Hi Peter, On 12/02/2021 05:01, Peter Collingbourne wrote: > On Tue, Jan 26, 2021 at 5:09 AM Will Deacon <will@xxxxxxxxxx> wrote: >> >> On Tue, Dec 29, 2020 at 10:59:15PM -0800, Peter Collingbourne wrote: >>> The kernel does not use any keys besides IA so we don't need to >>> install IB/DA/DB/GA on kernel exit if we arrange to install them >>> on task switch instead, which we can expect to happen an order of >>> magnitude less often. >>> >>> Furthermore we can avoid installing the user IA in the case where the >>> user task has IA disabled and just leave the kernel IA installed. This >>> also lets us avoid needing to install IA on kernel entry. >> >> I've got to be honest, this makes me nervous in case there is a way for >> userspace to recover the kernel key even though EnIA is clear. Currently, >> EnIA doesn't affect XPAC* and PACGA instructions, and the architecture > For GA I would expect it to be controlled by a hypothetical EnGA, not > by EnIA (and I'm a bit surprised that there isn't an EnGA; PACGA is undefined if the CPU doesn't implement PAC, whereas PACIASP is a NOP if the CPU doesn't implement PAC. I think the reason from the SCTLR_ELx controls is to make unaware systems transform the instructions that were hints back into hints. (e.g. the AddPACIA psuedo code). This is needed on mismatched big-little systems, otherwise processes can't be migrated between them. For the non-hint instructions, user-space needs to test the hwcap/id-register-emulation to know it can use these instructions, and the compiler shouldn't output them unconditionally. > doesn't it > mean that a userspace program running under an unaware kernel or > hypervisor may sign things using the GA from potentially another > hypervisor guest?) The hypervisor controls all this with HCR_EL2.API, which also traps PACGA et al. For the hypervisor its all or nothing. If the hypervisor is emulating a machine without PAC, it can emulate an undefined exception regardless of whether the CPU supports PAC or not. Does this match your reading? Thanks, James
