From: Marc Zyngier <maz@kernel.org>
To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Cc: kernel-team@android.com,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>
Subject: [PATCH v2 0/4] kvm: arm64: Pointer Authentication handling fixes
Date: Wed, 10 Jun 2020 12:34:02 +0100 [thread overview]
Message-ID: <20200610113406.1493170-1-maz@kernel.org> (raw)
I recently discovered that the Pointer Authentication (PtrAuth)
handling code in KVM is busted, and has been for a while. The main
issue is that the we save the host's keys from a preemptible
context. Things will go wrong at some point.
In order to address this, the first patch move the saving of the
host's keys to vcpu_load(). It is done eagerly, which is a bore, but
is at least safe. This is definitely stable material.
The following patch is adding an optimisatioe: we handle key saving
and HCR massaging as a fixup, much like the FPSIMD code.
Subsequent patch cleans up our HYP per-CPU accessor and make it sparse
friendly, asthe last patch makes heavy use of it by killing the
per-vcpu backpointer to the physical CPU context, avoiding the first
bug altogether.
This has been very lightly tested on a model. Unless someone shouts, I
plan to send this as part of the pending set of fixes.
* From v1:
- Dropped the misbehaving guest handling patch
- Added the two cleanup patches to the series (previously posted separately)
Marc Zyngier (4):
KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
KVM: arm64: Handle PtrAuth traps early
KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr
KVM: arm64: Remove host_cpu_context member from vcpu structure
arch/arm64/include/asm/kvm_asm.h | 13 ++++--
arch/arm64/include/asm/kvm_emulate.h | 6 ---
arch/arm64/include/asm/kvm_host.h | 3 --
arch/arm64/kvm/arm.c | 6 +--
arch/arm64/kvm/handle_exit.c | 32 ++------------
arch/arm64/kvm/hyp/debug-sr.c | 4 +-
arch/arm64/kvm/hyp/switch.c | 65 +++++++++++++++++++++++++++-
arch/arm64/kvm/hyp/sysreg-sr.c | 6 ++-
arch/arm64/kvm/pmu.c | 8 +---
arch/arm64/kvm/sys_regs.c | 13 +++---
10 files changed, 91 insertions(+), 65 deletions(-)
--
2.26.2
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Cc: Mark Rutland <mark.rutland@arm.com>,
kernel-team@android.com,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Catalin Marinas <catalin.marinas@arm.com>,
James Morse <james.morse@arm.com>,
Andrew Scull <ascull@google.com>, Will Deacon <will@kernel.org>,
Julien Thierry <julien.thierry.kdev@gmail.com>
Subject: [PATCH v2 0/4] kvm: arm64: Pointer Authentication handling fixes
Date: Wed, 10 Jun 2020 12:34:02 +0100 [thread overview]
Message-ID: <20200610113406.1493170-1-maz@kernel.org> (raw)
I recently discovered that the Pointer Authentication (PtrAuth)
handling code in KVM is busted, and has been for a while. The main
issue is that the we save the host's keys from a preemptible
context. Things will go wrong at some point.
In order to address this, the first patch move the saving of the
host's keys to vcpu_load(). It is done eagerly, which is a bore, but
is at least safe. This is definitely stable material.
The following patch is adding an optimisatioe: we handle key saving
and HCR massaging as a fixup, much like the FPSIMD code.
Subsequent patch cleans up our HYP per-CPU accessor and make it sparse
friendly, asthe last patch makes heavy use of it by killing the
per-vcpu backpointer to the physical CPU context, avoiding the first
bug altogether.
This has been very lightly tested on a model. Unless someone shouts, I
plan to send this as part of the pending set of fixes.
* From v1:
- Dropped the misbehaving guest handling patch
- Added the two cleanup patches to the series (previously posted separately)
Marc Zyngier (4):
KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
KVM: arm64: Handle PtrAuth traps early
KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr
KVM: arm64: Remove host_cpu_context member from vcpu structure
arch/arm64/include/asm/kvm_asm.h | 13 ++++--
arch/arm64/include/asm/kvm_emulate.h | 6 ---
arch/arm64/include/asm/kvm_host.h | 3 --
arch/arm64/kvm/arm.c | 6 +--
arch/arm64/kvm/handle_exit.c | 32 ++------------
arch/arm64/kvm/hyp/debug-sr.c | 4 +-
arch/arm64/kvm/hyp/switch.c | 65 +++++++++++++++++++++++++++-
arch/arm64/kvm/hyp/sysreg-sr.c | 6 ++-
arch/arm64/kvm/pmu.c | 8 +---
arch/arm64/kvm/sys_regs.c | 13 +++---
10 files changed, 91 insertions(+), 65 deletions(-)
--
2.26.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Marc Zyngier <maz@kernel.org>
To: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Cc: James Morse <james.morse@arm.com>,
Julien Thierry <julien.thierry.kdev@gmail.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Scull <ascull@google.com>,
kernel-team@android.com
Subject: [PATCH v2 0/4] kvm: arm64: Pointer Authentication handling fixes
Date: Wed, 10 Jun 2020 12:34:02 +0100 [thread overview]
Message-ID: <20200610113406.1493170-1-maz@kernel.org> (raw)
I recently discovered that the Pointer Authentication (PtrAuth)
handling code in KVM is busted, and has been for a while. The main
issue is that the we save the host's keys from a preemptible
context. Things will go wrong at some point.
In order to address this, the first patch move the saving of the
host's keys to vcpu_load(). It is done eagerly, which is a bore, but
is at least safe. This is definitely stable material.
The following patch is adding an optimisatioe: we handle key saving
and HCR massaging as a fixup, much like the FPSIMD code.
Subsequent patch cleans up our HYP per-CPU accessor and make it sparse
friendly, asthe last patch makes heavy use of it by killing the
per-vcpu backpointer to the physical CPU context, avoiding the first
bug altogether.
This has been very lightly tested on a model. Unless someone shouts, I
plan to send this as part of the pending set of fixes.
* From v1:
- Dropped the misbehaving guest handling patch
- Added the two cleanup patches to the series (previously posted separately)
Marc Zyngier (4):
KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
KVM: arm64: Handle PtrAuth traps early
KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr
KVM: arm64: Remove host_cpu_context member from vcpu structure
arch/arm64/include/asm/kvm_asm.h | 13 ++++--
arch/arm64/include/asm/kvm_emulate.h | 6 ---
arch/arm64/include/asm/kvm_host.h | 3 --
arch/arm64/kvm/arm.c | 6 +--
arch/arm64/kvm/handle_exit.c | 32 ++------------
arch/arm64/kvm/hyp/debug-sr.c | 4 +-
arch/arm64/kvm/hyp/switch.c | 65 +++++++++++++++++++++++++++-
arch/arm64/kvm/hyp/sysreg-sr.c | 6 ++-
arch/arm64/kvm/pmu.c | 8 +---
arch/arm64/kvm/sys_regs.c | 13 +++---
10 files changed, 91 insertions(+), 65 deletions(-)
--
2.26.2
next reply other threads:[~2020-06-10 11:34 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-10 11:34 Marc Zyngier [this message]
2020-06-10 11:34 ` [PATCH v2 0/4] kvm: arm64: Pointer Authentication handling fixes Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` [PATCH v2 1/4] KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` [PATCH v2 2/4] KVM: arm64: Handle PtrAuth traps early Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` [PATCH v2 3/4] KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` [PATCH v2 4/4] KVM: arm64: Remove host_cpu_context member from vcpu structure Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
2020-06-10 11:34 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200610113406.1493170-1-maz@kernel.org \
--to=maz@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=kernel-team@android.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.