Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1002484imu; Fri, 4 Jan 2019 11:04:53 -0800 (PST) X-Google-Smtp-Source: ALg8bN4QKE9wsxdfpzoNqoH1kjZN3Emy5azoW95HJJQNAH4rJZE04vD0RjNXRsMbPG0Iv/Yc0pGe X-Received: by 2002:a63:42c1:: with SMTP id p184mr2607380pga.202.1546628693712; Fri, 04 Jan 2019 11:04:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546628693; cv=none; d=google.com; s=arc-20160816; b=DkKCdepDF9zjl2jZ5UHVY9IToETdoaYIC1M1oMvrXawU91M2uqSRznVK15I/1mZIBE m2hLAV+xcile8r1hgTHkUq0mynuhy+sxPdfwoV8Y7Hcv8srG2/73VB9ulanaF3QGa22m roV0WskmjqrRREzFPU2TdEhykvjzhhwOPuy7T7PcuZSY3wvd7iJtvBTQ6syk4BfGUK71 kJMzJ9zTCMNKU49l/3K2X4a1JRA3sEqaP0CLRdCquCbQvLybOBXBXwrxi8b+SY1kkTXL sRTHQ1ogAtqWNamQsjdmStAVtP3qw41gaSoW63zFr+Qu5lgTa3GfZyNkV8bLSlwX1OBx oFpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Q2dVTPiIUlMOmwGvVKu6Gb7NqUz9+pHoiTn57PqdwHQ=; b=z0IGH9ab8LePhBHXBkEc0VArxbcgXfUk1ZvxJClg9e2kNsSTXzp6ogxtfDcDIoEgaG MAiyfq6C3uGrCa41Jx7q7DHKa8+XpVFGnhJFQQ5NoS3PonY2+K8Oh58QS1Xz/qAjVKBu Udw+Y51L1OqCW29QVMSGYR1jr5VdWyNzlh9Dj7ytjkNWRzIi7XsettzifT1fnVMyeT0x 1hjd24lbB4A26kX8LP23IPsQE3G8l+gDDqcJ5+BurUau13fdqnith0MJPFhvh+9QOQQx ooHvX/guWAtVs6L5YlgFEdHFDW4i5l67JFzjY+UKpQvMl31hKL70LviWKFIkoPid8lza /F8w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z5si416115pgu.19.2019.01.04.11.04.38; Fri, 04 Jan 2019 11:04:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727419AbfADR6p (ORCPT + 99 others); Fri, 4 Jan 2019 12:58:45 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47884 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725958AbfADR6o (ORCPT ); Fri, 4 Jan 2019 12:58:44 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F3CA5EBD; Fri, 4 Jan 2019 09:58:43 -0800 (PST) Received: from [10.1.196.105] (eglon.cambridge.arm.com [10.1.196.105]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 524183F5D4; Fri, 4 Jan 2019 09:58:42 -0800 (PST) Subject: Re: [PATCH v4 4/6] arm64/kvm: enable pointer authentication cpufeature conditionally To: Amit Daniel Kachhap Cc: linux-arm-kernel@lists.infradead.org, Marc Zyngier , Catalin Marinas , Will Deacon , Kristina Martsenko , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , Dave Martin , linux-kernel@vger.kernel.org References: <1545119810-12182-1-git-send-email-amit.kachhap@arm.com> <1545119810-12182-5-git-send-email-amit.kachhap@arm.com> From: James Morse Message-ID: <33542a00-23f4-b159-91f5-f05d3afa5b9f@arm.com> Date: Fri, 4 Jan 2019 17:58:40 +0000 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: <1545119810-12182-5-git-send-email-amit.kachhap@arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Amit, On 18/12/2018 07:56, Amit Daniel Kachhap wrote: > According to userspace settings, pointer authentication cpufeature > is enabled/disabled from guests. This reads like the guest is changing something in the host. Isn't this hiding the id-register values from the guest? > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c > index 6af6c7d..ce6144a 100644 > --- a/arch/arm64/kvm/sys_regs.c > +++ b/arch/arm64/kvm/sys_regs.c > @@ -1066,6 +1066,15 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz) > kvm_debug("SVE unsupported for guests, suppressing\n"); > > val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT); > + } else if (id == SYS_ID_AA64ISAR1_EL1) { > + const u64 ptrauth_mask = (0xfUL << ID_AA64ISAR1_APA_SHIFT) | > + (0xfUL << ID_AA64ISAR1_API_SHIFT) | > + (0xfUL << ID_AA64ISAR1_GPA_SHIFT) | > + (0xfUL << ID_AA64ISAR1_GPI_SHIFT); > + if (!kvm_arm_vcpu_ptrauth_allowed(vcpu)) { > + kvm_debug("ptrauth unsupported for guests, suppressing\n"); > + val &= ~ptrauth_mask; > + } I think this hunk should have been in the previous patch as otherwise its a bisection oddity. Could you merge this hunk with the previous patch, and move the mechanical bits that pass vcpu around to a prior preparatory patch. (I'm still unsure if we need to hide this as a user-controlled policy) Thanks, James