From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E1544CE7AB8 for ; Fri, 6 Sep 2024 07:48:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:MIME-Version: References:In-Reply-To:Subject:Cc:To:From:Message-ID:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h6cIFgk6EcD/3KVZ/7KC0F0lLlRoq81qUcYbeo2iltE=; b=pKpIDWy1ezMU122W25VFSL1Tvo n2X8G0Yik0HWTjEUDDeHsys6XSgD0Ea4iZsMuktb8QUuBCZQlOkDr425Q/j6UfKaaZ9WdBIFqsez6 9CZPkjf0S95sTV5Xss2A57U5HyMpFW2BMpSJmI1H+aICrG9vEdBQuCwCr5K4fmbiUhKbPKQa9hDnr 9S8JvawP8P+FzG46qtEwGU2yb3iubGV+rlm+qb1smto59RoQElbWFrklvOpVF4KQanjtnHODZtwtc tx7jB0Et2Q0o0RfRRHF1LIl+Dt/O7OGOaRN9He+S1DYfQyzwysu64q6fV3Jo9VmDn2Bi1UPeACe8K iy4PsS9Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1smThp-0000000BAuX-2hDf; Fri, 06 Sep 2024 07:48:33 +0000 Received: from nyc.source.kernel.org ([147.75.193.91]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1smTgh-0000000BAYw-0U4r for linux-arm-kernel@lists.infradead.org; Fri, 06 Sep 2024 07:47:24 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 0E0FAA44B77; Fri, 6 Sep 2024 07:47:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2545C4CEC6; Fri, 6 Sep 2024 07:47:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1725608842; bh=hu+JAGtJySQgKbao5D33RzcckbHiifZyAyWscrsM0tI=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=tBpOHeZ4d8C22dDll+yR2/qAwMd86ivVz57ukXTFEoPhHBrwx2GM81zkMtrv0cC+1 JSnB+kDXSBp5J/jT0B0xhxXHi7gsjNWkLedG/1iICHvTIQLmI/ZsBjPgLYhUysvx4X wik+C+g4c+KTdnQix2z9eUBJHnS9HyCZkhx6MB4zYyP9lxKq7kCtYPncbNu/E8P+iH jlhm42VvMlTQeALFxHGFgPjIUn3RcfBYwsT6fAE+u0K9tHQdicdcjXvv/iwST4pJ32 r8SBh4hLKOPZh+A2laHn09kUOXihGTT6EDG6S+gBTQTrjkzz5Be4jDkO+ylN2iaEOo 3p/SfULt/zuBQ== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1smTgc-00ADNL-KF; Fri, 06 Sep 2024 08:47:19 +0100 Date: Fri, 06 Sep 2024 08:47:18 +0100 Message-ID: <86frqdusu1.wl-maz@kernel.org> From: Marc Zyngier To: Qixiang Xu Cc: "oliver.upton@linux.dev" , "will@kernel.org" , "linux-arm-kernel@lists.infradead.org" , "kvmarm@lists.linux.dev" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 1/1] KVM: arm64: Make nVHE ASLR conditional on nokaslr In-Reply-To: References: <20240905061659.3410362-1-qixiang.xu@outlook.com> <20240905063026.3411766-1-qixiang.xu@outlook.com> <86mskmv7ts.wl-maz@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.4 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: qixiang.xu@outlook.com, oliver.upton@linux.dev, will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240906_004723_297874_5C4A91D5 X-CRM114-Status: GOOD ( 27.07 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, 06 Sep 2024 08:19:07 +0100, Qixiang Xu wrote: > > Marc, > > Thanks for your reply. > > > This is a change in behaviour that would leave the 2 implementations > > affected by Spectre-v3a unmitigated and leaking information to > > *guests*, while they would have been safe until this change. Is this > > what we really want to do? > > The reason for adding this is to make debugging nvhe hyp code easier. > Otherwise, we would need to calculate the offset every time. > Do you have any better suggestions for the debugging? You already have facilities to dump stacktraces from the HYP code, and Vincent's tracing infrastructure is available on the list (feel free to review it!). And as I said, I'm not opposed to disabling the randomisation with a command-line option. I oppose to using 'nokaslr' for this, as it changes the existing behaviour. > > This is also not disabling the whole thing, since we still do the > > indirect vector dance. > > I'm not sure if my understanding is correct, but based on > the hyp_map_vectors function, the address of the indirect vector > is only related to __io_map_base and is not random. Of course it isn't random. It is in the idmap, since VBAR_EL2 can be leaked to EL1, and that's the whole point that the only thing you can leak isn't random. But when you decide to disable randomisation, you might as well disable the indirection, which adds extra complexity for no benefit. You may want to read [1] to get the context of what you are changing. M. [1] https://lore.kernel.org/all/20180314165049.30105-1-marc.zyngier@arm.com/ -- Without deviation from the norm, progress is not possible.