Re: [PATCH v10 1/5] KVM: arm64: Add a vcpu flag to control ptrauth for guest
From: Dave Martin
Date: Tue Apr 23 2019 - 11:44:25 EST
On Tue, Apr 23, 2019 at 10:12:34AM +0530, Amit Daniel Kachhap wrote:
> A per vcpu flag is added to check if pointer authentication is
> enabled for the vcpu or not. This flag may be enabled according to
> the necessary user policies and host capabilities.
>
> This patch also adds a helper to check the flag.
>
> Reviewed-by: Dave Martin <Dave.Martin@xxxxxxx>
> Signed-off-by: Amit Daniel Kachhap <amit.kachhap@xxxxxxx>
> Cc: Mark Rutland <mark.rutland@xxxxxxx>
> Cc: Marc Zyngier <marc.zyngier@xxxxxxx>
> Cc: Christoffer Dall <christoffer.dall@xxxxxxx>
> Cc: kvmarm@xxxxxxxxxxxxxxxxxxxxx
> ---
> Changes since v9:
>
> * Added ptrauth cpufeature static check in vcpu_has_ptrauth [Marc Zyngier].
>
> arch/arm64/include/asm/kvm_host.h | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
> index 7a096fd..7ccac42 100644
> --- a/arch/arm64/include/asm/kvm_host.h
> +++ b/arch/arm64/include/asm/kvm_host.h
> @@ -355,10 +355,15 @@ struct kvm_vcpu_arch {
> #define KVM_ARM64_HOST_SVE_ENABLED (1 << 4) /* SVE enabled for EL0 */
> #define KVM_ARM64_GUEST_HAS_SVE (1 << 5) /* SVE exposed to guest */
> #define KVM_ARM64_VCPU_SVE_FINALIZED (1 << 6) /* SVE config completed */
> +#define KVM_ARM64_GUEST_HAS_PTRAUTH (1 << 7) /* PTRAUTH exposed to guest */
>
> #define vcpu_has_sve(vcpu) (system_supports_sve() && \
> ((vcpu)->arch.flags & KVM_ARM64_GUEST_HAS_SVE))
>
> +#define vcpu_has_ptrauth(vcpu) ((system_supports_address_auth() || \
> + system_supports_generic_auth()) && \
Come to think of it, should this be
system_supports_address_auth() _&&_ system_supports_generic_auth()?
It won't make a functional difference today though, since today
kvm_vcpu_enable_ptrauth() won't set KVM_ARM64_GUEST_HAS_PTRAUTH without
system_supports_address_auth() and system_supports_generic_auth() both
true.
With || here, we won't have to change this if supporting the two auth
types independently in the future though.
Either way, my Reviewed-by stands.
Cheers
---Dave