From patchwork Mon Jul 22 16:33:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13738942 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EA9B1C3DA59 for ; Mon, 22 Jul 2024 16:33:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:Mime-Version:Date:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=oBZRiaoiPHpjvaQGdbS690AKipoWmT5TbMFGcfqkUO0=; b=ghXCqN85MspsVSZJR1FBI3gsGy Ih7Smzl+92FMR0cXwx/6IYzFBPZyx0QFzdDKCNMfWpgaUKVH24HpW5xEc7pZy6DSM/hw2fJ6xUici mNC0rOkyvktLFb2c1AN3lpztjJTGcFMgjvk4dbw2hR+iOPGoPczPvcAhmiTYcsVypP/Skyd1tCwjL 9WKKQEVyBhEUrg6UVOcEfo4pvlM5LHre9RWcpSJWpFu1lxnvD0HtONp+77+Oi9GsOlHtok8LFMOno HbkgXa5hgsrFLwHZiADKDokDFDOnpoE1qRvVXk+VebSQdQIfChOufVZD6eNgD1apm/9FTtctib990 qMsr18Iw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVvyl-0000000A5cX-1i5Z; Mon, 22 Jul 2024 16:33:39 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVvyO-0000000A5ae-1xus for linux-arm-kernel@lists.infradead.org; Mon, 22 Jul 2024 16:33:18 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-dfa73db88dcso9766619276.0 for ; Mon, 22 Jul 2024 09:33:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721665994; x=1722270794; darn=lists.infradead.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=oBZRiaoiPHpjvaQGdbS690AKipoWmT5TbMFGcfqkUO0=; b=MgWdmWapvmCCdc4VzUgLlIQksiXFPZht5nWRVo+wOmhIIUjaM71iDtSTs+9rmMujMH dvnDC9KClR3enoUy2GXz9s6NeVGJK5QwIyopsurb3Kc5O0OelyoBaQ/IXmg8x4ICSqzh D4qSXeuS0t5ImKUPPYhawPwCV6OygnQ8Z/ITpid3oAP6sYH9Gm1PdtW+Ns+gu9XCpGHc adRtuwKkxpltasgH0DDbCXfyIY4ttDdgb5k0IDhtey89oEd/RTGbqUsW/v49M4Y82ROX e6y/PIC8CBNdEjbrZya/QScjfMILS5Hb1PDqtu5vJRpT96BUCCKQMpWw+5XvD6k4EWsU Qyrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721665994; x=1722270794; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=oBZRiaoiPHpjvaQGdbS690AKipoWmT5TbMFGcfqkUO0=; b=EzVvQl9QhH1YbmQlsAUC3YnEoI/8LKQpEP6dIXQYc5oes+PUISm1eicJjHSXI/ENU+ g4dDrgRCCE0ogijEMw3BsrhFE6S/nWmLsa9NzvwcwisV4TohNCAl79jJUdzTyyBc8tCJ eF0TjAL3Irg7EsyQIPeXPKC/vKQTddjc8peeqVIuWOd6YkB0I3pHiA0w/3qOtkvMFyAn ZEp2zct9g+SD7ffYUbMfezaUtQ1jzv6RuK2MbMUI/GrxgF7Dffd+NU5slCmBO8S7jkXA pbIRMn9SaUPNXKPGkiGgQAHPLtYQguR43AHnEBuVVl3wzgKV02OrWeaMefVkuM+cF8FS B4KQ== X-Forwarded-Encrypted: i=1; AJvYcCXYU8/VYxMTdgC1YohJFd8m7qA1mNUpUYrFfDT7Fl79x8mrQlujkUTsIqaoTK8tlHXpuHGj4HnPCfbb7jDSefyvu7qQiRKFp24JMfkHTdxWZ8cDu5k= X-Gm-Message-State: AOJu0YwKsaQdI78udAq8K3TlyISv6hKx+vM0B+P7NHa9Bl9hcOabNEnL FLjvrNrT8zJs1zPzmT6+t5paf2u+bgDDhSvLCSM1vtaGFaIPfnTAatkS4kWhfBsUiR5NZy5iIQ= = X-Google-Smtp-Source: AGHT+IFXQXtYk0FO0kPs5t/RuUOYUBqe5JlDDGV5fhstCWib/h+tYLUfDNmsTP4nSsWUg1CowyIIFTXYog== X-Received: from fuad.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1613]) (user=tabba job=sendgmr) by 2002:a05:6902:2b91:b0:e03:5b06:6db2 with SMTP id 3f1490d57ef6-e086fe42d0cmr17487276.3.1721665993794; Mon, 22 Jul 2024 09:33:13 -0700 (PDT) Date: Mon, 22 Jul 2024 17:33:11 +0100 Mime-Version: 1.0 X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240722163311.1493879-1-tabba@google.com> Subject: [PATCH v2] KVM: arm64: Tidying up PAuth code in KVM From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, joey.gouly@arm.com, smostafa@google.com, will@kernel.org, catalin.marinas@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240722_093316_530607_57D0513F X-CRM114-Status: GOOD ( 17.91 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Tidy up some of the PAuth trapping code to clear up some comments and avoid clang/checkpatch warnings. Also, don't bother setting PAuth HCR_EL2 bits in pKVM, since it's handled by the hypervisor. Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_ptrauth.h | 2 +- arch/arm64/kvm/arm.c | 14 ++++---------- arch/arm64/kvm/hyp/include/hyp/switch.h | 1 - arch/arm64/kvm/hyp/nvhe/switch.c | 5 ++--- 4 files changed, 7 insertions(+), 15 deletions(-) base-commit: 0c3836482481200ead7b416ca80c68a29cfdaabd diff --git a/arch/arm64/include/asm/kvm_ptrauth.h b/arch/arm64/include/asm/kvm_ptrauth.h index d81bac256abc..6199c9f7ec6e 100644 --- a/arch/arm64/include/asm/kvm_ptrauth.h +++ b/arch/arm64/include/asm/kvm_ptrauth.h @@ -104,7 +104,7 @@ alternative_else_nop_endif #define __ptrauth_save_key(ctxt, key) \ do { \ - u64 __val; \ + u64 __val; \ __val = read_sysreg_s(SYS_ ## key ## KEYLO_EL1); \ ctxt_sys_reg(ctxt, key ## KEYLO_EL1) = __val; \ __val = read_sysreg_s(SYS_ ## key ## KEYHI_EL1); \ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 59716789fe0f..95e6d22a9d3f 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -510,10 +510,10 @@ void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) { - if (vcpu_has_ptrauth(vcpu)) { + if (vcpu_has_ptrauth(vcpu) && !is_protected_kvm_enabled()) { /* - * Either we're running running an L2 guest, and the API/APK - * bits come from L1's HCR_EL2, or API/APK are both set. + * Either we're running an L2 guest, and the API/APK bits come + * from L1's HCR_EL2, or API/APK are both set. */ if (unlikely(vcpu_has_nv(vcpu) && !is_hyp_ctxt(vcpu))) { u64 val; @@ -530,16 +530,10 @@ static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) * Save the host keys if there is any chance for the guest * to use pauth, as the entry code will reload the guest * keys in that case. - * Protected mode is the exception to that rule, as the - * entry into the EL2 code eagerly switch back and forth - * between host and hyp keys (and kvm_hyp_ctxt is out of - * reach anyway). */ - if (is_protected_kvm_enabled()) - return; - if (vcpu->arch.hcr_el2 & (HCR_API | HCR_APK)) { struct kvm_cpu_context *ctxt; + ctxt = this_cpu_ptr_hyp_sym(kvm_hyp_ctxt); ptrauth_save_keys(ctxt); } diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h index 0c4de44534b7..9eb68c0dd727 100644 --- a/arch/arm64/kvm/hyp/include/hyp/switch.h +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h @@ -27,7 +27,6 @@ #include #include #include -#include #include #include #include diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 6af179c6356d..8f5c56d5b1cd 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -173,9 +173,8 @@ static void __pmu_switch_to_host(struct kvm_vcpu *vcpu) static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) { /* - * Make sure we handle the exit for workarounds and ptrauth - * before the pKVM handling, as the latter could decide to - * UNDEF. + * Make sure we handle the exit for workarounds before the pKVM + * handling, as the latter could decide to UNDEF. */ return (kvm_hyp_handle_sysreg(vcpu, exit_code) || kvm_handle_pvm_sysreg(vcpu, exit_code));