• Mark Rutland's avatar
    KVM: arm/arm64: Context-switch ptrauth registers · 384b40ca
    Mark Rutland authored
    When pointer authentication is supported, a guest may wish to use it.
    This patch adds the necessary KVM infrastructure for this to work, with
    a semi-lazy context switch of the pointer auth state.
    
    Pointer authentication feature is only enabled when VHE is built
    in the kernel and present in the CPU implementation so only VHE code
    paths are modified.
    
    When we schedule a vcpu, we disable guest usage of pointer
    authentication instructions and accesses to the keys. While these are
    disabled, we avoid context-switching the keys. When we trap the guest
    trying to use pointer authentication functionality, we change to eagerly
    context-switching the keys, and enable the feature. The next time the
    vcpu is scheduled out/in, we start again. However the host key save is
    optimized and implemented inside ptrauth instruction/register access
    trap.
    
    Pointer authentication consists of address authentication and generic
    authentication, and CPUs in a system might have varied support for
    either. Where support for either feature is not uniform, it is hidden
    from guests via ID register emulation, as a result of the cpufeature
    framework in the host.
    
    Unfortunately, address authentication and generic authentication cannot
    be trapped separately, as the architecture provides a single EL2 trap
    covering both. If we wish to expose one without the other, we cannot
    prevent a (badly-written) guest from intermittently using a feature
    which is not uniformly supported (when scheduled on a physical CPU which
    supports the relevant feature). Hence, this patch expects both type of
    authentication to be present in a cpu.
    
    This switch of key is done from guest enter/exit assembly as preparation
    for the upcoming in-kernel pointer authentication support. Hence, these
    key switching routines are not implemented in C code as they may cause
    pointer authentication key signing error in some situations.
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    [Only VHE, key switch in full assembly, vcpu_has_ptrauth checks
    , save host key in ptrauth exception trap]
    Signed-off-by: default avatarAmit Daniel Kachhap <amit.kachhap@arm.com>
    Reviewed-by: default avatarJulien Thierry <julien.thierry@arm.com>
    Cc: Christoffer Dall <christoffer.dall@arm.com>
    Cc: kvmarm@lists.cs.columbia.edu
    [maz: various fixups]
    Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
    384b40ca
kvm_emulate.h 8.03 KB