| Message ID | 20200814213938.369628-1-richard.henderson@linaro.org |
|---|---|
| Headers | show |
| Series | target/arm: Implement an IMPDEF pauth algorithm | expand |
Ping. On 8/14/20 2:39 PM, Richard Henderson wrote: > The architected pauth algorithm is quite slow without > hardware support, and boot times for kernels that enable > use of the feature have been significantly impacted. > > Version 1 blurb at > https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg02172.html > which contains larger study of the tradeoffs. > > Version 2 changes: > * Use boolean properties, for qmp_query_cpu_model_expansion (drjones). > * Move XXH64 implementation to xxhash.h (ajb). > * Include a small cleanup to parsing the "sve" property > that I noticed along the way. > > Version 3 changes: > * Swap order of patches (drjones). > * Add properties test case (drjones). > > > r~ > > Richard Henderson (3): > target/arm: Implement an IMPDEF pauth algorithm > target/arm: Add cpu properties to control pauth > target/arm: Use object_property_add_bool for "sve" property > > include/qemu/xxhash.h | 82 ++++++++++++++++++++++++++++++++++ > target/arm/cpu.h | 25 +++++++++-- > target/arm/cpu.c | 13 ++++++ > target/arm/cpu64.c | 64 ++++++++++++++++++-------- > target/arm/monitor.c | 1 + > target/arm/pauth_helper.c | 41 ++++++++++++++--- > tests/qtest/arm-cpu-features.c | 13 ++++++ > 7 files changed, 212 insertions(+), 27 deletions(-) >
Hi Richard,
Thanks again for this, and sorry for the radiosilence -- I broke my arm
the weekend this was sent, and once I had recovered enough to use a
computer again this had slipped off my TODO list.
I've just given this a go, applied atop of this morning's HEAD commit
(ba2a9a9e6318bfd93a2306dec40137e198205b86), which only had trivial
diff conflicts.
With a somewhat instrumented kernel booted under TCG with cpu=max, I see:
* pauth=off
takes ~20s real time to boot to a prompt
* pauth=on
takes ~250s real time to boot to a prompt
* pauth=on,pauth-impdef=true
takes ~35s real time to boot to a prompt
... which is a significant improvement, and makes this usable for
my testing setup!
I also checked that this caught pointer modification, which it does:
| # echo CORRUPT_PAC > /sys/kernel/debug/provoke-crash/DIRECT
| [ 92.897446] lkdtm: Performing direct entry CORRUPT_PAC
| [ 92.899007] lkdtm: changing PAC parameters to force function return failure...
| [ 92.901989] Unable to handle kernel paging request at virtual address bfffbe2dc161abac
| [ 92.904137] Mem abort info:
| [ 92.905480] ESR = 0x86000004
| [ 92.906613] EC = 0x21: IABT (current EL), IL = 32 bits
| [ 92.908480] SET = 0, FnV = 0
| [ 92.909381] EA = 0, S1PTW = 0
| [ 92.910566] [bfffbe2dc161abac] address between user and kernel address ranges
| [ 92.913238] Internal error: Oops: 86000004 [#1] PREEMPT SMP
| [ 92.915670] CPU: 1 PID: 244 Comm: bash Not tainted 5.9.0-rc3-00106-g2634241baafc #6
| [ 92.917251] Hardware name: linux,dummy-virt (DT)
| [ 92.919361] pstate: 80400005 (Nzcv daif +PAN -UAO BTYPE=--)
| [ 92.921284] pc : 0xbfffbe2dc161abac
| [ 92.923882] lr : lkdtm_CORRUPT_PAC+0x84/0xc4
| [ 92.925219] sp : ffff800010583c80
| [ 92.926372] x29: ffff800010583c80 x28: ffff0001f5fac600
| [ 92.928594] x27: 0000000000000000 x26: ffffbe2dc2b6e648
| [ 92.930249] x25: ffff800010583df0 x24: 000000000000000c
| [ 92.932146] x23: ffff0001f15fb000 x22: ffffbe2dc31dfdc0
| [ 92.933807] x21: ffffbe2dc2b6e728 x20: 000000000000000c
| [ 92.935812] x19: 0000000000000001 x18: 0080000000000000
| [ 92.937663] x17: 0000000000000000 x16: 0000000000000000
| [ 92.939341] x15: 0000000000000001 x14: ffffbe2dc3e42810
| [ 92.940959] x13: 0000000000000001 x12: 0000000000000000
| [ 92.942679] x11: ffffbe2dc2e0f4c8 x10: ffffbe2dc2817530
| [ 92.944855] x9 : 6b20657479622d32 x8 : 3320646e61707865
| [ 92.946847] x7 : 00000000beb3692b x6 : ffff0001f5fad3d8
| [ 92.948936] x5 : ffff0001f5fac600 x4 : 0000000000000000
| [ 92.950721] x3 : ffffbe2dc0600000 x2 : ffffbe2dc2840000
| [ 92.952615] x1 : ffff0001f5fac600 x0 : 0000000000000000
| [ 92.954758] Call trace:
| [ 92.956237] 0xbfffbe2dc161abac
| [ 92.957753] lkdtm_do_action+0x3c/0x50
| [ 92.959378] direct_entry+0x1a4/0x268
| [ 92.961202] full_proxy_write+0x94/0xd8
| [ 92.962779] vfs_write+0x138/0x350
| [ 92.964500] ksys_write+0x98/0x168
| [ 92.965930] __arm64_sys_write+0x24/0x38
| [ 92.967731] el0_svc_common.constprop.3+0xe8/0x258
| [ 92.969384] do_el0_svc+0xb4/0xf8
| [ 92.970696] el0_sync_handler+0x1a8/0x218
| [ 92.972497] el0_sync+0x158/0x180
| [ 92.974560] Code: bad PC value
| [ 92.976782] ---[ end trace 434c9ef9ca3d6114 ]---
... so this all looks good to me, and it would be nice to see merged!
Feel free to add:
Tested-by: Mark Rutland <mark.rutland@arm.com>
Thanks,
Mark.
On Sun, 18 Oct 2020 at 19:27, Richard Henderson <richard.henderson@linaro.org> wrote: > > Ping. Sorry I kind of ignored this series. (It's in that set of things where it would require thought about whether it's definitely what we want to do, and I haven't made time to think about it). Anyway, I tried to rebase it on current master, but it fails 'make check': MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_IMG=./qemu-img G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-from-laptop/qemu/tests/dbus-vmstate-daemon.sh QTEST_QEMU_BINARY=./qemu-system-aarch64 tests/qtest/arm-cpu-features --tap -k ** ERROR:../../tests/qtest/arm-cpu-features.c:439:pauth_tests_default: assertion failed: (_error) ERROR qtest-aarch64: arm-cpu-features - Bail out! ERROR:../../tests/qtest/arm-cpu-features.c:439:pauth_tests_default: assertion failed: (_error) That's the "can't enable pauth-impdef without pauth" test, I think. thanks -- PMM
On 10/26/20 2:35 PM, Peter Maydell wrote: > Anyway, I tried to rebase it on current master, but it > fails 'make check': > > MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} > QTEST_QEMU_IMG=./qemu-img > G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-from-laptop/qemu/tests/dbus-vmstate-daemon.sh > QTEST_QEMU_BINARY=./qemu-system-aarch64 tests/qtest/arm-cpu-features > --tap -k > ** > ERROR:../../tests/qtest/arm-cpu-features.c:439:pauth_tests_default: > assertion failed: (_error) > ERROR qtest-aarch64: arm-cpu-features - Bail out! > ERROR:../../tests/qtest/arm-cpu-features.c:439:pauth_tests_default: > assertion failed: (_error) > > That's the "can't enable pauth-impdef without pauth" test, I think. Odd. I can't reproduce this. Hopefully it's some difference in your rebase from mine, so I'll just re-post mine. r~
The architected pauth algorithm is quite slow without hardware support, and boot times for kernels that enable use of the feature have been significantly impacted. Version 1 blurb at https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg02172.html which contains larger study of the tradeoffs. Version 2 changes: * Use boolean properties, for qmp_query_cpu_model_expansion (drjones). * Move XXH64 implementation to xxhash.h (ajb). * Include a small cleanup to parsing the "sve" property that I noticed along the way. Version 3 changes: * Swap order of patches (drjones). * Add properties test case (drjones). r~ Richard Henderson (3): target/arm: Implement an IMPDEF pauth algorithm target/arm: Add cpu properties to control pauth target/arm: Use object_property_add_bool for "sve" property include/qemu/xxhash.h | 82 ++++++++++++++++++++++++++++++++++ target/arm/cpu.h | 25 +++++++++-- target/arm/cpu.c | 13 ++++++ target/arm/cpu64.c | 64 ++++++++++++++++++-------- target/arm/monitor.c | 1 + target/arm/pauth_helper.c | 41 ++++++++++++++--- tests/qtest/arm-cpu-features.c | 13 ++++++ 7 files changed, 212 insertions(+), 27 deletions(-) -- 2.25.1