Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3735992yba; Tue, 23 Apr 2019 08:46:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqzhKqX7N2+hyK3SLwi14NwOCaH1YFzClLCEwHHMXDxCn5PSqCY23M7rFvKIA3pGdXVS21iy X-Received: by 2002:a17:902:b589:: with SMTP id a9mr2134377pls.66.1556034417214; Tue, 23 Apr 2019 08:46:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556034417; cv=none; d=google.com; s=arc-20160816; b=oO13bVLs4NkqFXWXQ8s1ehyQJ+lyZsc6nwVWk3jC0qaSUH6rk5tb81Ck+hmgP7kpz7 k1HY/0e2Csox9rMUjtHQYcfTj9T2fgTDDcX6IFTaGHeD48Re9bxIuQyiBqGuNHF62ZvK cKFAzCAwOjB9m8xjQ4ZdjST8DYM7TXv3gFvRvFEjCsh+ywXPg9fg7WSTKZdNflrpm1/i 6G/VpL3YWPlTczbvh8h7sxlVEEj0ti9KtPLR1867Pa2jQqoMppNrMIyhkKVWBC5e4jC8 KZ/KPHxLJrvbNaDr0KW/SOc0MIYAsFY+Mgl1/9vyiPFf5N2qJi+x+ucgW5oxBh0OkYtF BnLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=J62SibgC6MSb7Fa/I1fyHjpODZJHOz0IBZ08uKn2q6c=; b=hRRLJcWlJeAaSkLdfeGK0mO/IpIVg5wa4NKpSGlIQ2OUwczSQznY2BXizwXbXxg1Vh DhNWlKmvkhcZyWQYkUrMHjMfaKGtmyTqh8U18UaYxM8br66fWwaRaLmcDo4QSyms7rvA EJ8k3FCLNgUZNSVJ1nVLfZd0AUeHW3/EMIE9K+iXlS/FYpq0YYeQxR70078wJnnErTH0 R+9233/0BcNi+sxcaaMMTI9iJYmlTMhy8DXffLo97VZ/k4s8GqpasiTRCGiL5eHesRyb 32MNekTEfA6f8CHZdX7srvn2yhScdLYdfxK80bw7eWQZxS03BISjcLpsnoKhQOgSuyY3 LIWw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s83si14937263pgs.420.2019.04.23.08.46.41; Tue, 23 Apr 2019 08:46:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728522AbfDWPp2 (ORCPT + 99 others); Tue, 23 Apr 2019 11:45:28 -0400 Received: from foss.arm.com ([217.140.101.70]:58524 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727754AbfDWPp2 (ORCPT ); Tue, 23 Apr 2019 11:45:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63AD380D; Tue, 23 Apr 2019 08:45:27 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A99FD3F5AF; Tue, 23 Apr 2019 08:45:25 -0700 (PDT) Date: Tue, 23 Apr 2019 16:45:23 +0100 From: Dave Martin To: Amit Daniel Kachhap Cc: linux-arm-kernel@lists.infradead.org, Marc Zyngier , Catalin Marinas , Will Deacon , Kristina Martsenko , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , linux-kernel@vger.kernel.org Subject: Re: [PATCH v10 3/5] KVM: arm64: Add userspace flag to enable pointer authentication Message-ID: <20190423154523.GN3567@e103592.cambridge.arm.com> References: <1555994558-26349-1-git-send-email-amit.kachhap@arm.com> <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 23, 2019 at 10:12:36AM +0530, Amit Daniel Kachhap wrote: > Now that the building blocks of pointer authentication are present, lets > add userspace flags KVM_ARM_VCPU_PTRAUTH_ADDRESS and > KVM_ARM_VCPU_PTRAUTH_GENERIC. These flags will enable pointer > authentication for the KVM guest on a per-vcpu basis through the ioctl > KVM_ARM_VCPU_INIT. > > This features will allow the KVM guest to allow the handling of > pointer authentication instructions or to treat them as undefined > if not set. > > Necessary documentations are added to reflect the changes done. > > Reviewed-by: Dave Martin > Signed-off-by: Amit Daniel Kachhap > Cc: Mark Rutland > Cc: Marc Zyngier > Cc: Christoffer Dall > Cc: kvmarm@lists.cs.columbia.edu > --- > Changed since v9: > * Fixed tab alignment at few places [Dave Martin]. > * Split the system capability checks [Dave Martin]. > > Documentation/arm64/pointer-authentication.txt | 22 +++++++++++++++++---- > Documentation/virtual/kvm/api.txt | 10 ++++++++++ > arch/arm64/include/asm/kvm_host.h | 2 +- > arch/arm64/include/uapi/asm/kvm.h | 2 ++ > arch/arm64/kvm/reset.c | 27 ++++++++++++++++++++++++++ > 5 files changed, 58 insertions(+), 5 deletions(-) > > diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt > index 5baca42..fc71b33 100644 > --- a/Documentation/arm64/pointer-authentication.txt > +++ b/Documentation/arm64/pointer-authentication.txt > @@ -87,7 +87,21 @@ used to get and set the keys for a thread. > Virtualization > -------------- > > -Pointer authentication is not currently supported in KVM guests. KVM > -will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of > -the feature will result in an UNDEFINED exception being injected into > -the guest. > +Pointer authentication is enabled in KVM guest when each virtual cpu is > +initialised by passing flags KVM_ARM_VCPU_PTRAUTH_[ADDRESS/GENERIC] and > +requesting these two separate cpu features to be enabled. The current KVM > +guest implementation works by enabling both features together, so both > +these userspace flags are checked before enabling pointer authentication. > +The separate userspace flag will allow to have no userspace ABI changes > +if support is added in the future to allow these two features to be > +enabled independently of one another. > + > +As Arm Architecture specifies that Pointer Authentication feature is > +implemented along with the VHE feature so KVM arm64 ptrauth code relies > +on VHE mode to be present. > + > +Additionally, when these vcpu feature flags are not set then KVM will > +filter out the Pointer Authentication system key registers from > +KVM_GET/SET_REG_* ioctls and mask those features from cpufeature ID > +register. Any attempt to use the Pointer Authentication instructions will > +result in an UNDEFINED exception being injected into the guest. > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt > index e410a9f..32afe7f 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -2761,6 +2761,16 @@ Possible features: > - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. > Depends on KVM_CAP_ARM_PMU_V3. > > + - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + > + - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + This looks pretty clear now. > - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only). > Depends on KVM_CAP_ARM_SVE. > Requires KVM_ARM_VCPU_FINALIZE(KVM_ARM_VCPU_SVE): > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index 7eebea7..f772ac2 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -49,7 +49,7 @@ > > #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS > > -#define KVM_VCPU_MAX_FEATURES 5 > +#define KVM_VCPU_MAX_FEATURES 7 > > #define KVM_REQ_SLEEP \ > KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index edd2db8..7b7ac0f 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -104,6 +104,8 @@ struct kvm_regs { > #define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */ > #define KVM_ARM_VCPU_PMU_V3 3 /* Support guest PMUv3 */ > #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ > +#define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ > +#define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ > > struct kvm_vcpu_init { > __u32 target; > diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c > index 3402543..028d0c6 100644 > --- a/arch/arm64/kvm/reset.c > +++ b/arch/arm64/kvm/reset.c > @@ -221,6 +221,27 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu) > memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu)); > } > > +static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu) > +{ > + /* Support ptrauth only if the system supports these capabilities. */ > + if (!has_vhe()) > + return -EINVAL; > + > + if (!system_supports_address_auth() || > + !system_supports_generic_auth()) > + return -EINVAL; Since pointer auth implies v8.3 and v8.3 implies v8.1 and v8.1 implies VHE: ((system_supports_address_auth() || system_supports_generic_auth()) && !has_vhe()) implies that the hardware is broken or the kernel is buggy. So, it probably makes sense to write if (!system_supports_address_auth() || !system_supports_generic_auth()) return -EINVAL; if (WARN_ON(!has_vhe())) return -EINVAL; This is not essential, and doesn't affect the ABI -- so we could apply it on top later on. [...] FWIW: Reviewed-by: Dave Martin (for the updates) Cheers ---Dave