On Tue, Dec 29, 2020 at 10:59:15PM -0800, Peter Collingbourne wrote: > The kernel does not use any keys besides IA so we don't need to > install IB/DA/DB/GA on kernel exit if we arrange to install them > on task switch instead, which we can expect to happen an order of > magnitude less often. > > Furthermore we can avoid installing the user IA in the case where the > user task has IA disabled and just leave the kernel IA installed. This > also lets us avoid needing to install IA on kernel entry. I've got to be honest, this makes me nervous in case there is a way for userspace to recover the kernel key even though EnIA is clear. Currently, EnIA doesn't affect XPAC* and PACGA instructions, and the architecture clearly expects us to be switching these things: | Note | Keys are not banked by Exception level. Arm expects software to switch the | keys between Exception levels, typically by swapping the values with zero | so that the current key values are not present in memo But then: > On an Apple M1 under a hypervisor, the overhead of kernel entry/exit > has been measured to be reduced by 15.6ns in the case where IA is > enabled, and 31.9ns in the case where IA is disabled. That's a good improvement, so this feels like its worth doing. I suppose all we can do is keep an eye on the architecture in case any future extensions mean the approach taken here is dangerous. Will
