From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A112ECD4F59 for ; Thu, 5 Sep 2024 08:12:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:MIME-Version: References:In-Reply-To:Subject:Cc:To:From:Message-ID:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=hnmi3SiQxcXEgwZHUNmdj88gzfquSzIoughHnixCyTw=; b=iPS5nIv+gAI99db5RFJ70gk5l6 QBsn67t/dkT9XnzDftnlAHMo8V6en0qxP41+0HF936+ZD27Vp50Iy+k7ljmFD60lRlOS83ESJtCpx dwl/4XF3V9GqCVPcFXGx+CvocLqI0ncKrH8fiL+P5GEYDz1mRwzkxwxAV9bONgr6BQ+Pto7Fbh9Fz /PwC2YHmdS/I50P6nKprjXJ2YJIlU+9uoZZCWNsjjAPCT8ChTM7mWroCwY3aJiSoOlarCehTWO80j 8VYVjGTCxHBQB1cIU3Lk1IkoUPgVm/4z78CWVZN2kPTO4BOEqKdF88LItMorWitRSDNu3dIGSE4ID KFobt3+Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sm7bJ-00000007VKo-1Hzv; Thu, 05 Sep 2024 08:12:21 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sm7aN-00000007V9A-2eGg for linux-arm-kernel@bombadil.infradead.org; Thu, 05 Sep 2024 08:11:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: In-Reply-To:Subject:Cc:To:From:Message-ID:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=hnmi3SiQxcXEgwZHUNmdj88gzfquSzIoughHnixCyTw=; b=GB3wf1O7GBzmMQZ0foMh7Sj/vz VSadHLdDWvADOIRZuUUBDNmF+2/7u6lxvFomI/dpNJRMh1mh/kPsx7KXaFwBnQwvXyJgfdQzdX7l8 CGz0sUDMRFfW9BHwegoE4buu65dw70/+jJ5g+wf3MLAzEsxAKir9XJwziWVqXcMK+sGdyDvVB/Cf2 GyOk2KdqSmaHm1ZFDz6ThYc0wB4FdusRD8LAa/bkhN+3okeOax36NsCq6MdELysewOHyUNcg/sAeK O8EQv8GUzj+p9zPM7MLNJ4Uhvmhd/piCdYFh/Hr2xTP63VFU2l++QrEdjB2kHUQxGNHhVBz2ir584 R2m5cNNw==; Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sm7aJ-00000000QIk-2kll for linux-arm-kernel@lists.infradead.org; Thu, 05 Sep 2024 08:11:22 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 69B6A5C168C; Thu, 5 Sep 2024 08:11:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 824FBC4CEC4; Thu, 5 Sep 2024 08:11:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1725523874; bh=eUD04zlafn+wiXqeYlufuTdlxuxhQPQinUvJdRHnqy0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=Yto2ZNSiJbYgqNuZgAF8BVoVKlFLn3SWpT+2IdwIHG10gmH6rRxOGOuaBuFoLsKQy EiQghyh9NOAHk52FjbzPgUzXdj24+OFD+CW916ZIvzs/8VFrSlivW2e3qycekYeIvK EjiptqE66af0nt322Gd978d2WHAPl36ZZPoVFP6THed3CRxPFnS6+XYt0rY5QhgPSl 2jR+ENyHGjFn4N4D4dF003yLHrav7DcMhKJqOHTVErWv/S2hVyuXE5Igu5FJ5UJtgG MeoN2gS4Htj26o5FkszjqwycGI5gHpHBKlHv4yLAvLUFvzpS1d9/wzBeUq/GQ1ULnR lGnSccPjqXsWA== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sm7aB-009rdr-Jj; Thu, 05 Sep 2024 09:11:11 +0100 Date: Thu, 05 Sep 2024 09:11:11 +0100 Message-ID: <86mskmv7ts.wl-maz@kernel.org> From: Marc Zyngier To: qixiang.xu@outlook.com Cc: oliver.upton@linux.dev, will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] KVM: arm64: Make nVHE ASLR conditional on nokaslr In-Reply-To: References: <20240905061659.3410362-1-qixiang.xu@outlook.com> <20240905063026.3411766-1-qixiang.xu@outlook.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.4 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: qixiang.xu@outlook.com, oliver.upton@linux.dev, will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240905_091120_648408_DC93C646 X-CRM114-Status: GOOD ( 26.13 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, 05 Sep 2024 07:30:26 +0100, qixiang.xu@outlook.com wrote: > > From: Qxiang Xu > > The random tag of hyp VA is determined by the `CONFIG_RANDOMIZE_BASE` > option, so even if `nokaslr` is set in the cmdline, KASLR cannot be > disabled for hyp VA. To align with kernel behavior, disable KASLR if > the kernel cmdline includes `nokaslr`. > > Link: https://lore.kernel.org/r/20240905061659.3410362-1-qixiang.xu@outlook.com I get a 404. > Signed-off-by: Qxiang Xu > --- > arch/arm64/kvm/va_layout.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm64/kvm/va_layout.c b/arch/arm64/kvm/va_layout.c > index 91b22a014610..bebb4b1ddc82 100644 > --- a/arch/arm64/kvm/va_layout.c > +++ b/arch/arm64/kvm/va_layout.c > @@ -72,7 +72,7 @@ __init void kvm_compute_layout(void) > va_mask = GENMASK_ULL(tag_lsb - 1, 0); > tag_val = hyp_va_msb; > > - if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) && tag_lsb != (vabits_actual - 1)) { > + if (kaslr_enabled() && tag_lsb != (vabits_actual - 1)) { > /* We have some free bits to insert a random tag. */ > tag_val |= get_random_long() & GENMASK_ULL(vabits_actual - 2, tag_lsb); > } This is a change in behaviour that would leave the 2 implementations affected by Spectre-v3a unmitigated and leaking information to *guests*, while they would have been safe until this change. Is this what we really want to do? This is also not disabling the whole thing, since we still do the indirect vector dance. So while I'm not opposed to having an option that disables the randomisation, it has to match two requirements: - it has to be a *new* option -- changing an existing behaviour is not acceptable, - it has to disable both the VA alteration and the vector indirection. Thanks, M. -- Without deviation from the norm, progress is not possible.