Re: [PATCH 2/2] docs/cpu-features: Update "PAuth" (Pointer Authentication) details

[Kashyap Chamarthy <kchamart@redhat.com>]

On Sat, Jan 18, 2025 at 10:04:37AM +0000, Marc Zyngier wrote:
> On Fri, 17 Jan 2025 19:11:06 +0000,
> Kashyap Chamarthy <kchamart@redhat.com> wrote:
> > 
> > PAuth (Pointer Authentication), a security feature in software, is
> > relevant for both KVM and QEMU.  Relect this fact into the docs:
> > 
> >   - For KVM, `pauth` is a binary, "on" vs "off" option.  The host CPU
> >     will choose the cryptographic algorithm.
> > 
> >   - For TCG, however, along with `pauth`, a couple of properties can be
> >     controlled -- they're are related to cryptographic algorithm choice.
> > 
> > Thanks to Peter Maydell and Marc Zyngier for explaining more about PAuth
> > on IRC (#qemu, OFTC).
> > 
> > Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> > ---

[...]

> > -TCG vCPU Features
> > -=================
> > +"PAuth" (Pointer Authentication)
> > +================================
> > +
> > +PAuth (Pointer Authentication) is a security feature in software that
> > +was introduced in Armv8.3-A and Armv9.0-A.  It aims to protect against
> 
> nit: given that ARMv9.0 is congruent to ARMv8.5 and therefore has all
> the ARMv8.5 features, mentioning ARMv8.3 should be enough (but I don't
> feel strongly about this). I feel much strongly about the use of
> capital letters, but I live in a distant past... ;-)

Sure, I can keep it to just v8.3.

On capitalization, I don't feel strongly about it, I just followed this
commit[1], which explained that the rebranding changed "ARM" to "Arm":

    6fe6d6c9a95 (docs: Be consistent about capitalization of 'Arm',
    2020-03-09)

That's why I went with it.  I see you know this by your "distant past"
remark :)  To match the above, I'll keep the capitalization to "Arm".

> > +ROP (return-oriented programming) attacks.
> > +
> > +KVM
> > +---
> > +
> > +``pauth``
> > +
> > +  Enable or disable ``FEAT_Pauth``.  The host silicon will choose the
> > +  cryptographic algorithm.  No other properties can be controlled.
> 
> nit: "choose" is a an odd choice of word. The host implementation
> defines, or even imposes the signature algorithm, as well as the level
> of PAuth support (PAuth, EPAC, PAuth2, FPAC, FPACCOMBINE, ...), some
> of which are mutually exclusive (EPAC and PAuth2 are incompatible).
> 
> Maybe it would be worth capturing some of these details, as this has a
> direct influence on the ability to migrate a VM.

Yeah, I thought about it but I was not sure if it's the right place.  As
you point out, there's a live-migration impact depending on the level of
PAuth support, so mentioning these details will be useful.

I'll come up with something for v2.  Thanks for looking!

-- 
/kashyap