will can decide whether they want to take them. Thanks, M.
On Thu, Jan 14, 2021 at 08:20:52AM +0000, Marc Zyngier wrote: > On 2021-01-14 07:15, Srinivas Ramana wrote: > > On 1/11/2021 5:40 AM, Marc Zyngier wrote: > > > On 2021-01-09 00:29, Srinivas Ramana wrote: > > > > This patchset adds a control function for cpufeature framework > > > > so that the feature can be controlled at runtime. > > > > > > > > Defer PAC on boot core and use the filter function added to disable > > > > PAC from command line. This will help toggling the feature on systems > > > > that do not support PAC or where PAC needs to be disabled at runtime, > > > > without modifying the core kernel. [...] > > > I've been working for some time on a similar series to allow a feature > > > set to be disabled during the early boot phase, initially to prevent > > > booting a kernel with VHE, but the mechanism is generic enough to > > > deal with most architectural features. > > > > > > I took the liberty to lift your first patch and to add it to my > > > series[1], > > > further allowing PAuth to be disabled at boot time on top of BTI and > > > VHE. > > > > > > I'd appreciate your comments on this. > > > > Thanks for sending this series. It seems to be more flexible compared > > you what we did. > > Following your discussion on allowing EXACT ftr_reg values. > > > > Btw, do you have plan to add MTE in similar lines to control the > > feature? > > We may be needing this on some systems. > > I don't have any need for this at the moment, as my initial goal was > to enable a different boot flow for VHE. The BTI "support" was added > as a way to demonstrate the use of __read_sysreg_by_encoding(), and > your patches were a good opportunity to converge on a single solution. > > But if you write the patches that do that, I can add them to the series, > and Catalin/Will can decide whether they want to take them. For MTE it's trickier (probably similar to VHE) as we do the setup early in proc.S before we hit the cpufeature infrastructure. So far we haven't agreed on disabling MTE means - is it disabled completely (no Normal Tagged memory type) or we just need to disable tag checking? The former is required if we expect buggy hardware (SoC-level, not necessarily CPU). The latter, at least for the kernel, is already handled via the kasan.mode cmdline. For user, we can disable the tagged address ABI via sysctl (or kernel cmdline) and it indirectly disabled MTE since the C library detects this.