From: Mostafa Saleh <smostafa@google.com>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, maz@kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, suzuki.poulose@arm.com,
kaleshsingh@google.com, tabba@google.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, james.morse@arm.com, will@kernel.org
Subject: Re: [PATCH] KVM: arm64: Use different pointer authentication keys for pKVM
Date: Tue, 13 Jun 2023 16:27:30 +0000 [thread overview]
Message-ID: <ZIiY8lrLKv4amCu7@google.com> (raw)
In-Reply-To: <168665854178.2681974.13725664134174024912.b4-ty@linux.dev>
Hi Oliver,
On Tue, Jun 13, 2023 at 12:16:02PM +0000, Oliver Upton wrote:
> On Tue, 16 May 2023 14:15:31 +0000, Mostafa Saleh wrote:
> > When the kernel is compiled with CONFIG_ARM64_PTR_AUTH_KERNEL, it
> > uses Armv8.3-Pauth for return address protection for the kernel code
> > including nvhe code in EL2.
> >
> > Same keys are used in both kernel(EL1) and nvhe code(EL2), this is
> > fine for nvhe but not when running in protected mode(pKVM) as the host
> > can't be trusted.
> >
> > [...]
>
> Applied to kvmarm/next, thanks!
>
> [1/1] KVM: arm64: Use different pointer authentication keys for pKVM
> https://git.kernel.org/kvmarm/kvmarm/c/fb737685beee
>
> --
Thanks! I did more testing and I found a bug in this patch.
It seems there is another entry point for the kenrel where pauth was
not handled properly "kvm_host_psci_cpu_entry", I will investigate this
further and send V2.
Sorry for the inconvenience!
Thanks,
Mostafa
WARNING: multiple messages have this Message-ID (diff)
From: Mostafa Saleh <smostafa@google.com>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, maz@kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, suzuki.poulose@arm.com,
kaleshsingh@google.com, tabba@google.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, james.morse@arm.com, will@kernel.org
Subject: Re: [PATCH] KVM: arm64: Use different pointer authentication keys for pKVM
Date: Tue, 13 Jun 2023 16:27:30 +0000 [thread overview]
Message-ID: <ZIiY8lrLKv4amCu7@google.com> (raw)
In-Reply-To: <168665854178.2681974.13725664134174024912.b4-ty@linux.dev>
Hi Oliver,
On Tue, Jun 13, 2023 at 12:16:02PM +0000, Oliver Upton wrote:
> On Tue, 16 May 2023 14:15:31 +0000, Mostafa Saleh wrote:
> > When the kernel is compiled with CONFIG_ARM64_PTR_AUTH_KERNEL, it
> > uses Armv8.3-Pauth for return address protection for the kernel code
> > including nvhe code in EL2.
> >
> > Same keys are used in both kernel(EL1) and nvhe code(EL2), this is
> > fine for nvhe but not when running in protected mode(pKVM) as the host
> > can't be trusted.
> >
> > [...]
>
> Applied to kvmarm/next, thanks!
>
> [1/1] KVM: arm64: Use different pointer authentication keys for pKVM
> https://git.kernel.org/kvmarm/kvmarm/c/fb737685beee
>
> --
Thanks! I did more testing and I found a bug in this patch.
It seems there is another entry point for the kenrel where pauth was
not handled properly "kvm_host_psci_cpu_entry", I will investigate this
further and send V2.
Sorry for the inconvenience!
Thanks,
Mostafa
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-06-13 16:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 14:15 [PATCH] KVM: arm64: Use different pointer authentication keys for pKVM Mostafa Saleh
2023-05-16 14:15 ` Mostafa Saleh
2023-05-26 20:47 ` Oliver Upton
2023-05-26 20:47 ` Oliver Upton
2023-05-29 11:17 ` Mostafa Saleh
2023-05-29 11:17 ` Mostafa Saleh
2023-06-08 21:55 ` Will Deacon
2023-06-08 21:55 ` Will Deacon
2023-06-12 9:20 ` Mostafa Saleh
2023-06-12 19:13 ` Oliver Upton
2023-06-12 19:13 ` Oliver Upton
2023-06-13 12:16 ` Oliver Upton
2023-06-13 12:16 ` Oliver Upton
2023-06-13 16:27 ` Mostafa Saleh [this message]
2023-06-13 16:27 ` Mostafa Saleh
2023-06-14 12:28 ` Mostafa Saleh
2023-06-14 12:28 ` Mostafa Saleh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZIiY8lrLKv4amCu7@google.com \
--to=smostafa@google.com \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=kaleshsingh@google.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.