On Mon, Jun 03, 2019 at 03:03:48PM +0100, Andre Przywara wrote:
> On Mon, 3 Jun 2019 12:23:03 +0100
> Dave Martin <Dave.Martin@xxxxxxx> wrote:
>
> Hi Dave,
>
> > On Fri, May 31, 2019 at 06:04:16PM +0100, Andre Przywara wrote:
> > > On Thu, 30 May 2019 16:13:10 +0100
> > > Dave Martin <Dave.Martin@xxxxxxx> wrote:
> > >
> > > > From: Amit Daniel Kachhap <amit.kachhap@xxxxxxx>
> > > >
> > > > This patch adds a runtime capabality for KVM tool to enable Arm64 8.3
> > > > Pointer Authentication in guest kernel. Two vcpu features
> > > > KVM_ARM_VCPU_PTRAUTH_[ADDRESS/GENERIC] are supplied together to enable
> > > > Pointer Authentication in KVM guest after checking the capability.
> > > >
> > > > Command line options --enable-ptrauth and --disable-ptrauth are added
> > > > to use this feature. However, if those options are not provided then
> > > > also this feature is enabled if host supports this capability.
> > >
> > > I don't really get the purpose of two options, I think that's quite
> > > confusing. Should the first one either be dropped at all or called
> > > something with "force"?
> > >
> > > I guess the idea is to fail if pointer auth isn't available, but the
> > > option is supplied?
> > >
> > > Or maybe have one option with parameters?
> > > --ptrauth[,=enable,=disable]
> >
> > So, I was following two principles here, either or both of which may be
> > bogus:
> >
> > 1) There should be a way to determine whether KVM turns a given feature
> > on or off (instead of magically defaulting to something).
> >
> > 2) To a first approaximation, kvmtool should allow each major KVM ABI
> > feature to be exercised.
> >
> > 3) By default, kvmtool should offer the maximum feature set possible to
> > the guest.
> >
> >
> > (3) is well established, but (1) and (2) may be open to question?
> >
> > If we hold to both principles, it makes sense to have options
> > functionally equivalent to what I suggested (where KVM provides the
> > control in the first place), but there may be more convenient ways
> > to respell the options.
> >
> > If we really can't decide, maybe it's better to drop the options
> > altogether until we have a real use case.
>
> In general I prefer the lack of a *need* for options over tuneability, but my concern is not so much exposing this knob, but more how it's done ...
>
> > I've found the options very useful for testing and debugging on the SVE
> > side, but I can't comment on ptrauth. Maybe someone else has a view?
>
> Given that kvmtool was designed as a hacker tool, I find it quite useful to play around with those setting. I just have my gripes with those enable/disable pair, which are two related, but actually separate options, both polluting the command line options space and also being confusing to the user.
> I would be much happier if we would have one option per feature and a parameter: "--ptrauth={enable,disable}". Omitting the option altogether defaults to "enabled-if-available". Specifying it will force it on or off, accompanied by an error message if either(?) if not possible. This would also remove the need for the somewhat awkward "don't enable both" check.
> It would also more easily allow a common parser, to be used by both ptrauth and SVE, for instance.
> We could even introduce an explicit "default" parameter value, just in case people want to spell this case out.
>
> What do you think about this?
Happy to do something like that, though it looks like the decision to
drop the options altogether may preempt that...
Cheers
---Dave
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
