On Fri, Oct 19, 2018 at 12:35:56PM +0100, Catalin Marinas wrote: > On Tue, Oct 16, 2018 at 05:14:39PM +0100, Kristina Martsenko wrote: > > On 05/10/2018 10:04, Ramana Radhakrishnan wrote: > > > On 05/10/2018 09:47, Kristina Martsenko wrote: > > The other special case is the XPACLRI instruction, which is also in the > > HINT space. Currently it will trap and KVM will inject an exception into > > the guest. We should probably change this to NOP instead, as that's what > > applications will expect. Unfortunately there is no EnIA-like control to > > make it NOP. > > Very good catch. Basically if EL2 doesn't know about ptr auth (older > distro), EL1 may or may not know but leaves SCTLR_EL1 disabled (based on > CPUID), the default HCR_EL2 is to trap (I'm ignoring EL3 as that's like > to have ptr auth enabled, being built for the specific HW). So a user > app considering XPACLRI a NOP (or inoffensive) will get a SIGILL > (injected by the guest kernel following the injection of "Unknown > reason" exception by KVM). > > Ramana, is XPACLRI commonly generated by gcc and expects it to be a NOP? > Could we restrict it to only being used at run-time if the corresponding > HWCAP is set? This means redefining this instruction as no longer in the > NOP space. My main worry is that this instruction is used when unwinding C++ exceptions, so I think we'll see it fairly often. Effectively, the architecture means these instructions can result in a SIGILL if they are used under an OS/hypervisor that doesn't know about the feature (i.e. any mainline kernel release so far). I think that's a massive problem for the current implementation in GCC. Worse, if distributions are currently shipping binaries built with this, they basically have a ticking bomb in their applications where things will start crashing when they encounter CPUs that implement pointer authentication. Ramana: do you know whether people are building binaries with this stuff enabled by default? Will
