From patchwork Mon Jan 11 23:11:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 12011749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-21.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5C3DC433DB for ; Mon, 11 Jan 2021 23:16:52 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 354E622D07 for ; Mon, 11 Jan 2021 23:16:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 354E622D07 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:55948 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kz6Qd-0000ye-3g for qemu-devel@archiver.kernel.org; Mon, 11 Jan 2021 18:16:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51088) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kz6LJ-0004eu-Dr for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:22 -0500 Received: from mail-pg1-x52d.google.com ([2607:f8b0:4864:20::52d]:34673) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kz6LE-0006CB-Ll for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:21 -0500 Received: by mail-pg1-x52d.google.com with SMTP id i5so177207pgo.1 for ; Mon, 11 Jan 2021 15:11:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UMumzk4fm+ReubqkvThPEU9TX17+RjW08bNhr8jJ4Ok=; b=VCrGfXHdYTeywmvh5VGW2sEx6OlZELG+v45spTTE/O3ULFc0t2XrzIG8G9ePgrDfZb o+NXuANfJ/Tweh8fuFCt+FOIIbVHlUm2I6gjGL8nV8+pVFSEqULhqzHAJQjJS0/p7hj0 PWreKt/TrbLSfdDzD0bDVWuQi+cX2ATNwMitHCJ2FwRDF99NBgIKVSVIAQ+20908WdBB pn1Pw33uxzfNZDTQR6Z/qRreb6uzdiaGKthDWKYktS+9lbvayz7lMUZSp9rkDjBjnSu8 B+Uxzd8LyQ8bM0cHq7IjbMfAK2JV2d/uh5Nvi0C42FcpppbX9Qry23Ee0KMcB7QLVsRm Li4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UMumzk4fm+ReubqkvThPEU9TX17+RjW08bNhr8jJ4Ok=; b=o307itrT8k/7XbFwYd0Mr6V65ak8lZBgT2WhyvGw6jpCWdmOCo+EB1JhBwpOPpSLL7 Y3oBtF+DOAQRPvNPRLbp5qxAebORA3UsyesKK1iXTwYcbMJ5e/ZDUYQJaz5An70vudp9 qPTF+leA3Nc8nPkn7EHm9JOuF3gNNka1h4hOb1TE1QFuInp1iSIwtvoCLY8HFGODfIqN Q/1z4BolGR/CTpOZkA/rQuzlErca5wyVdqZ9BYYbQHMTQzwQgjyU8mEULhURltC9aKuk v8Hj1+QYrwLsDScRNBQ49CTCxHIAvBy2FHYnKr7apEp5mDYSX4omCNV0gsdg9Nq7/TR3 v+Fg== X-Gm-Message-State: AOAM53195/tWx/IB67KgH/nbFylu1aMTKHZvwMU8kkJOWTDxgQGud0CK yeWdpmoCb2bD6mey/8Ym6KFWO7ZJ+VvsqA== X-Google-Smtp-Source: ABdhPJz1scyzdw/c4TI6y6To5NxUfkxKa1wd+wsCIV2vifecWBWrrVGqaKkfzwLG82wDdeU92JJ4ZA== X-Received: by 2002:a63:1110:: with SMTP id g16mr1698073pgl.357.1610406673397; Mon, 11 Jan 2021 15:11:13 -0800 (PST) Received: from localhost.localdomain (rrcs-173-197-107-21.west.biz.rr.com. [173.197.107.21]) by smtp.gmail.com with ESMTPSA id g202sm658105pfb.196.2021.01.11.15.11.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Jan 2021 15:11:12 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v6 1/3] target/arm: Implement an IMPDEF pauth algorithm Date: Mon, 11 Jan 2021 13:11:06 -1000 Message-Id: <20210111231108.461088-2-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210111231108.461088-1-richard.henderson@linaro.org> References: <20210111231108.461088-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::52d; envelope-from=richard.henderson@linaro.org; helo=mail-pg1-x52d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , peter.maydell@linaro.org, qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Without hardware acceleration, a cryptographically strong algorithm is too expensive for pauth_computepac. Even with hardware accel, we are not currently expecting to link the linux-user binaries to any crypto libraries, and doing so would generally make the --static build fail. So choose XXH64 as a reasonably quick and decent hash. Tested-by: Mark Rutland Signed-off-by: Richard Henderson --- v2: Move the XXH64 bits to xxhash.h (ajb). Create isar_feature_aa64_pauth_arch and fixup a comment in isar_feature_aa64_pauth that no longer applies. v6: Introduce qemu_xxhash64_4 (pmm). --- include/qemu/xxhash.h | 98 +++++++++++++++++++++++++++++++++++++++ target/arm/cpu.h | 15 ++++-- target/arm/pauth_helper.c | 27 +++++++++-- 3 files changed, 131 insertions(+), 9 deletions(-) diff --git a/include/qemu/xxhash.h b/include/qemu/xxhash.h index 076f1f6054..c2dcccadbf 100644 --- a/include/qemu/xxhash.h +++ b/include/qemu/xxhash.h @@ -119,4 +119,102 @@ static inline uint32_t qemu_xxhash6(uint64_t ab, uint64_t cd, uint32_t e, return qemu_xxhash7(ab, cd, e, f, 0); } +/* + * Component parts of the XXH64 algorithm from + * https://github.com/Cyan4973/xxHash/blob/v0.8.0/xxhash.h + * + * The complete algorithm looks like + * + * i = 0; + * if (len >= 32) { + * v1 = seed + XXH_PRIME64_1 + XXH_PRIME64_2; + * v2 = seed + XXH_PRIME64_2; + * v3 = seed + 0; + * v4 = seed - XXH_PRIME64_1; + * do { + * v1 = XXH64_round(v1, get64bits(input + i)); + * v2 = XXH64_round(v2, get64bits(input + i + 8)); + * v3 = XXH64_round(v3, get64bits(input + i + 16)); + * v4 = XXH64_round(v4, get64bits(input + i + 24)); + * } while ((i += 32) <= len); + * h64 = XXH64_mergerounds(v1, v2, v3, v4); + * } else { + * h64 = seed + XXH_PRIME64_5; + * } + * h64 += len; + * + * for (; i + 8 <= len; i += 8) { + * h64 ^= XXH64_round(0, get64bits(input + i)); + * h64 = rol64(h64, 27) * XXH_PRIME64_1 + XXH_PRIME64_4; + * } + * for (; i + 4 <= len; i += 4) { + * h64 ^= get32bits(input + i) * PRIME64_1; + * h64 = rol64(h64, 23) * XXH_PRIME64_2 + XXH_PRIME64_3; + * } + * for (; i < len; i += 1) { + * h64 ^= get8bits(input + i) * XXH_PRIME64_5; + * h64 = rol64(h64, 11) * XXH_PRIME64_1; + * } + * + * return XXH64_avalanche(h64) + * + * Exposing the pieces instead allows for simplified usage when + * the length is a known constant and the inputs are in registers. + */ +#define XXH_PRIME64_1 0x9E3779B185EBCA87ULL +#define XXH_PRIME64_2 0xC2B2AE3D27D4EB4FULL +#define XXH_PRIME64_3 0x165667B19E3779F9ULL +#define XXH_PRIME64_4 0x85EBCA77C2B2AE63ULL +#define XXH_PRIME64_5 0x27D4EB2F165667C5ULL + +static inline uint64_t XXH64_round(uint64_t acc, uint64_t input) +{ + return rol64(acc + input * XXH_PRIME64_2, 31) * XXH_PRIME64_1; +} + +static inline uint64_t XXH64_mergeround(uint64_t acc, uint64_t val) +{ + return (acc ^ XXH64_round(0, val)) * XXH_PRIME64_1 + XXH_PRIME64_4; +} + +static inline uint64_t XXH64_mergerounds(uint64_t v1, uint64_t v2, + uint64_t v3, uint64_t v4) +{ + uint64_t h64; + + h64 = rol64(v1, 1) + rol64(v2, 7) + rol64(v3, 12) + rol64(v4, 18); + h64 = XXH64_mergeround(h64, v1); + h64 = XXH64_mergeround(h64, v2); + h64 = XXH64_mergeround(h64, v3); + h64 = XXH64_mergeround(h64, v4); + + return h64; +} + +static inline uint64_t XXH64_avalanche(uint64_t h64) +{ + h64 ^= h64 >> 33; + h64 *= XXH_PRIME64_2; + h64 ^= h64 >> 29; + h64 *= XXH_PRIME64_3; + h64 ^= h64 >> 32; + return h64; +} + +static inline uint64_t qemu_xxhash64_4(uint64_t a, uint64_t b, + uint64_t c, uint64_t d) +{ + uint64_t v1 = QEMU_XXHASH_SEED + XXH_PRIME64_1 + XXH_PRIME64_2; + uint64_t v2 = QEMU_XXHASH_SEED + XXH_PRIME64_2; + uint64_t v3 = QEMU_XXHASH_SEED + 0; + uint64_t v4 = QEMU_XXHASH_SEED - XXH_PRIME64_1; + + v1 = XXH64_round(v1, a); + v2 = XXH64_round(v2, b); + v3 = XXH64_round(v3, c); + v4 = XXH64_round(v4, d); + + return XXH64_avalanche(XXH64_mergerounds(v1, v2, v3, v4)); +} + #endif /* QEMU_XXHASH_H */ diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 7e6c881a7e..70e9618d13 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -3852,10 +3852,8 @@ static inline bool isar_feature_aa64_fcma(const ARMISARegisters *id) static inline bool isar_feature_aa64_pauth(const ARMISARegisters *id) { /* - * Note that while QEMU will only implement the architected algorithm - * QARMA, and thus APA+GPA, the host cpu for kvm may use implementation - * defined algorithms, and thus API+GPI, and this predicate controls - * migration of the 128-bit keys. + * Return true if any form of pauth is enabled, as this + * predicate controls migration of the 128-bit keys. */ return (id->id_aa64isar1 & (FIELD_DP64(0, ID_AA64ISAR1, APA, 0xf) | @@ -3864,6 +3862,15 @@ static inline bool isar_feature_aa64_pauth(const ARMISARegisters *id) FIELD_DP64(0, ID_AA64ISAR1, GPI, 0xf))) != 0; } +static inline bool isar_feature_aa64_pauth_arch(const ARMISARegisters *id) +{ + /* + * Return true if pauth is enabled with the architected QARMA algorithm. + * QEMU will always set APA+GPA to the same value. + */ + return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, APA) != 0; +} + static inline bool isar_feature_aa64_sb(const ARMISARegisters *id) { return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, SB) != 0; diff --git a/target/arm/pauth_helper.c b/target/arm/pauth_helper.c index 564c48faa6..cd6df18150 100644 --- a/target/arm/pauth_helper.c +++ b/target/arm/pauth_helper.c @@ -24,6 +24,7 @@ #include "exec/cpu_ldst.h" #include "exec/helper-proto.h" #include "tcg/tcg-gvec-desc.h" +#include "qemu/xxhash.h" static uint64_t pac_cell_shuffle(uint64_t i) @@ -207,8 +208,8 @@ static uint64_t tweak_inv_shuffle(uint64_t i) return o; } -static uint64_t pauth_computepac(uint64_t data, uint64_t modifier, - ARMPACKey key) +static uint64_t pauth_computepac_architected(uint64_t data, uint64_t modifier, + ARMPACKey key) { static const uint64_t RC[5] = { 0x0000000000000000ull, @@ -272,6 +273,22 @@ static uint64_t pauth_computepac(uint64_t data, uint64_t modifier, return workingval; } +static uint64_t pauth_computepac_impdef(uint64_t data, uint64_t modifier, + ARMPACKey key) +{ + return qemu_xxhash64_4(data, modifier, key.lo, key.hi); +} + +static uint64_t pauth_computepac(CPUARMState *env, uint64_t data, + uint64_t modifier, ARMPACKey key) +{ + if (cpu_isar_feature(aa64_pauth_arch, env_archcpu(env))) { + return pauth_computepac_architected(data, modifier, key); + } else { + return pauth_computepac_impdef(data, modifier, key); + } +} + static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier, ARMPACKey *key, bool data) { @@ -292,7 +309,7 @@ static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier, bot_bit = 64 - param.tsz; ext_ptr = deposit64(ptr, bot_bit, top_bit - bot_bit, ext); - pac = pauth_computepac(ext_ptr, modifier, *key); + pac = pauth_computepac(env, ext_ptr, modifier, *key); /* * Check if the ptr has good extension bits and corrupt the @@ -341,7 +358,7 @@ static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier, uint64_t pac, orig_ptr, test; orig_ptr = pauth_original_ptr(ptr, param); - pac = pauth_computepac(orig_ptr, modifier, *key); + pac = pauth_computepac(env, orig_ptr, modifier, *key); bot_bit = 64 - param.tsz; top_bit = 64 - 8 * param.tbi; @@ -442,7 +459,7 @@ uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y) uint64_t pac; pauth_check_trap(env, arm_current_el(env), GETPC()); - pac = pauth_computepac(x, y, env->keys.apga); + pac = pauth_computepac(env, x, y, env->keys.apga); return pac & 0xffffffff00000000ull; } From patchwork Mon Jan 11 23:11:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 12011745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3647CC433DB for ; Mon, 11 Jan 2021 23:13:13 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DA63C22D07 for ; Mon, 11 Jan 2021 23:13:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA63C22D07 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49638 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kz6N6-0006cT-0w for qemu-devel@archiver.kernel.org; Mon, 11 Jan 2021 18:13:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51092) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kz6LJ-0004f0-E7 for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:22 -0500 Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:44841) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kz6LF-0006CP-Ad for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:21 -0500 Received: by mail-pl1-x635.google.com with SMTP id r4so319969pls.11 for ; Mon, 11 Jan 2021 15:11:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=U455LnEVSnoXmT1SthMNmvTNVVMjJpc4M0FyXL5sXrI=; b=iu0T6y9EmcCQbyAlTyctcEd/3+Aoqz5w6T2srPCSv6s+E5GnBX+J2sMzTuYWpvcjfg UOMLsoJpNCRF7WD+ZmFQnfWESdlZmjf+gdSknibrcNvirL8j7V4Ch9RnbIAx1A3mLhOp MC/BOJMJsOv44sgnua4073qlezV0VPRvphY+LmddXN+1m3i0ccXuPRcnjs9NZ6jbw6mP 1/u1UbcpbE4PznyjhEQtdfwvskdOUc2hD6BtQ4QTmEd5I0V04xavd/Shxp0BZyiNH771 ozaVM6exLpFzjnQ+s2qvBUfxuvdrqY9ZhmVhjYMFtiw8gakerB7t8i8HzgJtpifuAcRZ Mn8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=U455LnEVSnoXmT1SthMNmvTNVVMjJpc4M0FyXL5sXrI=; b=sgyjhn44n4+JNth7UU3AwI4pispoFwpUP4lo0eqVTibQXSA9FBPdcL7SURLhx9V41o 08ZOzi9w8ODJPX3A4el+pOzSLubTLauS1FbY2WxumLw8+os0G2B/mKz3kCgunLdamZlV rsprwo1Oe/2Un2XbaDDz4y8UdkJNdwfaUtZY2Y5JeUFYrnAFjt2SK9u6Z3kF9cpITnns ONb75RcJzjpAaGbJklHLowaXbR5XUpJE5cwg/DSsyEZbzcY+FZ60bnU1qeZ7BiCRnbOm KpkgS5JJMZrJHJ8ajHRNO8VKAzr9Hw8TUEEAUhEuRLWOROsoOuBWAxpxcM/9dSMPELJM wxEA== X-Gm-Message-State: AOAM530192nCNFMnPrPSREboiBZGPZ3irJpewT8RlOPJoYYmuBZtph7E I0Q/PcU+zzsigH94y9eeMhfnwwkocIj6rw== X-Google-Smtp-Source: ABdhPJyIS0almxyUub2B8VZ8TE9B0SK2lqI9ShNb6XWabwcV5iUYYpFY3UBFkZaee1N36Fh+rq/VJg== X-Received: by 2002:a17:90a:68ca:: with SMTP id q10mr1266866pjj.15.1610406675430; Mon, 11 Jan 2021 15:11:15 -0800 (PST) Received: from localhost.localdomain (rrcs-173-197-107-21.west.biz.rr.com. [173.197.107.21]) by smtp.gmail.com with ESMTPSA id g202sm658105pfb.196.2021.01.11.15.11.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Jan 2021 15:11:14 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v6 2/3] target/arm: Add cpu properties to control pauth Date: Mon, 11 Jan 2021 13:11:07 -1000 Message-Id: <20210111231108.461088-3-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210111231108.461088-1-richard.henderson@linaro.org> References: <20210111231108.461088-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::635; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x635.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , peter.maydell@linaro.org, Andrew Jones , qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The crypto overhead of emulating pauth can be significant for some workloads. Add two boolean properties that allows the feature to be turned off, on with the architected algorithm, or on with an implementation defined algorithm. We need two intermediate booleans to control the state while parsing properties lest we clobber ID_AA64ISAR1 into an invalid intermediate state. Tested-by: Mark Rutland Reviewed-by: Andrew Jones Signed-off-by: Richard Henderson --- v2: Use boolean properties instead of an enum (drjones). v3: Add tests (drjones). v6: Add documentation (pmm). --- docs/system/arm/cpu-features.rst | 21 +++++++++++++++++ target/arm/cpu.h | 10 ++++++++ target/arm/cpu.c | 13 +++++++++++ target/arm/cpu64.c | 40 ++++++++++++++++++++++++++++---- target/arm/monitor.c | 3 ++- tests/qtest/arm-cpu-features.c | 13 +++++++++++ 6 files changed, 95 insertions(+), 5 deletions(-) diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-features.rst index 35196a6b75..70e0e4ef78 100644 --- a/docs/system/arm/cpu-features.rst +++ b/docs/system/arm/cpu-features.rst @@ -211,6 +211,27 @@ the list of KVM VCPU features and their descriptions. influence the guest scheduler behavior and/or be exposed to the guest userspace. +TCG VCPU Features +================= + +TCG VCPU features are CPU features that are specific to TCG. +Below is the list of TCG VCPU features and their descriptions. + + pauth Enable or disable `FEAT_Pauth`, pointer + authentication. By default, the feature is + enabled with `-cpu max`. + + pauth-impdef When `FEAT_Pauth` is enabled, either the + *impdef* (Implementation Definined) algorithm + is enabled or the *architected* QARMA algorithm + is enabled. By default the impdef algorithm + is disabled, and QARMA is enabled. + + The architected QARMA algorithm has good + cryptographic properties, but can be quite slow + to emulate. The impdef algorithm is + non-cryptographic but significantly faster. + SVE CPU Properties ================== diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 70e9618d13..06f5169f45 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -197,9 +197,11 @@ typedef struct { #ifdef TARGET_AARCH64 # define ARM_MAX_VQ 16 void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp); +void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp); #else # define ARM_MAX_VQ 1 static inline void arm_cpu_sve_finalize(ARMCPU *cpu, Error **errp) { } +static inline void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) { } #endif typedef struct ARMVectorReg { @@ -947,6 +949,14 @@ struct ARMCPU { uint64_t reset_cbar; uint32_t reset_auxcr; bool reset_hivecs; + + /* + * Intermediate values used during property parsing. + * Once finalized, the values should be read from ID_AA64ISAR1. + */ + bool prop_pauth; + bool prop_pauth_impdef; + /* DCZ blocksize, in log_2(words), ie low 4 bits of DCZID_EL0 */ uint32_t dcz_blocksize; uint64_t rvbar; diff --git a/target/arm/cpu.c b/target/arm/cpu.c index 8387e94b94..be18df5464 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1320,6 +1320,19 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp) error_propagate(errp, local_err); return; } + + /* + * KVM does not support modifications to this feature. + * We have not registered the cpu properties when KVM + * is in use, so the user will not be able to set them. + */ + if (!kvm_enabled()) { + arm_cpu_pauth_finalize(cpu, &local_err); + if (local_err != NULL) { + error_propagate(errp, local_err); + return; + } + } } if (kvm_enabled()) { diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 7cf9fc4bc6..d9feaa9cdb 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -28,6 +28,8 @@ #include "sysemu/kvm.h" #include "kvm_arm.h" #include "qapi/visitor.h" +#include "hw/qdev-properties.h" + #ifndef CONFIG_USER_ONLY static uint64_t a57_a53_l2ctlr_read(CPUARMState *env, const ARMCPRegInfo *ri) @@ -572,6 +574,36 @@ void aarch64_add_sve_properties(Object *obj) } } +void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) +{ + int arch_val = 0, impdef_val = 0; + uint64_t t; + + /* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */ + if (cpu->prop_pauth) { + if (cpu->prop_pauth_impdef) { + impdef_val = 1; + } else { + arch_val = 1; + } + } else if (cpu->prop_pauth_impdef) { + error_setg(errp, "cannot enable pauth-impdef without pauth"); + error_append_hint(errp, "Add pauth=on to the CPU property list.\n"); + } + + t = cpu->isar.id_aa64isar1; + t = FIELD_DP64(t, ID_AA64ISAR1, APA, arch_val); + t = FIELD_DP64(t, ID_AA64ISAR1, GPA, arch_val); + t = FIELD_DP64(t, ID_AA64ISAR1, API, impdef_val); + t = FIELD_DP64(t, ID_AA64ISAR1, GPI, impdef_val); + cpu->isar.id_aa64isar1 = t; +} + +static Property arm_cpu_pauth_property = + DEFINE_PROP_BOOL("pauth", ARMCPU, prop_pauth, true); +static Property arm_cpu_pauth_impdef_property = + DEFINE_PROP_BOOL("pauth-impdef", ARMCPU, prop_pauth_impdef, false); + /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); * otherwise, a CPU with as many features enabled as our emulation supports. * The version of '-cpu max' for qemu-system-arm is defined in cpu.c; @@ -627,10 +659,6 @@ static void aarch64_max_initfn(Object *obj) t = FIELD_DP64(t, ID_AA64ISAR1, DPB, 2); t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1); t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, APA, 1); /* PAuth, architected only */ - t = FIELD_DP64(t, ID_AA64ISAR1, API, 0); - t = FIELD_DP64(t, ID_AA64ISAR1, GPA, 1); - t = FIELD_DP64(t, ID_AA64ISAR1, GPI, 0); t = FIELD_DP64(t, ID_AA64ISAR1, SB, 1); t = FIELD_DP64(t, ID_AA64ISAR1, SPECRES, 1); t = FIELD_DP64(t, ID_AA64ISAR1, FRINTTS, 1); @@ -720,6 +748,10 @@ static void aarch64_max_initfn(Object *obj) cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache */ cpu->dcz_blocksize = 7; /* 512 bytes */ #endif + + /* Default to PAUTH on, with the architected algorithm. */ + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_property); } aarch64_add_sve_properties(obj); diff --git a/target/arm/monitor.c b/target/arm/monitor.c index 198b14e95e..1fdb965eb8 100644 --- a/target/arm/monitor.c +++ b/target/arm/monitor.c @@ -94,7 +94,8 @@ static const char *cpu_model_advertised_features[] = { "sve128", "sve256", "sve384", "sve512", "sve640", "sve768", "sve896", "sve1024", "sve1152", "sve1280", "sve1408", "sve1536", "sve1664", "sve1792", "sve1920", "sve2048", - "kvm-no-adjvtime", "kvm-steal-time", + "kvm-no-adjvtime", + "pauth", "pauth-impdef", NULL }; diff --git a/tests/qtest/arm-cpu-features.c b/tests/qtest/arm-cpu-features.c index bc681a95d5..8252b85bb8 100644 --- a/tests/qtest/arm-cpu-features.c +++ b/tests/qtest/arm-cpu-features.c @@ -427,6 +427,18 @@ static void sve_tests_sve_off_kvm(const void *data) qtest_quit(qts); } +static void pauth_tests_default(QTestState *qts, const char *cpu_type) +{ + assert_has_feature_enabled(qts, cpu_type, "pauth"); + assert_has_feature_disabled(qts, cpu_type, "pauth-impdef"); + assert_set_feature(qts, cpu_type, "pauth", false); + assert_set_feature(qts, cpu_type, "pauth", true); + assert_set_feature(qts, cpu_type, "pauth-impdef", true); + assert_set_feature(qts, cpu_type, "pauth-impdef", false); + assert_error(qts, cpu_type, "cannot enable pauth-impdef without pauth", + "{ 'pauth': false, 'pauth-impdef': true }"); +} + static void test_query_cpu_model_expansion(const void *data) { QTestState *qts; @@ -462,6 +474,7 @@ static void test_query_cpu_model_expansion(const void *data) assert_has_feature_enabled(qts, "cortex-a57", "aarch64"); sve_tests_default(qts, "max"); + pauth_tests_default(qts, "max"); /* Test that features that depend on KVM generate errors without. */ assert_error(qts, "max", From patchwork Mon Jan 11 23:11:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 12011743 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32F3BC433DB for ; Mon, 11 Jan 2021 23:12:59 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BD47422D07 for ; Mon, 11 Jan 2021 23:12:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BD47422D07 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:49534 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kz6Mr-0006a2-T6 for qemu-devel@archiver.kernel.org; Mon, 11 Jan 2021 18:12:57 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51094) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kz6LL-0004gE-5c for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:23 -0500 Received: from mail-pj1-x102e.google.com ([2607:f8b0:4864:20::102e]:33312) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kz6LG-0006Ck-Rc for qemu-devel@nongnu.org; Mon, 11 Jan 2021 18:11:22 -0500 Received: by mail-pj1-x102e.google.com with SMTP id w1so612265pjc.0 for ; Mon, 11 Jan 2021 15:11:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uSqBlmmaV2nVJPAfpMvtZ9TuNPcVPPBGEyURqCr9eR8=; b=LoZfIxoD7Nz1tDre55zbWQu0XPFcB8AXj6EfmE950Jsx0jdtFtFVexhVD2cFyLyRYH vFOAjSmRX1AhFRNCVURM1mU5FsQ4OMZyDRVj1sR9Rs6cY2S+WwXVZR2OIzwkncgxF14u 96y8wWqLUYYV8N/Bw182BX8p08yjRnYYi1eGN8j4oQAp603PSZVr4aiIHyA9HmduQrnk YmKnFOuOa2jCtXCxQYjBHPNmuM7bZx0Ue+uPi8I4Bay6tasdvjTPK/LELM16OaOTQbn4 MS7RxXO3uE9swpV03k5g/C6jA6bxhVfCKh3JHeW+aUFO2Pnpmi1KfnHyaNYoiJq2pWB1 02PA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uSqBlmmaV2nVJPAfpMvtZ9TuNPcVPPBGEyURqCr9eR8=; b=dcrkXo0HkPzK17LUlZSzFE8LtmBxgbiU9Io1ytnS0kAJSMUqLHX9OX+6FkNwDxuzdF Ko/1fsK1UOEiZr/uDihOKe1ul8iRIBTpvMhQM/xYW1CJWNeKCPBo0/9ALnrb/apZatiP WUpwwkA7pOV4cHNxL8ZmLLiAdighNs388GU0mXe5gTJhDnT1I6bKhGUdShMtgF6Nx/et x67GrUnrP3eu6nwdA/LFJgq3RTATbtKpBc8y7Ae/8BHyQX5ixdIqYnX0fyfHSwAW8Iaf BoIV9ROF8NayMIUGx7mCxNFbjTSb8z519CwHOBaifu4ykWWLuKwegI9xxFOZN7s99jQv c1Ug== X-Gm-Message-State: AOAM530S5SnT5wJyyR9y1HQU6dDMMF02a59KG0mxIeYzB6cSHtifl1hi LNepkYnbNt+Vf/S7q0+HNmJtAPlp4pXRnA== X-Google-Smtp-Source: ABdhPJy+cJglhwlafMvPRB6kj4gljIHPPNJXWsRCX5HZZsfXp/Hk9kc7ddJNQhSL4bPHd5g7gpF66A== X-Received: by 2002:a17:90a:c082:: with SMTP id o2mr1211934pjs.197.1610406677218; Mon, 11 Jan 2021 15:11:17 -0800 (PST) Received: from localhost.localdomain (rrcs-173-197-107-21.west.biz.rr.com. [173.197.107.21]) by smtp.gmail.com with ESMTPSA id g202sm658105pfb.196.2021.01.11.15.11.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Jan 2021 15:11:16 -0800 (PST) From: Richard Henderson To: qemu-devel@nongnu.org Subject: [PATCH v6 3/3] target/arm: Use object_property_add_bool for "sve" property Date: Mon, 11 Jan 2021 13:11:08 -1000 Message-Id: <20210111231108.461088-4-richard.henderson@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210111231108.461088-1-richard.henderson@linaro.org> References: <20210111231108.461088-1-richard.henderson@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::102e; envelope-from=richard.henderson@linaro.org; helo=mail-pj1-x102e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, Andrew Jones , qemu-arm@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" The interface for object_property_add_bool is simpler, making the code easier to understand. Reviewed-by: Andrew Jones Signed-off-by: Richard Henderson --- target/arm/cpu64.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index d9feaa9cdb..8e1fad00bb 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -488,6 +488,12 @@ static void cpu_max_set_sve_max_vq(Object *obj, Visitor *v, const char *name, cpu->sve_max_vq = max_vq; } +/* + * Note that cpu_arm_get/set_sve_vq cannot use the simpler + * object_property_add_bool interface because they make use + * of the contents of "name" to determine which bit on which + * to operate. + */ static void cpu_arm_get_sve_vq(Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) { @@ -529,26 +535,17 @@ static void cpu_arm_set_sve_vq(Object *obj, Visitor *v, const char *name, set_bit(vq - 1, cpu->sve_vq_init); } -static void cpu_arm_get_sve(Object *obj, Visitor *v, const char *name, - void *opaque, Error **errp) +static bool cpu_arm_get_sve(Object *obj, Error **errp) { ARMCPU *cpu = ARM_CPU(obj); - bool value = cpu_isar_feature(aa64_sve, cpu); - - visit_type_bool(v, name, &value, errp); + return cpu_isar_feature(aa64_sve, cpu); } -static void cpu_arm_set_sve(Object *obj, Visitor *v, const char *name, - void *opaque, Error **errp) +static void cpu_arm_set_sve(Object *obj, bool value, Error **errp) { ARMCPU *cpu = ARM_CPU(obj); - bool value; uint64_t t; - if (!visit_type_bool(v, name, &value, errp)) { - return; - } - if (value && kvm_enabled() && !kvm_arm_sve_supported()) { error_setg(errp, "'sve' feature not supported by KVM on this host"); return; @@ -563,8 +560,7 @@ void aarch64_add_sve_properties(Object *obj) { uint32_t vq; - object_property_add(obj, "sve", "bool", cpu_arm_get_sve, - cpu_arm_set_sve, NULL, NULL); + object_property_add_bool(obj, "sve", cpu_arm_get_sve, cpu_arm_set_sve); for (vq = 1; vq <= ARM_MAX_VQ; ++vq) { char name[8];