From patchwork Mon Jul 22 12:37:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13738814 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3866AC3DA5D for ; Mon, 22 Jul 2024 12:38:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:Cc:To:From: Subject:Message-ID:Mime-Version:Date:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=tB0NBb54ZJvMBtbd+5lg40R+dR/caZ0zF1MlN7F1oWs=; b=mVJG2RMJa3zloPpmNrX1wJ+OR1 A0LvRQAJ10qSG5rAUnuDEzeV+QXAlRYQXLjYtHxxuTdGf6y2/exNBL33HiyR+7Y28lBVDwP7v0fP1 V+J9Gadmwq4sBYidQUbD3z4Crjt4BsWoDR6v30EBlu4JnxpaAgwnzecD7a3jHmVMZUS6IWs+tzZel tIwYn7VkXJEnYOy7+zw/57KGyO39tQxkQlFb3o5+3nVsEp0KJM8yq85OSq9lgfbPcPr+HMt3Qhufl ln7GiJvyhxQL17PYsHz4fmuy7mTYER4KZACo1Oh0HGirwdtF0piUqxAZIj3YxzEWIFY6tRi/aifN1 dP9poPIQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVsIq-00000009XfF-1g3c; Mon, 22 Jul 2024 12:38:08 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVsIS-00000009XZz-2u2H for linux-arm-kernel@lists.infradead.org; Mon, 22 Jul 2024 12:37:46 +0000 Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-e0353b731b8so9248353276.2 for ; Mon, 22 Jul 2024 05:37:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1721651863; x=1722256663; darn=lists.infradead.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=tB0NBb54ZJvMBtbd+5lg40R+dR/caZ0zF1MlN7F1oWs=; b=18odLS0IhUej/RMowp58w3ZK4Bv6IKs3Qtd/wxHdg0+mwiL8RZPgDFn5qLmz4aS75I WYFRLe2/lEfTc+aQTeeDAMkm2xUDQP6HTrwc2QFoARAmMboPyX7FTs2dWbFytf8EPPWb qvIeg2yebINcxCdKZdtUa5k+0VwTPTt9txFFenMohjN0HhNWxk65g5fugrvf9G+9BrGv LC7g8H1aI1a9XGdfyusVHB6W6wv0TgENdyX0lv0im7D38caD2VyCQvFdI1ZPeQFMWnYR g+HV6BkY75NTGfFoP9Q9RlredzrN9+hDUbLkhNAoThb8Ugr9akcrAQbUz0MIc+Cc9Bd8 4GkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721651863; x=1722256663; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tB0NBb54ZJvMBtbd+5lg40R+dR/caZ0zF1MlN7F1oWs=; b=SNYdsbWZeIxlw7hlshRYKZoKdZxVaZfsjuQXMRYtGmfoAMW/LfI/JaI6d7mnonKlBR uzv92ZsVPjKynF4uZ/VkXW3DMp/rRPJ9nZb0x3hkpK38ADQGNh17Y34jcn2rvdpae6Ey 5ia5TuaNYev7x9BgBMhLGVyZ5BAnToJC5ZxhGj0pa5dzjgg4CSNor5uYM85HnEjS13fw XLIx7h+ZDFOweMr/D/KFjfzIwT16vj6x+SKmAkoXz/gVjFVqAAI4rWHx5wMoX6Sv6Jeq hC7uwxWjcd8LBclu8AZeWm0ksa2hgLf0f4Pic1fzPVIPWxLXXwafdqIAgD11YTHtMmgP ZNhw== X-Forwarded-Encrypted: i=1; AJvYcCX/4uiEd3U4t4mdqSGUF8oGKxvuc3g/3npno8MSRId6sIg2wtGF6vW50cjf5n7iKurAEIw86PArJruucqw4OPTSkal0DU/mV0XyIzw0a1+tQM7HdB8= X-Gm-Message-State: AOJu0Yw+hOCvrvZK6bgJ0elb07D8MagOQJqhdkqzNAUj+sWeEYiopSWh TTnPzVW8CUeZouKWcgkk0s0Mi+qlqJ2ECHMSHF5i4fIPCrx6dpB7WyamNPoiMePHj8jEIpr73Q= = X-Google-Smtp-Source: AGHT+IHxDaFJnCYoXUDvj1FrOKOitFCOMc2UhqbKkIVKqpb/bUB8p8/AAoaip/ok7we/mQYGn8fM8CH/OQ== X-Received: from fuad.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1613]) (user=tabba job=sendgmr) by 2002:a05:6902:70c:b0:e05:e3ce:cfaf with SMTP id 3f1490d57ef6-e086fcb78d8mr15866276.0.1721651862734; Mon, 22 Jul 2024 05:37:42 -0700 (PDT) Date: Mon, 22 Jul 2024 13:37:40 +0100 Mime-Version: 1.0 X-Mailer: git-send-email 2.45.2.1089.g2a221341d9-goog Message-ID: <20240722123740.674846-1-tabba@google.com> Subject: [PATCH v1] KVM: arm64: Tidying up PAuth code in KVM From: Fuad Tabba To: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org Cc: maz@kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, joey.gouly@arm.com, smostafa@google.com, will@kernel.org, catalin.marinas@arm.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240722_053744_955953_99F8ECB4 X-CRM114-Status: GOOD ( 16.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Tidy up some of the PAuth trapping code to clear up some comments and avoid clang/checkpatch warnings. Also, do not bother setting the PAuth HCR_EL2 bits for protected VMs in pKVM, since that is handled by the hypervisor. Fixes: 814ad8f96e92 ("KVM: arm64: Drop trapping of PAuth instructions/keys") Signed-off-by: Fuad Tabba --- arch/arm64/include/asm/kvm_ptrauth.h | 2 +- arch/arm64/kvm/arm.c | 7 ++++--- arch/arm64/kvm/hyp/include/hyp/switch.h | 1 - arch/arm64/kvm/hyp/nvhe/switch.c | 5 ++--- 4 files changed, 7 insertions(+), 8 deletions(-) base-commit: 0c3836482481200ead7b416ca80c68a29cfdaabd diff --git a/arch/arm64/include/asm/kvm_ptrauth.h b/arch/arm64/include/asm/kvm_ptrauth.h index d81bac256abc..6199c9f7ec6e 100644 --- a/arch/arm64/include/asm/kvm_ptrauth.h +++ b/arch/arm64/include/asm/kvm_ptrauth.h @@ -104,7 +104,7 @@ alternative_else_nop_endif #define __ptrauth_save_key(ctxt, key) \ do { \ - u64 __val; \ + u64 __val; \ __val = read_sysreg_s(SYS_ ## key ## KEYLO_EL1); \ ctxt_sys_reg(ctxt, key ## KEYLO_EL1) = __val; \ __val = read_sysreg_s(SYS_ ## key ## KEYHI_EL1); \ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index 59716789fe0f..6516348024ba 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -510,10 +510,10 @@ void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) { - if (vcpu_has_ptrauth(vcpu)) { + if (vcpu_has_ptrauth(vcpu) && !vcpu_is_protected(vcpu)) { /* - * Either we're running running an L2 guest, and the API/APK - * bits come from L1's HCR_EL2, or API/APK are both set. + * Either we're running an L2 guest, and the API/APK bits come + * from L1's HCR_EL2, or API/APK are both set. */ if (unlikely(vcpu_has_nv(vcpu) && !is_hyp_ctxt(vcpu))) { u64 val; @@ -540,6 +540,7 @@ static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) if (vcpu->arch.hcr_el2 & (HCR_API | HCR_APK)) { struct kvm_cpu_context *ctxt; + ctxt = this_cpu_ptr_hyp_sym(kvm_hyp_ctxt); ptrauth_save_keys(ctxt); } diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h index 0c4de44534b7..9eb68c0dd727 100644 --- a/arch/arm64/kvm/hyp/include/hyp/switch.h +++ b/arch/arm64/kvm/hyp/include/hyp/switch.h @@ -27,7 +27,6 @@ #include #include #include -#include #include #include #include diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 6af179c6356d..8f5c56d5b1cd 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -173,9 +173,8 @@ static void __pmu_switch_to_host(struct kvm_vcpu *vcpu) static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code) { /* - * Make sure we handle the exit for workarounds and ptrauth - * before the pKVM handling, as the latter could decide to - * UNDEF. + * Make sure we handle the exit for workarounds before the pKVM + * handling, as the latter could decide to UNDEF. */ return (kvm_hyp_handle_sysreg(vcpu, exit_code) || kvm_handle_pvm_sysreg(vcpu, exit_code));