Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
fc279329
Commit
fc279329
authored
Jul 28, 2020
by
Marc Zyngier
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'kvm-arm64/ptrauth-nvhe' into kvmarm-master/next-WIP
Signed-off-by:
Marc Zyngier
<
maz@kernel.org
>
parents
300dca68
11ac16a4
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
29 additions
and
35 deletions
+29
-35
arch/arm64/Kconfig
arch/arm64/Kconfig
+1
-3
arch/arm64/include/asm/kvm_ptrauth.h
arch/arm64/include/asm/kvm_ptrauth.h
+13
-21
arch/arm64/kvm/hyp/nvhe/hyp-init.S
arch/arm64/kvm/hyp/nvhe/hyp-init.S
+5
-0
arch/arm64/kvm/reset.c
arch/arm64/kvm/reset.c
+10
-11
No files found.
arch/arm64/Kconfig
View file @
fc279329
...
...
@@ -1516,7 +1516,6 @@ menu "ARMv8.3 architectural features"
config ARM64_PTR_AUTH
bool "Enable support for pointer authentication"
default y
depends on !KVM || ARM64_VHE
depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC
# Modern compilers insert a .note.gnu.property section note for PAC
# which is only understood by binutils starting with version 2.33.1.
...
...
@@ -1543,8 +1542,7 @@ config ARM64_PTR_AUTH
The feature is detected at runtime. If the feature is not present in
hardware it will not be advertised to userspace/KVM guest nor will it
be enabled. However, KVM guest also require VHE mode and hence
CONFIG_ARM64_VHE=y option to use this feature.
be enabled.
If the feature is present on the boot CPU but not on a late CPU, then
the late CPU will be parked. Also, if the boot CPU does not have
...
...
arch/arm64/include/asm/kvm_ptrauth.h
View file @
fc279329
...
...
@@ -61,44 +61,36 @@
/*
* Both ptrauth_switch_to_guest and ptrauth_switch_to_host macros will
* check for the presence
of one of the cpufeature flag
*
ARM64_HAS_ADDRESS_AUTH_ARCH or ARM64_HAS_ADDRESS_AUTH_IMP_DEF
and
* check for the presence
ARM64_HAS_ADDRESS_AUTH, which is defined as
*
(ARM64_HAS_ADDRESS_AUTH_ARCH || ARM64_HAS_ADDRESS_AUTH_IMP_DEF)
and
* then proceed ahead with the save/restore of Pointer Authentication
* key registers.
* key registers
if enabled for the guest
.
*/
.
macro
ptrauth_switch_to_guest
g_ctxt
,
reg1
,
reg2
,
reg3
alternative_if
ARM64_HAS_ADDRESS_AUTH_ARC
H
b
1000
f
alternative_if
_not
ARM64_HAS_ADDRESS_AUT
H
b
.
L__skip_switch
\@
alternative_else_nop_endif
alternative_if_not
ARM64_HAS_ADDRESS_AUTH_IMP_DEF
b
1001
f
alternative_else_nop_endif
1000
:
ldr
\
reg1
,
[
\
g_ctxt
,
#
(
VCPU_HCR_EL2
-
VCPU_CONTEXT
)]
mrs
\
reg1
,
hcr_el2
and
\
reg1
,
\
reg1
,
#
(
HCR_API
|
HCR_APK
)
cbz
\
reg1
,
1001
f
cbz
\
reg1
,
.
L__skip_switch
\@
add
\
reg1
,
\
g_ctxt
,
#
CPU_APIAKEYLO_EL1
ptrauth_restore_state
\
reg1
,
\
reg2
,
\
reg3
1001
:
.
L__skip_switch
\@
:
.
endm
.
macro
ptrauth_switch_to_host
g_ctxt
,
h_ctxt
,
reg1
,
reg2
,
reg3
alternative_if
ARM64_HAS_ADDRESS_AUTH_ARCH
b
2000
f
alternative_else_nop_endif
alternative_if_not
ARM64_HAS_ADDRESS_AUTH_IMP_DEF
b
2001
f
alternative_if_not
ARM64_HAS_ADDRESS_AUTH
b
.
L__skip_switch
\@
alternative_else_nop_endif
2000
:
ldr
\
reg1
,
[
\
g_ctxt
,
#
(
VCPU_HCR_EL2
-
VCPU_CONTEXT
)]
mrs
\
reg1
,
hcr_el2
and
\
reg1
,
\
reg1
,
#
(
HCR_API
|
HCR_APK
)
cbz
\
reg1
,
2001
f
cbz
\
reg1
,
.
L__skip_switch
\@
add
\
reg1
,
\
g_ctxt
,
#
CPU_APIAKEYLO_EL1
ptrauth_save_state
\
reg1
,
\
reg2
,
\
reg3
add
\
reg1
,
\
h_ctxt
,
#
CPU_APIAKEYLO_EL1
ptrauth_restore_state
\
reg1
,
\
reg2
,
\
reg3
isb
2001
:
.
L__skip_switch
\@
:
.
endm
#else
/* !CONFIG_ARM64_PTR_AUTH */
...
...
arch/arm64/kvm/hyp/nvhe/hyp-init.S
View file @
fc279329
...
...
@@ -104,6 +104,11 @@ alternative_else_nop_endif
*/
mov_q
x4
,
(
SCTLR_EL2_RES1
|
(
SCTLR_ELx_FLAGS
&
~
SCTLR_ELx_A
))
CPU_BE
(
orr
x4
,
x4
,
#
SCTLR_ELx_EE
)
alternative_if
ARM64_HAS_ADDRESS_AUTH
mov_q
x5
,
(
SCTLR_ELx_ENIA
| SCTLR_ELx_ENIB |
\
SCTLR_ELx_ENDA
|
SCTLR_ELx_ENDB
)
orr
x4
,
x4
,
x5
alternative_else_nop_endif
msr
sctlr_el2
,
x4
isb
...
...
arch/arm64/kvm/reset.c
View file @
fc279329
...
...
@@ -42,6 +42,11 @@ static u32 kvm_ipa_limit;
#define VCPU_RESET_PSTATE_SVC (PSR_AA32_MODE_SVC | PSR_AA32_A_BIT | \
PSR_AA32_I_BIT | PSR_AA32_F_BIT)
static
bool
system_has_full_ptr_auth
(
void
)
{
return
system_supports_address_auth
()
&&
system_supports_generic_auth
();
}
/**
* kvm_arch_vm_ioctl_check_extension
*
...
...
@@ -80,8 +85,7 @@ int kvm_arch_vm_ioctl_check_extension(struct kvm *kvm, long ext)
break
;
case
KVM_CAP_ARM_PTRAUTH_ADDRESS
:
case
KVM_CAP_ARM_PTRAUTH_GENERIC
:
r
=
has_vhe
()
&&
system_supports_address_auth
()
&&
system_supports_generic_auth
();
r
=
system_has_full_ptr_auth
();
break
;
default:
r
=
0
;
...
...
@@ -205,19 +209,14 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu)
static
int
kvm_vcpu_enable_ptrauth
(
struct
kvm_vcpu
*
vcpu
)
{
/* Support ptrauth only if the system supports these capabilities. */
if
(
!
has_vhe
())
return
-
EINVAL
;
if
(
!
system_supports_address_auth
()
||
!
system_supports_generic_auth
())
return
-
EINVAL
;
/*
* For now make sure that both address/generic pointer authentication
* features are requested by the userspace together.
* features are requested by the userspace together and the system
* supports these capabilities.
*/
if
(
!
test_bit
(
KVM_ARM_VCPU_PTRAUTH_ADDRESS
,
vcpu
->
arch
.
features
)
||
!
test_bit
(
KVM_ARM_VCPU_PTRAUTH_GENERIC
,
vcpu
->
arch
.
features
))
!
test_bit
(
KVM_ARM_VCPU_PTRAUTH_GENERIC
,
vcpu
->
arch
.
features
)
||
!
system_has_full_ptr_auth
())
return
-
EINVAL
;
vcpu
->
arch
.
flags
|=
KVM_ARM64_GUEST_HAS_PTRAUTH
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment