Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp905174img; Tue, 26 Feb 2019 10:33:58 -0800 (PST) X-Google-Smtp-Source: AHgI3IZH90VkXZx+DhrVyoEfyyTYUfGeQiGOSBP2sYyXOOn6pXqRrEXQ3uIR/XAafpeR3DZFE/Hn X-Received: by 2002:a62:5249:: with SMTP id g70mr27346055pfb.115.1551206038588; Tue, 26 Feb 2019 10:33:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551206038; cv=none; d=google.com; s=arc-20160816; b=uP9m79/i1rO02et55E/LW0t0RpJzbr6aoN8kRSf/xfg+B0vfBFa+GYzbP7DlE6yWBu mxHck9cczTQbmAt84Z691TYRL6yGw7D3kI8SACw3IFc283UNY8SbOv03hWe7hgeZzohd 9oTA7GZsjRLER+/QddBSZeOXCMuimDPVYMQuMw3XaCHaKKmVv+DyYdTR4seto7JK0/7e QNx4XBb57KM4dZ6lYJl8C/lTrDJk8jm51X3LqCG9vh4CD7LCkDSHm4k3k+UNV9XPQALq O3j9xpv1WTfgd6XMC0MXk8ex34FMuEYqvAFWCqZGvbVPn7OX9s/9HaJdoqMCW4scVJ/e k3GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=rVg90Aj6RnSVjHqK823r/4r4S/ojc2Hd85RTZYmFAtY=; b=oGXenvUCv+2qmUlCxZi8I3ZqgLB8XnbBTyHh9K/j1WktE+TDo/DVZvA0/oKMvzujZC r12k0yLQGw6eH1vbnJ8P9rqJmasKGqYAx6P/Ccy8W+x0y+ImHk7EeC7i3G/FZqFooZi4 gCgwna/+DuCdK6mbc1SK315bpjyWYDBiOU2qpNBK0Tgu7AR8AwR/TpWfhRGcTFEo0aim NqpoknZqk4+lDxEyOtWmhIUS65rscKRIGUbu32K0r44jOk+r5f6GP4Hq4yyylzYLb7OV YB+5VviWv23PzIybDd/Rg5HzDhLy7zCNVv27YH/wajInbgpmK/cxbVCwaV39pf0wdvPO Am4Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u18si12960868pgn.590.2019.02.26.10.33.43; Tue, 26 Feb 2019 10:33:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729073AbfBZSdT (ORCPT + 99 others); Tue, 26 Feb 2019 13:33:19 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:52090 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728736AbfBZSdT (ORCPT ); Tue, 26 Feb 2019 13:33:19 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3D29380D; Tue, 26 Feb 2019 10:33:19 -0800 (PST) Received: from [10.1.196.105] (eglon.cambridge.arm.com [10.1.196.105]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 024B73F738; Tue, 26 Feb 2019 10:33:16 -0800 (PST) Subject: Re: [PATCH v6 4/6] arm64/kvm: add a userspace option to enable pointer authentication To: Amit Daniel Kachhap , linux-arm-kernel@lists.infradead.org Cc: Christoffer Dall , Marc Zyngier , Catalin Marinas , Will Deacon , Andrew Jones , Dave Martin , Ramana Radhakrishnan , kvmarm@lists.cs.columbia.edu, Kristina Martsenko , linux-kernel@vger.kernel.org, Mark Rutland , Julien Thierry References: <1550568271-5319-1-git-send-email-amit.kachhap@arm.com> <1550568271-5319-5-git-send-email-amit.kachhap@arm.com> From: James Morse Message-ID: Date: Tue, 26 Feb 2019 18:33:15 +0000 User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <1550568271-5319-5-git-send-email-amit.kachhap@arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Amit, On 19/02/2019 09:24, Amit Daniel Kachhap wrote: > This feature will allow the KVM guest to allow the handling of > pointer authentication instructions or to treat them as undefined > if not set. It uses the existing vcpu API KVM_ARM_VCPU_INIT to > supply this parameter instead of creating a new API. > > A new register is not created to pass this parameter via > SET/GET_ONE_REG interface as just a flag (KVM_ARM_VCPU_PTRAUTH) > supplied is enough to enable this feature. and an attempt to restore the id register with the other version would fail. > diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt > index a25cd21..0529a7d 100644 > --- a/Documentation/arm64/pointer-authentication.txt > +++ b/Documentation/arm64/pointer-authentication.txt > @@ -82,7 +82,8 @@ pointers). > Virtualization > -------------- > > -Pointer authentication is not currently supported in KVM guests. KVM > -will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of > -the feature will result in an UNDEFINED exception being injected into > -the guest. > +Pointer authentication is enabled in KVM guest when virtual machine is > +created by passing a flag (KVM_ARM_VCPU_PTRAUTH) (This is still mixing VM and VCPU) > + requesting this feature to be enabled. .. on each vcpu? > +Without this flag, pointer authentication is not enabled > +in KVM guests and attempted use of the feature will result in an UNDEFINED > +exception being injected into the guest. 'guests' here suggests its a VM property. If you set it on some VCPU but not others KVM will generate undefs instead of enabling the feature. (which is the right thing to do) I think it needs to be clear this is a per-vcpu property. > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index 97c3478..5f82ca1 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -102,6 +102,7 @@ struct kvm_regs { > #define KVM_ARM_VCPU_EL1_32BIT 1 /* CPU running a 32bit VM */ > #define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */ > #define KVM_ARM_VCPU_PMU_V3 3 /* Support guest PMUv3 */ > +#define KVM_ARM_VCPU_PTRAUTH 4 /* VCPU uses address authentication */ Just address authentication? I agree with Mark we should have two bits to match what gets exposed to EL0. One would then be address, the other generic. > diff --git a/arch/arm64/kvm/hyp/ptrauth-sr.c b/arch/arm64/kvm/hyp/ptrauth-sr.c > index 528ee6e..6846a23 100644 > --- a/arch/arm64/kvm/hyp/ptrauth-sr.c > +++ b/arch/arm64/kvm/hyp/ptrauth-sr.c > @@ -93,9 +93,23 @@ void kvm_arm_vcpu_ptrauth_reset(struct kvm_vcpu *vcpu) > +/** > + * kvm_arm_vcpu_ptrauth_allowed - checks if ptrauth feature is allowed by user > + * > + * @vcpu: The VCPU pointer > + * > + * This function will be used to check userspace option to have ptrauth or not > + * in the guest kernel. > + */ > +bool kvm_arm_vcpu_ptrauth_allowed(const struct kvm_vcpu *vcpu) > +{ > + return kvm_supports_ptrauth() && > + test_bit(KVM_ARM_VCPU_PTRAUTH, vcpu->arch.features); > +} This isn't used from world-switch, could it be moved to guest.c? > diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c > index 12529df..f7bcc60 100644 > --- a/arch/arm64/kvm/sys_regs.c > +++ b/arch/arm64/kvm/sys_regs.c > @@ -1055,7 +1055,7 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu, > } > > /* Read a sanitised cpufeature ID register by sys_reg_desc */ > -static u64 read_id_reg(struct sys_reg_desc const *r, bool raz) > +static u64 read_id_reg(struct kvm_vcpu *vcpu, struct sys_reg_desc const *r, bool raz) (It might be easier on the reviewer to move these mechanical changes to an earlier patch) Looks good, Thanks, James