Re: [PATCH 1/1] KVM: arm64: Make nVHE ASLR conditional on nokaslr

[Marc Zyngier <maz@kernel.org>]

On Fri, 06 Sep 2024 08:19:07 +0100,
Qixiang Xu <qixiang.xu@outlook.com> wrote:
> 
> Marc,
> 
> Thanks for your reply. 
> 
> > This is a change in behaviour that would leave the 2 implementations
> > affected by Spectre-v3a unmitigated and leaking information to
> > *guests*, while they would have been safe until this change. Is this
> > what we really want to do?
> 
> The reason for adding this is to make debugging nvhe hyp code easier. 
> Otherwise, we would need to calculate the offset every time.
> Do you have any better suggestions for the debugging?

You already have facilities to dump stacktraces from the HYP code, and
Vincent's tracing infrastructure is available on the list (feel free
to review it!).

And as I said, I'm not opposed to disabling the randomisation with a
command-line option. I oppose to using 'nokaslr' for this, as it
changes the existing behaviour.

> > This is also not disabling the whole thing, since we still do the
> > indirect vector dance.
> 
> I'm not sure if my understanding is correct, but based on 
> the hyp_map_vectors function, the address of the indirect vector
> is only related to __io_map_base and is not random.

Of course it isn't random. It is in the idmap, since VBAR_EL2 can be
leaked to EL1, and that's the whole point that the only thing you can
leak isn't random.

But when you decide to disable randomisation, you might as well
disable the indirection, which adds extra complexity for no benefit.

You may want to read [1] to get the context of what you are changing.

	M.

[1] https://lore.kernel.org/all/20180314165049.30105-1-marc.zyngier@arm.com/

-- 
Without deviation from the norm, progress is not possible.