From: Amit Daniel Kachhap <amit.kachhap@arm.com> To: Kristina Martsenko <kristina.martsenko@arm.com>, linux-arm-kernel@lists.infradead.org Cc: Christoffer Dall <christoffer.dall@arm.com>, Marc Zyngier <marc.zyngier@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>, Andrew Jones <drjones@redhat.com>, Dave Martin <Dave.Martin@arm.com>, Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Mark Rutland <mark.rutland@arm.com>, James Morse <james.morse@arm.com>, Julien Thierry <julien.thierry@arm.com> Subject: Re: [PATCH v7 7/10] KVM: arm/arm64: context-switch ptrauth registers Date: Tue, 26 Mar 2019 09:33:58 +0530 [thread overview] Message-ID: <da7091a9-01b2-bead-3777-972fbb293def@arm.com> (raw) In-Reply-To: <64505666-8a1f-cf64-7067-4b2dd53b0b40@arm.com> Hi, On 3/26/19 1:34 AM, Kristina Martsenko wrote: > On 19/03/2019 08:30, Amit Daniel Kachhap wrote: >> From: Mark Rutland <mark.rutland@arm.com> >> >> When pointer authentication is supported, a guest may wish to use it. >> This patch adds the necessary KVM infrastructure for this to work, with >> a semi-lazy context switch of the pointer auth state. >> >> Pointer authentication feature is only enabled when VHE is built >> in the kernel and present in the CPU implementation so only VHE code >> paths are modified. >> >> When we schedule a vcpu, we disable guest usage of pointer >> authentication instructions and accesses to the keys. While these are >> disabled, we avoid context-switching the keys. When we trap the guest >> trying to use pointer authentication functionality, we change to eagerly >> context-switching the keys, and enable the feature. The next time the >> vcpu is scheduled out/in, we start again. However the host key save is >> optimized and implemented inside ptrauth instruction/register access >> trap. >> >> Pointer authentication consists of address authentication and generic >> authentication, and CPUs in a system might have varied support for >> either. Where support for either feature is not uniform, it is hidden >> from guests via ID register emulation, as a result of the cpufeature >> framework in the host. >> >> Unfortunately, address authentication and generic authentication cannot >> be trapped separately, as the architecture provides a single EL2 trap >> covering both. If we wish to expose one without the other, we cannot >> prevent a (badly-written) guest from intermittently using a feature >> which is not uniformly supported (when scheduled on a physical CPU which >> supports the relevant feature). Hence, this patch expects both type of >> authentication to be present in a cpu. >> >> This switch of key is done from guest enter/exit assembly as preperation >> for the upcoming in-kernel pointer authentication support. Hence, these >> key switching routines are not implemented in C code as they may cause >> pointer authentication key signing error in some situations. >> >> Signed-off-by: Mark Rutland <mark.rutland@arm.com> >> [Only VHE, key switch in full assembly, vcpu_has_ptrauth checks >> , save host key in ptrauth exception trap] >> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com> >> Reviewed-by: Julien Thierry <julien.thierry@arm.com> >> Cc: Marc Zyngier <marc.zyngier@arm.com> >> Cc: Christoffer Dall <christoffer.dall@arm.com> >> Cc: kvmarm@lists.cs.columbia.edu > > [...] > >> +/* SPDX-License-Identifier: GPL-2.0 >> + * arch/arm64/include/asm/kvm_ptrauth_asm.h: Guest/host ptrauth save/restore >> + * Copyright 2019 Arm Limited >> + * Author: Mark Rutland <mark.rutland@arm.com> >> + * Amit Daniel Kachhap <amit.kachhap@arm.com> >> + */ > > I think the license needs to be in its own comment, like > > /* SPDX-License-Identifier: GPL-2.0 */ yes this is indeed the format followed. > /* arch/arm64/include/asm/kvm_ptrauth_asm.h: ... > * ... > */ > >> + >> +#ifndef __ASM_KVM_ASM_PTRAUTH_H >> +#define __ASM_KVM_ASM_PTRAUTH_H > > __ASM_KVM_PTRAUTH_ASM_H ? (to match the file name) > >> + if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) || >> + test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features)) { >> + /* Verify that KVM startup matches the conditions for ptrauth */ >> + if (WARN_ON(!vcpu_has_ptrauth(vcpu))) >> + return -EINVAL; >> + } > > I think this now needs to have "goto out;" instead of "return -EINVAL;", > since 5.1-rcX contains commit e761a927bc9a ("KVM: arm/arm64: Reset the > VCPU without preemption and vcpu state loaded") which changed some of > this code. ok missed the changes for this commit. > >> @@ -385,6 +385,8 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) >> vcpu_clear_wfe_traps(vcpu); >> else >> vcpu_set_wfe_traps(vcpu); >> + >> + kvm_arm_vcpu_ptrauth_setup_lazy(vcpu); > > This version of the series seems to have lost the arch/arm/ definition > of kvm_arm_vcpu_ptrauth_setup_lazy (previously > kvm_arm_vcpu_ptrauth_reset), so KVM no longer compiles for arch/arm/ :( ok my bad. Thanks, Amit D > > Thanks, > Kristina >
WARNING: multiple messages have this Message-ID (diff)
From: Amit Daniel Kachhap <amit.kachhap@arm.com> To: Kristina Martsenko <kristina.martsenko@arm.com>, linux-arm-kernel@lists.infradead.org Cc: Mark Rutland <mark.rutland@arm.com>, Andrew Jones <drjones@redhat.com>, Julien Thierry <julien.thierry@arm.com>, Marc Zyngier <marc.zyngier@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will.deacon@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, kvmarm@lists.cs.columbia.edu, James Morse <james.morse@arm.com>, Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>, Dave Martin <Dave.Martin@arm.com>, linux-kernel@vger.kernel.org Subject: Re: [PATCH v7 7/10] KVM: arm/arm64: context-switch ptrauth registers Date: Tue, 26 Mar 2019 09:33:58 +0530 [thread overview] Message-ID: <da7091a9-01b2-bead-3777-972fbb293def@arm.com> (raw) In-Reply-To: <64505666-8a1f-cf64-7067-4b2dd53b0b40@arm.com> Hi, On 3/26/19 1:34 AM, Kristina Martsenko wrote: > On 19/03/2019 08:30, Amit Daniel Kachhap wrote: >> From: Mark Rutland <mark.rutland@arm.com> >> >> When pointer authentication is supported, a guest may wish to use it. >> This patch adds the necessary KVM infrastructure for this to work, with >> a semi-lazy context switch of the pointer auth state. >> >> Pointer authentication feature is only enabled when VHE is built >> in the kernel and present in the CPU implementation so only VHE code >> paths are modified. >> >> When we schedule a vcpu, we disable guest usage of pointer >> authentication instructions and accesses to the keys. While these are >> disabled, we avoid context-switching the keys. When we trap the guest >> trying to use pointer authentication functionality, we change to eagerly >> context-switching the keys, and enable the feature. The next time the >> vcpu is scheduled out/in, we start again. However the host key save is >> optimized and implemented inside ptrauth instruction/register access >> trap. >> >> Pointer authentication consists of address authentication and generic >> authentication, and CPUs in a system might have varied support for >> either. Where support for either feature is not uniform, it is hidden >> from guests via ID register emulation, as a result of the cpufeature >> framework in the host. >> >> Unfortunately, address authentication and generic authentication cannot >> be trapped separately, as the architecture provides a single EL2 trap >> covering both. If we wish to expose one without the other, we cannot >> prevent a (badly-written) guest from intermittently using a feature >> which is not uniformly supported (when scheduled on a physical CPU which >> supports the relevant feature). Hence, this patch expects both type of >> authentication to be present in a cpu. >> >> This switch of key is done from guest enter/exit assembly as preperation >> for the upcoming in-kernel pointer authentication support. Hence, these >> key switching routines are not implemented in C code as they may cause >> pointer authentication key signing error in some situations. >> >> Signed-off-by: Mark Rutland <mark.rutland@arm.com> >> [Only VHE, key switch in full assembly, vcpu_has_ptrauth checks >> , save host key in ptrauth exception trap] >> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com> >> Reviewed-by: Julien Thierry <julien.thierry@arm.com> >> Cc: Marc Zyngier <marc.zyngier@arm.com> >> Cc: Christoffer Dall <christoffer.dall@arm.com> >> Cc: kvmarm@lists.cs.columbia.edu > > [...] > >> +/* SPDX-License-Identifier: GPL-2.0 >> + * arch/arm64/include/asm/kvm_ptrauth_asm.h: Guest/host ptrauth save/restore >> + * Copyright 2019 Arm Limited >> + * Author: Mark Rutland <mark.rutland@arm.com> >> + * Amit Daniel Kachhap <amit.kachhap@arm.com> >> + */ > > I think the license needs to be in its own comment, like > > /* SPDX-License-Identifier: GPL-2.0 */ yes this is indeed the format followed. > /* arch/arm64/include/asm/kvm_ptrauth_asm.h: ... > * ... > */ > >> + >> +#ifndef __ASM_KVM_ASM_PTRAUTH_H >> +#define __ASM_KVM_ASM_PTRAUTH_H > > __ASM_KVM_PTRAUTH_ASM_H ? (to match the file name) > >> + if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) || >> + test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features)) { >> + /* Verify that KVM startup matches the conditions for ptrauth */ >> + if (WARN_ON(!vcpu_has_ptrauth(vcpu))) >> + return -EINVAL; >> + } > > I think this now needs to have "goto out;" instead of "return -EINVAL;", > since 5.1-rcX contains commit e761a927bc9a ("KVM: arm/arm64: Reset the > VCPU without preemption and vcpu state loaded") which changed some of > this code. ok missed the changes for this commit. > >> @@ -385,6 +385,8 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu) >> vcpu_clear_wfe_traps(vcpu); >> else >> vcpu_set_wfe_traps(vcpu); >> + >> + kvm_arm_vcpu_ptrauth_setup_lazy(vcpu); > > This version of the series seems to have lost the arch/arm/ definition > of kvm_arm_vcpu_ptrauth_setup_lazy (previously > kvm_arm_vcpu_ptrauth_reset), so KVM no longer compiles for arch/arm/ :( ok my bad. Thanks, Amit D > > Thanks, > Kristina > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-03-26 4:04 UTC|newest] Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-03-19 8:30 [PATCH v7 0/10] Add ARMv8.3 pointer authentication for kvm guest Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 1/10] KVM: arm64: Propagate vcpu into read_id_reg() Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 2/10] KVM: arm64: Support runtime sysreg visibility filtering Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 3/10] KVM: arm64: Move hyp_symbol_addr to fix dependency Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-20 8:49 ` Julien Thierry 2019-03-20 8:49 ` Julien Thierry 2019-03-21 5:29 ` Amit Daniel Kachhap 2019-03-21 5:29 ` Amit Daniel Kachhap 2019-03-21 5:29 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 4/10] KVM: arm/arm64: preserve host HCR_EL2 value Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 5/10] KVM: arm/arm64: preserve host MDCR_EL2 value Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-25 20:04 ` Kristina Martsenko 2019-03-25 20:04 ` Kristina Martsenko 2019-03-26 3:55 ` Amit Daniel Kachhap 2019-03-26 3:55 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 6/10] KVM: arm64: Add vcpu feature flags to control ptrauth accessibility Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 7/10] KVM: arm/arm64: context-switch ptrauth registers Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-20 12:13 ` Julien Thierry 2019-03-20 12:13 ` Julien Thierry 2019-03-21 6:08 ` Amit Daniel Kachhap 2019-03-21 6:08 ` Amit Daniel Kachhap 2019-03-21 8:29 ` Julien Thierry 2019-03-21 8:29 ` Julien Thierry 2019-03-25 20:04 ` Kristina Martsenko 2019-03-25 20:04 ` Kristina Martsenko 2019-03-26 4:03 ` Amit Daniel Kachhap [this message] 2019-03-26 4:03 ` Amit Daniel Kachhap 2019-03-26 18:01 ` Kristina Martsenko 2019-03-26 18:01 ` Kristina Martsenko 2019-03-27 3:21 ` Amit Daniel Kachhap 2019-03-27 3:21 ` Amit Daniel Kachhap 2019-03-27 3:21 ` Amit Daniel Kachhap 2019-03-27 18:16 ` James Morse 2019-03-27 18:16 ` James Morse 2019-03-27 18:16 ` James Morse 2019-03-28 11:29 ` Amit Daniel Kachhap 2019-03-28 11:29 ` Amit Daniel Kachhap 2019-03-28 18:51 ` James Morse 2019-03-28 18:51 ` James Morse 2019-03-29 5:54 ` Amit Daniel Kachhap 2019-03-29 5:54 ` Amit Daniel Kachhap 2019-03-29 5:54 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 8/10] KVM: arm64: Add capability to advertise ptrauth for guest Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-25 20:05 ` Kristina Martsenko 2019-03-25 20:05 ` Kristina Martsenko 2019-03-26 4:12 ` Amit Daniel Kachhap 2019-03-26 4:12 ` Amit Daniel Kachhap 2019-03-26 4:12 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [PATCH v7 9/10] KVM: arm64: docs: document KVM support of pointer authentication Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap 2019-03-20 13:37 ` Julien Thierry 2019-03-20 13:37 ` Julien Thierry 2019-03-20 15:04 ` Kristina Martsenko 2019-03-20 15:04 ` Kristina Martsenko 2019-03-20 18:06 ` Julien Thierry 2019-03-20 18:06 ` Julien Thierry 2019-03-20 20:56 ` Kristina Martsenko 2019-03-20 20:56 ` Kristina Martsenko 2019-03-21 6:41 ` Amit Daniel Kachhap 2019-03-21 6:41 ` Amit Daniel Kachhap 2019-03-25 20:05 ` Kristina Martsenko 2019-03-25 20:05 ` Kristina Martsenko 2019-03-27 10:44 ` Dave Martin 2019-03-27 10:44 ` Dave Martin 2019-03-27 11:49 ` Amit Daniel Kachhap 2019-03-27 11:49 ` Amit Daniel Kachhap 2019-03-27 13:50 ` Dave Martin 2019-03-27 13:50 ` Dave Martin 2019-03-28 10:13 ` Amit Daniel Kachhap 2019-03-28 10:13 ` Amit Daniel Kachhap 2019-03-19 8:30 ` [kvmtool PATCH v7 10/10] KVM: arm/arm64: Add a vcpu feature for " Amit Daniel Kachhap 2019-03-19 8:30 ` Amit Daniel Kachhap
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=da7091a9-01b2-bead-3777-972fbb293def@arm.com \ --to=amit.kachhap@arm.com \ --cc=Dave.Martin@arm.com \ --cc=catalin.marinas@arm.com \ --cc=christoffer.dall@arm.com \ --cc=drjones@redhat.com \ --cc=james.morse@arm.com \ --cc=julien.thierry@arm.com \ --cc=kristina.martsenko@arm.com \ --cc=kvmarm@lists.cs.columbia.edu \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marc.zyngier@arm.com \ --cc=mark.rutland@arm.com \ --cc=ramana.radhakrishnan@arm.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.