Message ID | 20200615081954.6233-3-maz@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KVM/arm64: Enable PtrAuth on non-VHE KVM | expand |
On Mon, Jun 15, 2020 at 09:19:52AM +0100, Marc Zyngier wrote: > We currently prevent PtrAuth from even being built if KVM is selected, > but VHE isn't. It is a bit of a pointless restriction, since we also > check this at run time (rejecting the enabling of PtrAuth for the > vcpu if we're not running with VHE). > > Just drop this apparently useless restriction. > > Signed-off-by: Marc Zyngier <maz@kernel.org> > --- > arch/arm64/Kconfig | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 31380da53689..d719ea9c596d 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1516,7 +1516,6 @@ menu "ARMv8.3 architectural features" > config ARM64_PTR_AUTH > bool "Enable support for pointer authentication" > default y > - depends on !KVM || ARM64_VHE > depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC > # GCC 9.1 and later inserts a .note.gnu.property section note for PAC > # which is only understood by binutils starting with version 2.33.1. > @@ -1543,8 +1542,7 @@ config ARM64_PTR_AUTH > > The feature is detected at runtime. If the feature is not present in > hardware it will not be advertised to userspace/KVM guest nor will it > - be enabled. However, KVM guest also require VHE mode and hence > - CONFIG_ARM64_VHE=y option to use this feature. > + be enabled. > > If the feature is present on the boot CPU but not on a late CPU, then > the late CPU will be parked. Also, if the boot CPU does not have ...and we just got the patch to let EL2 use the ptrauth instructions for the save restore in hyp/entry.S! Acked-by: Andrew Scull <ascull@google.com>
On Mon, Jun 15, 2020 at 09:19:52AM +0100, Marc Zyngier wrote: > We currently prevent PtrAuth from even being built if KVM is selected, > but VHE isn't. It is a bit of a pointless restriction, since we also > check this at run time (rejecting the enabling of PtrAuth for the > vcpu if we're not running with VHE). > > Just drop this apparently useless restriction. > > Signed-off-by: Marc Zyngier <maz@kernel.org> I can't recall exactly why we had this limitation to begin with, but given we now save/restore the keys in common hyp code, I don't see a reason to forbid this, and agree the limitation is pointless, so: Acked-by: Mark Rutland <mark.rutland@arm.com> Mark. > --- > arch/arm64/Kconfig | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 31380da53689..d719ea9c596d 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -1516,7 +1516,6 @@ menu "ARMv8.3 architectural features" > config ARM64_PTR_AUTH > bool "Enable support for pointer authentication" > default y > - depends on !KVM || ARM64_VHE > depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC > # GCC 9.1 and later inserts a .note.gnu.property section note for PAC > # which is only understood by binutils starting with version 2.33.1. > @@ -1543,8 +1542,7 @@ config ARM64_PTR_AUTH > > The feature is detected at runtime. If the feature is not present in > hardware it will not be advertised to userspace/KVM guest nor will it > - be enabled. However, KVM guest also require VHE mode and hence > - CONFIG_ARM64_VHE=y option to use this feature. > + be enabled. > > If the feature is present on the boot CPU but not on a late CPU, then > the late CPU will be parked. Also, if the boot CPU does not have > -- > 2.27.0 > > _______________________________________________ > kvmarm mailing list > kvmarm@lists.cs.columbia.edu > https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 31380da53689..d719ea9c596d 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1516,7 +1516,6 @@ menu "ARMv8.3 architectural features" config ARM64_PTR_AUTH bool "Enable support for pointer authentication" default y - depends on !KVM || ARM64_VHE depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC # GCC 9.1 and later inserts a .note.gnu.property section note for PAC # which is only understood by binutils starting with version 2.33.1. @@ -1543,8 +1542,7 @@ config ARM64_PTR_AUTH The feature is detected at runtime. If the feature is not present in hardware it will not be advertised to userspace/KVM guest nor will it - be enabled. However, KVM guest also require VHE mode and hence - CONFIG_ARM64_VHE=y option to use this feature. + be enabled. If the feature is present on the boot CPU but not on a late CPU, then the late CPU will be parked. Also, if the boot CPU does not have
We currently prevent PtrAuth from even being built if KVM is selected, but VHE isn't. It is a bit of a pointless restriction, since we also check this at run time (rejecting the enabling of PtrAuth for the vcpu if we're not running with VHE). Just drop this apparently useless restriction. Signed-off-by: Marc Zyngier <maz@kernel.org> --- arch/arm64/Kconfig | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)