From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1390C282DD for ; Tue, 23 Apr 2019 15:45:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9C229218CD for ; Tue, 23 Apr 2019 15:45:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728528AbfDWPp2 (ORCPT ); Tue, 23 Apr 2019 11:45:28 -0400 Received: from foss.arm.com ([217.140.101.70]:58524 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727754AbfDWPp2 (ORCPT ); Tue, 23 Apr 2019 11:45:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63AD380D; Tue, 23 Apr 2019 08:45:27 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A99FD3F5AF; Tue, 23 Apr 2019 08:45:25 -0700 (PDT) Date: Tue, 23 Apr 2019 16:45:23 +0100 From: Dave Martin To: Amit Daniel Kachhap Cc: linux-arm-kernel@lists.infradead.org, Marc Zyngier , Catalin Marinas , Will Deacon , Kristina Martsenko , kvmarm@lists.cs.columbia.edu, Ramana Radhakrishnan , linux-kernel@vger.kernel.org Subject: Re: [PATCH v10 3/5] KVM: arm64: Add userspace flag to enable pointer authentication Message-ID: <20190423154523.GN3567@e103592.cambridge.arm.com> References: <1555994558-26349-1-git-send-email-amit.kachhap@arm.com> <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 23, 2019 at 10:12:36AM +0530, Amit Daniel Kachhap wrote: > Now that the building blocks of pointer authentication are present, lets > add userspace flags KVM_ARM_VCPU_PTRAUTH_ADDRESS and > KVM_ARM_VCPU_PTRAUTH_GENERIC. These flags will enable pointer > authentication for the KVM guest on a per-vcpu basis through the ioctl > KVM_ARM_VCPU_INIT. > > This features will allow the KVM guest to allow the handling of > pointer authentication instructions or to treat them as undefined > if not set. > > Necessary documentations are added to reflect the changes done. > > Reviewed-by: Dave Martin > Signed-off-by: Amit Daniel Kachhap > Cc: Mark Rutland > Cc: Marc Zyngier > Cc: Christoffer Dall > Cc: kvmarm@lists.cs.columbia.edu > --- > Changed since v9: > * Fixed tab alignment at few places [Dave Martin]. > * Split the system capability checks [Dave Martin]. > > Documentation/arm64/pointer-authentication.txt | 22 +++++++++++++++++---- > Documentation/virtual/kvm/api.txt | 10 ++++++++++ > arch/arm64/include/asm/kvm_host.h | 2 +- > arch/arm64/include/uapi/asm/kvm.h | 2 ++ > arch/arm64/kvm/reset.c | 27 ++++++++++++++++++++++++++ > 5 files changed, 58 insertions(+), 5 deletions(-) > > diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt > index 5baca42..fc71b33 100644 > --- a/Documentation/arm64/pointer-authentication.txt > +++ b/Documentation/arm64/pointer-authentication.txt > @@ -87,7 +87,21 @@ used to get and set the keys for a thread. > Virtualization > -------------- > > -Pointer authentication is not currently supported in KVM guests. KVM > -will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of > -the feature will result in an UNDEFINED exception being injected into > -the guest. > +Pointer authentication is enabled in KVM guest when each virtual cpu is > +initialised by passing flags KVM_ARM_VCPU_PTRAUTH_[ADDRESS/GENERIC] and > +requesting these two separate cpu features to be enabled. The current KVM > +guest implementation works by enabling both features together, so both > +these userspace flags are checked before enabling pointer authentication. > +The separate userspace flag will allow to have no userspace ABI changes > +if support is added in the future to allow these two features to be > +enabled independently of one another. > + > +As Arm Architecture specifies that Pointer Authentication feature is > +implemented along with the VHE feature so KVM arm64 ptrauth code relies > +on VHE mode to be present. > + > +Additionally, when these vcpu feature flags are not set then KVM will > +filter out the Pointer Authentication system key registers from > +KVM_GET/SET_REG_* ioctls and mask those features from cpufeature ID > +register. Any attempt to use the Pointer Authentication instructions will > +result in an UNDEFINED exception being injected into the guest. > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt > index e410a9f..32afe7f 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -2761,6 +2761,16 @@ Possible features: > - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. > Depends on KVM_CAP_ARM_PMU_V3. > > + - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + > + - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + This looks pretty clear now. > - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only). > Depends on KVM_CAP_ARM_SVE. > Requires KVM_ARM_VCPU_FINALIZE(KVM_ARM_VCPU_SVE): > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index 7eebea7..f772ac2 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -49,7 +49,7 @@ > > #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS > > -#define KVM_VCPU_MAX_FEATURES 5 > +#define KVM_VCPU_MAX_FEATURES 7 > > #define KVM_REQ_SLEEP \ > KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index edd2db8..7b7ac0f 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -104,6 +104,8 @@ struct kvm_regs { > #define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */ > #define KVM_ARM_VCPU_PMU_V3 3 /* Support guest PMUv3 */ > #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ > +#define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ > +#define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ > > struct kvm_vcpu_init { > __u32 target; > diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c > index 3402543..028d0c6 100644 > --- a/arch/arm64/kvm/reset.c > +++ b/arch/arm64/kvm/reset.c > @@ -221,6 +221,27 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu) > memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu)); > } > > +static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu) > +{ > + /* Support ptrauth only if the system supports these capabilities. */ > + if (!has_vhe()) > + return -EINVAL; > + > + if (!system_supports_address_auth() || > + !system_supports_generic_auth()) > + return -EINVAL; Since pointer auth implies v8.3 and v8.3 implies v8.1 and v8.1 implies VHE: ((system_supports_address_auth() || system_supports_generic_auth()) && !has_vhe()) implies that the hardware is broken or the kernel is buggy. So, it probably makes sense to write if (!system_supports_address_auth() || !system_supports_generic_auth()) return -EINVAL; if (WARN_ON(!has_vhe())) return -EINVAL; This is not essential, and doesn't affect the ABI -- so we could apply it on top later on. [...] FWIW: Reviewed-by: Dave Martin (for the updates) Cheers ---Dave From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 041B9C10F03 for ; Tue, 23 Apr 2019 15:45:33 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id 9AFCB217D9 for ; Tue, 23 Apr 2019 15:45:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9AFCB217D9 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvmarm-bounces@lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 1D5814A470; Tue, 23 Apr 2019 11:45:32 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A2LsllqqIwZ7; Tue, 23 Apr 2019 11:45:30 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id A734D4A418; Tue, 23 Apr 2019 11:45:30 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 7E9C24A3A5 for ; Tue, 23 Apr 2019 11:45:29 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTypx3hWE-mA for ; Tue, 23 Apr 2019 11:45:28 -0400 (EDT) Received: from foss.arm.com (foss.arm.com [217.140.101.70]) by mm01.cs.columbia.edu (Postfix) with ESMTP id E27FB4A389 for ; Tue, 23 Apr 2019 11:45:27 -0400 (EDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63AD380D; Tue, 23 Apr 2019 08:45:27 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A99FD3F5AF; Tue, 23 Apr 2019 08:45:25 -0700 (PDT) Date: Tue, 23 Apr 2019 16:45:23 +0100 From: Dave Martin To: Amit Daniel Kachhap Subject: Re: [PATCH v10 3/5] KVM: arm64: Add userspace flag to enable pointer authentication Message-ID: <20190423154523.GN3567@e103592.cambridge.arm.com> References: <1555994558-26349-1-git-send-email-amit.kachhap@arm.com> <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Marc Zyngier , Catalin Marinas , Will Deacon , linux-kernel@vger.kernel.org, Kristina Martsenko , Ramana Radhakrishnan , kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu Message-ID: <20190423154523.SJZCtK54enMn0UNTl5SGUy6tmPaLUWIKl82ZsHdZmG8@z> On Tue, Apr 23, 2019 at 10:12:36AM +0530, Amit Daniel Kachhap wrote: > Now that the building blocks of pointer authentication are present, lets > add userspace flags KVM_ARM_VCPU_PTRAUTH_ADDRESS and > KVM_ARM_VCPU_PTRAUTH_GENERIC. These flags will enable pointer > authentication for the KVM guest on a per-vcpu basis through the ioctl > KVM_ARM_VCPU_INIT. > > This features will allow the KVM guest to allow the handling of > pointer authentication instructions or to treat them as undefined > if not set. > > Necessary documentations are added to reflect the changes done. > > Reviewed-by: Dave Martin > Signed-off-by: Amit Daniel Kachhap > Cc: Mark Rutland > Cc: Marc Zyngier > Cc: Christoffer Dall > Cc: kvmarm@lists.cs.columbia.edu > --- > Changed since v9: > * Fixed tab alignment at few places [Dave Martin]. > * Split the system capability checks [Dave Martin]. > > Documentation/arm64/pointer-authentication.txt | 22 +++++++++++++++++---- > Documentation/virtual/kvm/api.txt | 10 ++++++++++ > arch/arm64/include/asm/kvm_host.h | 2 +- > arch/arm64/include/uapi/asm/kvm.h | 2 ++ > arch/arm64/kvm/reset.c | 27 ++++++++++++++++++++++++++ > 5 files changed, 58 insertions(+), 5 deletions(-) > > diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt > index 5baca42..fc71b33 100644 > --- a/Documentation/arm64/pointer-authentication.txt > +++ b/Documentation/arm64/pointer-authentication.txt > @@ -87,7 +87,21 @@ used to get and set the keys for a thread. > Virtualization > -------------- > > -Pointer authentication is not currently supported in KVM guests. KVM > -will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of > -the feature will result in an UNDEFINED exception being injected into > -the guest. > +Pointer authentication is enabled in KVM guest when each virtual cpu is > +initialised by passing flags KVM_ARM_VCPU_PTRAUTH_[ADDRESS/GENERIC] and > +requesting these two separate cpu features to be enabled. The current KVM > +guest implementation works by enabling both features together, so both > +these userspace flags are checked before enabling pointer authentication. > +The separate userspace flag will allow to have no userspace ABI changes > +if support is added in the future to allow these two features to be > +enabled independently of one another. > + > +As Arm Architecture specifies that Pointer Authentication feature is > +implemented along with the VHE feature so KVM arm64 ptrauth code relies > +on VHE mode to be present. > + > +Additionally, when these vcpu feature flags are not set then KVM will > +filter out the Pointer Authentication system key registers from > +KVM_GET/SET_REG_* ioctls and mask those features from cpufeature ID > +register. Any attempt to use the Pointer Authentication instructions will > +result in an UNDEFINED exception being injected into the guest. > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt > index e410a9f..32afe7f 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -2761,6 +2761,16 @@ Possible features: > - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. > Depends on KVM_CAP_ARM_PMU_V3. > > + - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + > + - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + This looks pretty clear now. > - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only). > Depends on KVM_CAP_ARM_SVE. > Requires KVM_ARM_VCPU_FINALIZE(KVM_ARM_VCPU_SVE): > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index 7eebea7..f772ac2 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -49,7 +49,7 @@ > > #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS > > -#define KVM_VCPU_MAX_FEATURES 5 > +#define KVM_VCPU_MAX_FEATURES 7 > > #define KVM_REQ_SLEEP \ > KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index edd2db8..7b7ac0f 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -104,6 +104,8 @@ struct kvm_regs { > #define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */ > #define KVM_ARM_VCPU_PMU_V3 3 /* Support guest PMUv3 */ > #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ > +#define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ > +#define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ > > struct kvm_vcpu_init { > __u32 target; > diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c > index 3402543..028d0c6 100644 > --- a/arch/arm64/kvm/reset.c > +++ b/arch/arm64/kvm/reset.c > @@ -221,6 +221,27 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu) > memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu)); > } > > +static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu) > +{ > + /* Support ptrauth only if the system supports these capabilities. */ > + if (!has_vhe()) > + return -EINVAL; > + > + if (!system_supports_address_auth() || > + !system_supports_generic_auth()) > + return -EINVAL; Since pointer auth implies v8.3 and v8.3 implies v8.1 and v8.1 implies VHE: ((system_supports_address_auth() || system_supports_generic_auth()) && !has_vhe()) implies that the hardware is broken or the kernel is buggy. So, it probably makes sense to write if (!system_supports_address_auth() || !system_supports_generic_auth()) return -EINVAL; if (WARN_ON(!has_vhe())) return -EINVAL; This is not essential, and doesn't affect the ABI -- so we could apply it on top later on. [...] FWIW: Reviewed-by: Dave Martin (for the updates) Cheers ---Dave _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9C4FC282DD for ; Tue, 23 Apr 2019 15:45:35 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A9FBB217D9 for ; Tue, 23 Apr 2019 15:45:35 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="SZsSZClx" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A9FBB217D9 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=QBqz2+Du6Oz1A875RiAHUVyolbXCxPXjo9k3ITlO6Y4=; b=SZsSZClxWl2Fdo 7n17vHW7eVZUHU0En4Hu9IEI/6aQB9QtuXaYnjQVqpIVvDTYn5dYXZY+j2hOFUQUxi2pI1hxNbkTN jgihWtux2XmTqTrm2mToQwqw+sWelLcFclKNln5cM3xyk1g8oOeAgWxhix5sSRI4MNnbM99ie/Uxs Jjy3QeOGyVROLIh4g+C2VwSL5eaSR7h+sIPlqIUnc/gLeyg6cu7OWiWCuoM7P1kMUTZ/Xp0u0qo94 zRdGZhxSL1xH2goynzGycfAKI+Wh7rL6ALUq0jC2ZjnJk5RcNrQqloyZHZJ4T50XXAP/KhFLRL+t5 WfmQwGKnA++0yZUFxwdA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hIxbu-0003E5-G8; Tue, 23 Apr 2019 15:45:30 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hIxbr-0003Dk-Qe for linux-arm-kernel@lists.infradead.org; Tue, 23 Apr 2019 15:45:29 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63AD380D; Tue, 23 Apr 2019 08:45:27 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A99FD3F5AF; Tue, 23 Apr 2019 08:45:25 -0700 (PDT) Date: Tue, 23 Apr 2019 16:45:23 +0100 From: Dave Martin To: Amit Daniel Kachhap Subject: Re: [PATCH v10 3/5] KVM: arm64: Add userspace flag to enable pointer authentication Message-ID: <20190423154523.GN3567@e103592.cambridge.arm.com> References: <1555994558-26349-1-git-send-email-amit.kachhap@arm.com> <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1555994558-26349-4-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190423_084527_871876_C704B931 X-CRM114-Status: GOOD ( 28.07 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marc Zyngier , Catalin Marinas , Will Deacon , linux-kernel@vger.kernel.org, Kristina Martsenko , Ramana Radhakrishnan , kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Apr 23, 2019 at 10:12:36AM +0530, Amit Daniel Kachhap wrote: > Now that the building blocks of pointer authentication are present, lets > add userspace flags KVM_ARM_VCPU_PTRAUTH_ADDRESS and > KVM_ARM_VCPU_PTRAUTH_GENERIC. These flags will enable pointer > authentication for the KVM guest on a per-vcpu basis through the ioctl > KVM_ARM_VCPU_INIT. > > This features will allow the KVM guest to allow the handling of > pointer authentication instructions or to treat them as undefined > if not set. > > Necessary documentations are added to reflect the changes done. > > Reviewed-by: Dave Martin > Signed-off-by: Amit Daniel Kachhap > Cc: Mark Rutland > Cc: Marc Zyngier > Cc: Christoffer Dall > Cc: kvmarm@lists.cs.columbia.edu > --- > Changed since v9: > * Fixed tab alignment at few places [Dave Martin]. > * Split the system capability checks [Dave Martin]. > > Documentation/arm64/pointer-authentication.txt | 22 +++++++++++++++++---- > Documentation/virtual/kvm/api.txt | 10 ++++++++++ > arch/arm64/include/asm/kvm_host.h | 2 +- > arch/arm64/include/uapi/asm/kvm.h | 2 ++ > arch/arm64/kvm/reset.c | 27 ++++++++++++++++++++++++++ > 5 files changed, 58 insertions(+), 5 deletions(-) > > diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt > index 5baca42..fc71b33 100644 > --- a/Documentation/arm64/pointer-authentication.txt > +++ b/Documentation/arm64/pointer-authentication.txt > @@ -87,7 +87,21 @@ used to get and set the keys for a thread. > Virtualization > -------------- > > -Pointer authentication is not currently supported in KVM guests. KVM > -will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of > -the feature will result in an UNDEFINED exception being injected into > -the guest. > +Pointer authentication is enabled in KVM guest when each virtual cpu is > +initialised by passing flags KVM_ARM_VCPU_PTRAUTH_[ADDRESS/GENERIC] and > +requesting these two separate cpu features to be enabled. The current KVM > +guest implementation works by enabling both features together, so both > +these userspace flags are checked before enabling pointer authentication. > +The separate userspace flag will allow to have no userspace ABI changes > +if support is added in the future to allow these two features to be > +enabled independently of one another. > + > +As Arm Architecture specifies that Pointer Authentication feature is > +implemented along with the VHE feature so KVM arm64 ptrauth code relies > +on VHE mode to be present. > + > +Additionally, when these vcpu feature flags are not set then KVM will > +filter out the Pointer Authentication system key registers from > +KVM_GET/SET_REG_* ioctls and mask those features from cpufeature ID > +register. Any attempt to use the Pointer Authentication instructions will > +result in an UNDEFINED exception being injected into the guest. > diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt > index e410a9f..32afe7f 100644 > --- a/Documentation/virtual/kvm/api.txt > +++ b/Documentation/virtual/kvm/api.txt > @@ -2761,6 +2761,16 @@ Possible features: > - KVM_ARM_VCPU_PMU_V3: Emulate PMUv3 for the CPU. > Depends on KVM_CAP_ARM_PMU_V3. > > + - KVM_ARM_VCPU_PTRAUTH_ADDRESS: Enables Address Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + > + - KVM_ARM_VCPU_PTRAUTH_GENERIC: Enables Generic Pointer authentication > + for arm64 only. > + Both KVM_ARM_VCPU_PTRAUTH_ADDRESS and KVM_ARM_VCPU_PTRAUTH_GENERIC > + must be requested or neither must be requested. > + This looks pretty clear now. > - KVM_ARM_VCPU_SVE: Enables SVE for the CPU (arm64 only). > Depends on KVM_CAP_ARM_SVE. > Requires KVM_ARM_VCPU_FINALIZE(KVM_ARM_VCPU_SVE): > diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h > index 7eebea7..f772ac2 100644 > --- a/arch/arm64/include/asm/kvm_host.h > +++ b/arch/arm64/include/asm/kvm_host.h > @@ -49,7 +49,7 @@ > > #define KVM_MAX_VCPUS VGIC_V3_MAX_CPUS > > -#define KVM_VCPU_MAX_FEATURES 5 > +#define KVM_VCPU_MAX_FEATURES 7 > > #define KVM_REQ_SLEEP \ > KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP) > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index edd2db8..7b7ac0f 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -104,6 +104,8 @@ struct kvm_regs { > #define KVM_ARM_VCPU_PSCI_0_2 2 /* CPU uses PSCI v0.2 */ > #define KVM_ARM_VCPU_PMU_V3 3 /* Support guest PMUv3 */ > #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ > +#define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ > +#define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ > > struct kvm_vcpu_init { > __u32 target; > diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c > index 3402543..028d0c6 100644 > --- a/arch/arm64/kvm/reset.c > +++ b/arch/arm64/kvm/reset.c > @@ -221,6 +221,27 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu) > memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu)); > } > > +static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu) > +{ > + /* Support ptrauth only if the system supports these capabilities. */ > + if (!has_vhe()) > + return -EINVAL; > + > + if (!system_supports_address_auth() || > + !system_supports_generic_auth()) > + return -EINVAL; Since pointer auth implies v8.3 and v8.3 implies v8.1 and v8.1 implies VHE: ((system_supports_address_auth() || system_supports_generic_auth()) && !has_vhe()) implies that the hardware is broken or the kernel is buggy. So, it probably makes sense to write if (!system_supports_address_auth() || !system_supports_generic_auth()) return -EINVAL; if (WARN_ON(!has_vhe())) return -EINVAL; This is not essential, and doesn't affect the ABI -- so we could apply it on top later on. [...] FWIW: Reviewed-by: Dave Martin (for the updates) Cheers ---Dave _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel