From nobody Sun Apr 28 21:01:59 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=kernel.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1641567811723387.8735461369607; Fri, 7 Jan 2022 07:03:31 -0800 (PST) Received: from localhost ([::1]:43390 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n5qm9-0006b2-7z for importer@patchew.org; Fri, 07 Jan 2022 10:03:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42010) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5ql4-0004vY-2P for qemu-devel@nongnu.org; Fri, 07 Jan 2022 10:02:22 -0500 Received: from [2604:1380:4601:e00::1] (port=48274 helo=ams.source.kernel.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5ql1-0005Q1-Gc for qemu-devel@nongnu.org; Fri, 07 Jan 2022 10:02:21 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1D97AB8262C; Fri, 7 Jan 2022 15:02:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CBDB6C36AE0; Fri, 7 Jan 2022 15:02:08 +0000 (UTC) Received: from sofa.misterjones.org ([185.219.108.64] helo=hot-poop.lan) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n5qko-00Gatv-Be; Fri, 07 Jan 2022 15:02:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1641567728; bh=7NHsKVAMuyk9dhDUt91qsiKk7LasvTxrchXkr0tpsNE=; h=From:To:Cc:Subject:Date:From; b=i5LS4mPauCjpjtWJG42IRhGbI5zj+XgQxS8k/Whf0QllJ9LPSZtDS4Y1EkI8EH2lP 2veJ3Hs1EXBfOWa36BILQODa0jNDpUw3B8wyNoB9GoqCiOj5iby24m8IQa1bkbriTP CnnPt2/MjqKnCKRHZ9Hzb95FDto5y/w6GnZyeWa8OphXgLxIZHPtu8o8ACPjoSymlB UKK88X0eFyGmwlcRfYYybSJu2Km/dO1akzR/XsBggVLg0rauBJCjcAvY+ULcXBhcax rIsEBeQd2UDZ/gWeVNQxYeRHmxU2mzXjG9e9Wype7gDCkLy2YAncegnBTcnp2MFjdi fEKw7E7fE1nbg== From: Marc Zyngier To: qemu-devel@nongnu.org Subject: [PATCH v3] hw/arm/virt: KVM: Enable PAuth when supported by the host Date: Fri, 7 Jan 2022 15:01:54 +0000 Message-Id: <20220107150154.2490308-1-maz@kernel.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: qemu-devel@nongnu.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org, kernel-team@android.com, eric.auger@redhat.com, richard.henderson@linaro.org, peter.maydell@linaro.org, drjones@redhat.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-Host-Lookup-Failed: Reverse DNS lookup failed for 2604:1380:4601:e00::1 (failed) Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2604:1380:4601:e00::1; envelope-from=maz@kernel.org; helo=ams.source.kernel.org X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.372, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Andrew Jones , kvm@vger.kernel.org, Richard Henderson , Eric Auger , kernel-team@android.com, kvmarm@lists.cs.columbia.edu Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1641567816419100001 Content-Type: text/plain; charset="utf-8" Add basic support for Pointer Authentication when running a KVM guest and that the host supports it, loosely based on the SVE support. Although the feature is enabled by default when the host advertises it, it is possible to disable it by setting the 'pauth=3Doff' CPU property. The 'pauth' comment is removed from cpu-features.rst, as it is now common to both TCG and KVM. Tested on an Apple M1 running 5.16-rc6. Cc: Eric Auger Cc: Richard Henderson Cc: Peter Maydell Reviewed-by: Andrew Jones Signed-off-by: Marc Zyngier Reviewed-by: Richard Henderson --- * From v2: - Fixed indentation and spelling - Slightly reworked the KVM handling in arm_cpu_pauth_finalize (no functional changes) - Picked Andrew's RB tag docs/system/arm/cpu-features.rst | 4 ---- target/arm/cpu.c | 12 +++--------- target/arm/cpu.h | 1 + target/arm/cpu64.c | 31 +++++++++++++++++++++++++++---- target/arm/kvm64.c | 21 +++++++++++++++++++++ 5 files changed, 52 insertions(+), 17 deletions(-) diff --git a/docs/system/arm/cpu-features.rst b/docs/system/arm/cpu-feature= s.rst index 584eb17097..3e626c4b68 100644 --- a/docs/system/arm/cpu-features.rst +++ b/docs/system/arm/cpu-features.rst @@ -217,10 +217,6 @@ TCG VCPU Features TCG VCPU features are CPU features that are specific to TCG. Below is the list of TCG VCPU features and their descriptions. =20 - pauth Enable or disable ``FEAT_Pauth``, pointer - authentication. By default, the feature is - enabled with ``-cpu max``. - pauth-impdef When ``FEAT_Pauth`` is enabled, either the *impdef* (Implementation Defined) algorithm is enabled or the *architected* QARMA algorithm diff --git a/target/arm/cpu.c b/target/arm/cpu.c index a211804fd3..f3c09931e4 100644 --- a/target/arm/cpu.c +++ b/target/arm/cpu.c @@ -1380,17 +1380,10 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error *= *errp) return; } =20 - /* - * KVM does not support modifications to this feature. - * We have not registered the cpu properties when KVM - * is in use, so the user will not be able to set them. - */ - if (!kvm_enabled()) { - arm_cpu_pauth_finalize(cpu, &local_err); - if (local_err !=3D NULL) { + arm_cpu_pauth_finalize(cpu, &local_err); + if (local_err !=3D NULL) { error_propagate(errp, local_err); return; - } } } =20 @@ -2091,6 +2084,7 @@ static void arm_host_initfn(Object *obj) kvm_arm_set_cpu_features_from_host(cpu); if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { aarch64_add_sve_properties(obj); + aarch64_add_pauth_properties(obj); } #else hvf_arm_set_cpu_features_from_host(cpu); diff --git a/target/arm/cpu.h b/target/arm/cpu.h index e33f37b70a..c6a4d50e82 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1076,6 +1076,7 @@ void aarch64_sve_narrow_vq(CPUARMState *env, unsigned= vq); void aarch64_sve_change_el(CPUARMState *env, int old_el, int new_el, bool el0_a64); void aarch64_add_sve_properties(Object *obj); +void aarch64_add_pauth_properties(Object *obj); =20 /* * SVE registers are encoded in KVM's memory in an endianness-invariant fo= rmat. diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index 15245a60a8..8786be7783 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -630,6 +630,15 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) int arch_val =3D 0, impdef_val =3D 0; uint64_t t; =20 + /* Exit early if PAuth is enabled, and fall through to disable it */ + if (kvm_enabled() && cpu->prop_pauth) { + if (!cpu_isar_feature(aa64_pauth, cpu)) { + error_setg(errp, "'pauth' feature not supported by KVM on this= host"); + } + + return; + } + /* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */ if (cpu->prop_pauth) { if (cpu->prop_pauth_impdef) { @@ -655,6 +664,23 @@ static Property arm_cpu_pauth_property =3D static Property arm_cpu_pauth_impdef_property =3D DEFINE_PROP_BOOL("pauth-impdef", ARMCPU, prop_pauth_impdef, false); =20 +void aarch64_add_pauth_properties(Object *obj) +{ + ARMCPU *cpu =3D ARM_CPU(obj); + + /* Default to PAUTH on, with the architected algorithm on TCG. */ + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); + if (kvm_enabled()) { + /* + * Mirror PAuth support from the probed sysregs back into the + * property for KVM. Is it just a bit backward? Yes it is! + */ + cpu->prop_pauth =3D cpu_isar_feature(aa64_pauth, cpu); + } else { + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_proper= ty); + } +} + /* -cpu max: if KVM is enabled, like -cpu host (best possible with this ho= st); * otherwise, a CPU with as many features enabled as our emulation support= s. * The version of '-cpu max' for qemu-system-arm is defined in cpu.c; @@ -829,13 +855,10 @@ static void aarch64_max_initfn(Object *obj) cpu->dcz_blocksize =3D 7; /* 512 bytes */ #endif =20 - /* Default to PAUTH on, with the architected algorithm. */ - qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); - qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_proper= ty); - bitmap_fill(cpu->sve_vq_supported, ARM_MAX_VQ); } =20 + aarch64_add_pauth_properties(obj); aarch64_add_sve_properties(obj); object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_v= q, cpu_max_set_sve_max_vq, NULL, NULL); diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c index e790d6c9a5..71c3ca6971 100644 --- a/target/arm/kvm64.c +++ b/target/arm/kvm64.c @@ -491,6 +491,12 @@ static int read_sys_reg64(int fd, uint64_t *pret, uint= 64_t id) return ioctl(fd, KVM_GET_ONE_REG, &idreg); } =20 +static bool kvm_arm_pauth_supported(void) +{ + return (kvm_check_extension(kvm_state, KVM_CAP_ARM_PTRAUTH_ADDRESS) && + kvm_check_extension(kvm_state, KVM_CAP_ARM_PTRAUTH_GENERIC)); +} + bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) { /* Identify the feature bits corresponding to the host CPU, and @@ -521,6 +527,17 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures = *ahcf) */ struct kvm_vcpu_init init =3D { .target =3D -1, }; =20 + /* + * Ask for Pointer Authentication if supported. We can't play the + * SVE trick of synthesising the ID reg as KVM won't tell us + * whether we have the architected or IMPDEF version of PAuth, so + * we have to use the actual ID regs. + */ + if (kvm_arm_pauth_supported()) { + init.features[0] |=3D (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS | + 1 << KVM_ARM_VCPU_PTRAUTH_GENERIC); + } + if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) { return false; } @@ -865,6 +882,10 @@ int kvm_arch_init_vcpu(CPUState *cs) assert(kvm_arm_sve_supported()); cpu->kvm_init_features[0] |=3D 1 << KVM_ARM_VCPU_SVE; } + if (cpu_isar_feature(aa64_pauth, cpu)) { + cpu->kvm_init_features[0] |=3D (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS | + 1 << KVM_ARM_VCPU_PTRAUTH_GENERIC); + } =20 /* Do KVM_ARM_VCPU_INIT ioctl */ ret =3D kvm_arm_vcpu_init(cs); --=20 2.30.2