From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0A68CC3DA5D for ; Mon, 22 Jul 2024 15:10:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Type:MIME-Version: References:In-Reply-To:Subject:Cc:To:From:Message-ID:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=jEf5D9uRzKyR8NBPKZ70+1zN9JR1cDDxJLJOLbRFNWo=; b=fmJCvq9UAIBm0txnVXqK8emZVx cQZx/Yylft3wjUCueX6k+ga+JLLLJ0lDhkAJzX7F0IyE0TKEnWsOnraHzHgREcDPUpz/cxDj1PBsu K0LohjUAH7EFCvQLedFXJhZIxZo9+J1AIcd5B1ukUcF+irq3rzayFuRDRdO8cTqNYyZQYt+cFg6es hVh04vZG3ThDBVPLG1wvN1wBjECeCgLGxxtZOqbwXrxw3fcjroBGijuWUpZ1OIMHpXN6Vn25uZGBT js7GDHEBrm37NOyLZKDjoZIkt1y0TlH66LsVfW7OqMs7ET9I/Ps93SXZlFgtqiNASWc+IrPqZ58yd A8YffbvA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVufj-00000009tNY-1Z3E; Mon, 22 Jul 2024 15:09:55 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sVufC-00000009tH8-0XpR for linux-arm-kernel@lists.infradead.org; Mon, 22 Jul 2024 15:09:23 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id E553BCE0ACA; Mon, 22 Jul 2024 15:09:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 33379C116B1; Mon, 22 Jul 2024 15:09:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1721660959; bh=dsHoPEaaTsIjOj602RwpjV7y5Z9bXv+NriZAgKOWTQA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=HZ41v3TCJiW5H9nvR5ze9l04OBQTvOo5xAluvJHEfzP5ad2uOFeDSLb9xPamqVEWj DHhHB0ZxLIMDQnZ6pYi/WNB5mBiTFuHq/nlCOCeQpMt/UKdguO3ATBXy4Gxj6Y6UFG talnrRvaO3W4AAygjBh0zUAROtY/aUXoFrE1SOwnYDlE4S0ocGEaXvmWWxLa6wEYUN 7mds2p6zX0JG9Il8zwVntEnRyT+uXvkwtI6jAEl9qHCxBwYls7QcgsCI9fHuw7AuSs PJ/KID3m/z4na6B7GYtI3jnuPn1zHImk1h05deUOCrBKQ9DtPIYY70mZN9moibuZ6C 5bmDJaN06fJWQ== Received: from [205.220.129.29] (helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sVuf5-00ES1X-CB; Mon, 22 Jul 2024 16:09:17 +0100 Date: Mon, 22 Jul 2024 16:08:50 +0100 Message-ID: <875xsx5urh.wl-maz@kernel.org> From: Marc Zyngier To: Fuad Tabba Cc: kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, joey.gouly@arm.com, smostafa@google.com, will@kernel.org, catalin.marinas@arm.com Subject: Re: [PATCH v1] KVM: arm64: Tidying up PAuth code in KVM In-Reply-To: <20240722123740.674846-1-tabba@google.com> References: <20240722123740.674846-1-tabba@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 205.220.129.29 X-SA-Exim-Rcpt-To: tabba@google.com, kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org, james.morse@arm.com, suzuki.poulose@arm.com, oliver.upton@linux.dev, yuzenghui@huawei.com, joey.gouly@arm.com, smostafa@google.com, will@kernel.org, catalin.marinas@arm.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240722_080922_555538_6035E7C8 X-CRM114-Status: GOOD ( 24.49 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Fuad, On Mon, 22 Jul 2024 13:37:40 +0100, Fuad Tabba wrote: > > Tidy up some of the PAuth trapping code to clear up some comments > and avoid clang/checkpatch warnings. Also, do not bother setting > the PAuth HCR_EL2 bits for protected VMs in pKVM, since that is > handled by the hypervisor. > > Fixes: 814ad8f96e92 ("KVM: arm64: Drop trapping of PAuth instructions/keys") nit: AFAICT, this doesn't really fix anything. It has no material impact on the guest or the hypervisor. > Signed-off-by: Fuad Tabba > --- > arch/arm64/include/asm/kvm_ptrauth.h | 2 +- > arch/arm64/kvm/arm.c | 7 ++++--- > arch/arm64/kvm/hyp/include/hyp/switch.h | 1 - > arch/arm64/kvm/hyp/nvhe/switch.c | 5 ++--- > 4 files changed, 7 insertions(+), 8 deletions(-) > > diff --git a/arch/arm64/include/asm/kvm_ptrauth.h b/arch/arm64/include/asm/kvm_ptrauth.h > index d81bac256abc..6199c9f7ec6e 100644 > --- a/arch/arm64/include/asm/kvm_ptrauth.h > +++ b/arch/arm64/include/asm/kvm_ptrauth.h > @@ -104,7 +104,7 @@ alternative_else_nop_endif > > #define __ptrauth_save_key(ctxt, key) \ > do { \ > - u64 __val; \ > + u64 __val; \ > __val = read_sysreg_s(SYS_ ## key ## KEYLO_EL1); \ > ctxt_sys_reg(ctxt, key ## KEYLO_EL1) = __val; \ > __val = read_sysreg_s(SYS_ ## key ## KEYHI_EL1); \ > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c > index 59716789fe0f..6516348024ba 100644 > --- a/arch/arm64/kvm/arm.c > +++ b/arch/arm64/kvm/arm.c > @@ -510,10 +510,10 @@ void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu) > > static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu) > { > - if (vcpu_has_ptrauth(vcpu)) { > + if (vcpu_has_ptrauth(vcpu) && !vcpu_is_protected(vcpu)) { I think this isn't quite correct. Non-protected VMs in protected mode are still subjected to pKVM's own handling of the HCR_EL2 configuration, and the whole thing should be skipped altogether in that case, irrespective of the pauth status of the vcpu. What pKVM should evaluate is that status and decide for itself whether it must enable it or not. You can then hoist the check for protected mode early and skip the whole function unconditionally, irrespective of the protected status of the vcpu. Thanks, M. -- Without deviation from the norm, progress is not possible.