From: Jon Hunter <jonathanh@nvidia.com>
To: Marc Zyngier <maz@kernel.org>,
kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Cc: James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
Joey Gouly <joey.gouly@arm.com>, Fuad Tabba <tabba@google.com>,
Mostafa Saleh <smostafa@google.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"linux-tegra@vger.kernel.org" <linux-tegra@vger.kernel.org>
Subject: Re: [PATCH v4 12/15] KVM: arm64: nv: Add emulation for ERETAx instructions
Date: Tue, 23 Apr 2024 10:22:08 +0100 [thread overview]
Message-ID: <14667111-4ad6-48d2-93ee-742c5075f407@nvidia.com> (raw)
In-Reply-To: <20240419102935.1935571-13-maz@kernel.org>
Hi Marc,
On 19/04/2024 11:29, Marc Zyngier wrote:
> FEAT_NV has the interesting property of relying on ERET being
> trapped. An added complexity is that it also traps ERETAA and
> ERETAB, meaning that the Pointer Authentication aspect of these
> instruction must be emulated.
>
> Add an emulation of Pointer Authentication, limited to ERETAx
> (always using SP_EL2 as the modifier and ELR_EL2 as the pointer),
> using the Generic Authentication instructions.
>
> The emulation, however small, is placed in its own compilation
> unit so that it can be avoided if the configuration doesn't
> include it (or the toolchan in not up to the task).
>
> Reviewed-by: Joey Gouly <joey.gouly@arm.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/include/asm/kvm_nested.h | 12 ++
> arch/arm64/include/asm/pgtable-hwdef.h | 1 +
> arch/arm64/kvm/Makefile | 1 +
> arch/arm64/kvm/pauth.c | 196 +++++++++++++++++++++++++
> 4 files changed, 210 insertions(+)
> create mode 100644 arch/arm64/kvm/pauth.c
>
> diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h
> index dbc4e3a67356..5e0ab0596246 100644
> --- a/arch/arm64/include/asm/kvm_nested.h
> +++ b/arch/arm64/include/asm/kvm_nested.h
> @@ -64,4 +64,16 @@ extern bool forward_smc_trap(struct kvm_vcpu *vcpu);
>
> int kvm_init_nv_sysregs(struct kvm *kvm);
>
> +#ifdef CONFIG_ARM64_PTR_AUTH
> +bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr);
> +#else
> +static inline bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr)
> +{
> + /* We really should never execute this... */
> + WARN_ON_ONCE(1);
> + *elr = 0xbad9acc0debadbad;
> + return false;
> +}
> +#endif
> +
> #endif /* __ARM64_KVM_NESTED_H */
> diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
> index ef207a0d4f0d..9943ff0af4c9 100644
> --- a/arch/arm64/include/asm/pgtable-hwdef.h
> +++ b/arch/arm64/include/asm/pgtable-hwdef.h
> @@ -297,6 +297,7 @@
> #define TCR_TBI1 (UL(1) << 38)
> #define TCR_HA (UL(1) << 39)
> #define TCR_HD (UL(1) << 40)
> +#define TCR_TBID0 (UL(1) << 51)
> #define TCR_TBID1 (UL(1) << 52)
> #define TCR_NFD0 (UL(1) << 53)
> #define TCR_NFD1 (UL(1) << 54)
> diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile
> index c0c050e53157..04882b577575 100644
> --- a/arch/arm64/kvm/Makefile
> +++ b/arch/arm64/kvm/Makefile
> @@ -23,6 +23,7 @@ kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \
> vgic/vgic-its.o vgic/vgic-debug.o
>
> kvm-$(CONFIG_HW_PERF_EVENTS) += pmu-emul.o pmu.o
> +kvm-$(CONFIG_ARM64_PTR_AUTH) += pauth.o
>
> always-y := hyp_constants.h hyp-constants.s
>
> diff --git a/arch/arm64/kvm/pauth.c b/arch/arm64/kvm/pauth.c
> new file mode 100644
> index 000000000000..a3a5c404375b
> --- /dev/null
> +++ b/arch/arm64/kvm/pauth.c
> @@ -0,0 +1,196 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2024 - Google LLC
> + * Author: Marc Zyngier <maz@kernel.org>
> + *
> + * Primitive PAuth emulation for ERETAA/ERETAB.
> + *
> + * This code assumes that is is run from EL2, and that it is part of
> + * the emulation of ERETAx for a guest hypervisor. That's a lot of
> + * baked-in assumptions and shortcuts.
> + *
> + * Do no reuse for anything else!
> + */
> +
> +#include <linux/kvm_host.h>
> +
> +#include <asm/kvm_emulate.h>
> +#include <asm/pointer_auth.h>
> +
> +static u64 compute_pac(struct kvm_vcpu *vcpu, u64 ptr,
> + struct ptrauth_key ikey)
> +{
> + struct ptrauth_key gkey;
> + u64 mod, pac = 0;
> +
> + preempt_disable();
> +
> + if (!vcpu_get_flag(vcpu, SYSREGS_ON_CPU))
> + mod = __vcpu_sys_reg(vcpu, SP_EL2);
> + else
> + mod = read_sysreg(sp_el1);
> +
> + gkey.lo = read_sysreg_s(SYS_APGAKEYLO_EL1);
> + gkey.hi = read_sysreg_s(SYS_APGAKEYHI_EL1);
> +
> + __ptrauth_key_install_nosync(APGA, ikey);
> + isb();
> +
> + asm volatile(ARM64_ASM_PREAMBLE ".arch_extension pauth\n"
> + "pacga %0, %1, %2" : "=r" (pac) : "r" (ptr), "r" (mod));
> + isb();
Some of our builders currently have an older version of GCC (v6) and
after this change I am seeing ...
CC arch/arm64/kvm/pauth.o
/tmp/ccohst0v.s: Assembler messages:
/tmp/ccohst0v.s:1177: Error: unknown architectural extension `pauth'
/tmp/ccohst0v.s:1177: Error: unknown mnemonic `pacga' -- `pacga x21,x22,x0'
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:244: recipe for target 'arch/arm64/kvm/pauth.o' failed
make[5]: *** [arch/arm64/kvm/pauth.o] Error 1
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:485: recipe for target 'arch/arm64/kvm' failed
make[4]: *** [arch/arm64/kvm] Error 2
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:485: recipe for target 'arch/arm64' failed
make[3]: *** [arch/arm64] Error 2
I know this is pretty old now and I am trying to get these builders
updated. However, the kernel docs still show that GCC v5.1 is
supported [0].
Jon
[0] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/Documentation/process/changes.rst
--
nvpublic
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Jon Hunter <jonathanh@nvidia.com>
To: Marc Zyngier <maz@kernel.org>,
kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Cc: James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Oliver Upton <oliver.upton@linux.dev>,
Zenghui Yu <yuzenghui@huawei.com>,
Joey Gouly <joey.gouly@arm.com>, Fuad Tabba <tabba@google.com>,
Mostafa Saleh <smostafa@google.com>,
Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"linux-tegra@vger.kernel.org" <linux-tegra@vger.kernel.org>
Subject: Re: [PATCH v4 12/15] KVM: arm64: nv: Add emulation for ERETAx instructions
Date: Tue, 23 Apr 2024 10:22:08 +0100 [thread overview]
Message-ID: <14667111-4ad6-48d2-93ee-742c5075f407@nvidia.com> (raw)
In-Reply-To: <20240419102935.1935571-13-maz@kernel.org>
Hi Marc,
On 19/04/2024 11:29, Marc Zyngier wrote:
> FEAT_NV has the interesting property of relying on ERET being
> trapped. An added complexity is that it also traps ERETAA and
> ERETAB, meaning that the Pointer Authentication aspect of these
> instruction must be emulated.
>
> Add an emulation of Pointer Authentication, limited to ERETAx
> (always using SP_EL2 as the modifier and ELR_EL2 as the pointer),
> using the Generic Authentication instructions.
>
> The emulation, however small, is placed in its own compilation
> unit so that it can be avoided if the configuration doesn't
> include it (or the toolchan in not up to the task).
>
> Reviewed-by: Joey Gouly <joey.gouly@arm.com>
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> ---
> arch/arm64/include/asm/kvm_nested.h | 12 ++
> arch/arm64/include/asm/pgtable-hwdef.h | 1 +
> arch/arm64/kvm/Makefile | 1 +
> arch/arm64/kvm/pauth.c | 196 +++++++++++++++++++++++++
> 4 files changed, 210 insertions(+)
> create mode 100644 arch/arm64/kvm/pauth.c
>
> diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h
> index dbc4e3a67356..5e0ab0596246 100644
> --- a/arch/arm64/include/asm/kvm_nested.h
> +++ b/arch/arm64/include/asm/kvm_nested.h
> @@ -64,4 +64,16 @@ extern bool forward_smc_trap(struct kvm_vcpu *vcpu);
>
> int kvm_init_nv_sysregs(struct kvm *kvm);
>
> +#ifdef CONFIG_ARM64_PTR_AUTH
> +bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr);
> +#else
> +static inline bool kvm_auth_eretax(struct kvm_vcpu *vcpu, u64 *elr)
> +{
> + /* We really should never execute this... */
> + WARN_ON_ONCE(1);
> + *elr = 0xbad9acc0debadbad;
> + return false;
> +}
> +#endif
> +
> #endif /* __ARM64_KVM_NESTED_H */
> diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
> index ef207a0d4f0d..9943ff0af4c9 100644
> --- a/arch/arm64/include/asm/pgtable-hwdef.h
> +++ b/arch/arm64/include/asm/pgtable-hwdef.h
> @@ -297,6 +297,7 @@
> #define TCR_TBI1 (UL(1) << 38)
> #define TCR_HA (UL(1) << 39)
> #define TCR_HD (UL(1) << 40)
> +#define TCR_TBID0 (UL(1) << 51)
> #define TCR_TBID1 (UL(1) << 52)
> #define TCR_NFD0 (UL(1) << 53)
> #define TCR_NFD1 (UL(1) << 54)
> diff --git a/arch/arm64/kvm/Makefile b/arch/arm64/kvm/Makefile
> index c0c050e53157..04882b577575 100644
> --- a/arch/arm64/kvm/Makefile
> +++ b/arch/arm64/kvm/Makefile
> @@ -23,6 +23,7 @@ kvm-y += arm.o mmu.o mmio.o psci.o hypercalls.o pvtime.o \
> vgic/vgic-its.o vgic/vgic-debug.o
>
> kvm-$(CONFIG_HW_PERF_EVENTS) += pmu-emul.o pmu.o
> +kvm-$(CONFIG_ARM64_PTR_AUTH) += pauth.o
>
> always-y := hyp_constants.h hyp-constants.s
>
> diff --git a/arch/arm64/kvm/pauth.c b/arch/arm64/kvm/pauth.c
> new file mode 100644
> index 000000000000..a3a5c404375b
> --- /dev/null
> +++ b/arch/arm64/kvm/pauth.c
> @@ -0,0 +1,196 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +/*
> + * Copyright (C) 2024 - Google LLC
> + * Author: Marc Zyngier <maz@kernel.org>
> + *
> + * Primitive PAuth emulation for ERETAA/ERETAB.
> + *
> + * This code assumes that is is run from EL2, and that it is part of
> + * the emulation of ERETAx for a guest hypervisor. That's a lot of
> + * baked-in assumptions and shortcuts.
> + *
> + * Do no reuse for anything else!
> + */
> +
> +#include <linux/kvm_host.h>
> +
> +#include <asm/kvm_emulate.h>
> +#include <asm/pointer_auth.h>
> +
> +static u64 compute_pac(struct kvm_vcpu *vcpu, u64 ptr,
> + struct ptrauth_key ikey)
> +{
> + struct ptrauth_key gkey;
> + u64 mod, pac = 0;
> +
> + preempt_disable();
> +
> + if (!vcpu_get_flag(vcpu, SYSREGS_ON_CPU))
> + mod = __vcpu_sys_reg(vcpu, SP_EL2);
> + else
> + mod = read_sysreg(sp_el1);
> +
> + gkey.lo = read_sysreg_s(SYS_APGAKEYLO_EL1);
> + gkey.hi = read_sysreg_s(SYS_APGAKEYHI_EL1);
> +
> + __ptrauth_key_install_nosync(APGA, ikey);
> + isb();
> +
> + asm volatile(ARM64_ASM_PREAMBLE ".arch_extension pauth\n"
> + "pacga %0, %1, %2" : "=r" (pac) : "r" (ptr), "r" (mod));
> + isb();
Some of our builders currently have an older version of GCC (v6) and
after this change I am seeing ...
CC arch/arm64/kvm/pauth.o
/tmp/ccohst0v.s: Assembler messages:
/tmp/ccohst0v.s:1177: Error: unknown architectural extension `pauth'
/tmp/ccohst0v.s:1177: Error: unknown mnemonic `pacga' -- `pacga x21,x22,x0'
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:244: recipe for target 'arch/arm64/kvm/pauth.o' failed
make[5]: *** [arch/arm64/kvm/pauth.o] Error 1
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:485: recipe for target 'arch/arm64/kvm' failed
make[4]: *** [arch/arm64/kvm] Error 2
/local/workdir/tegra/mlt-linux_next/kernel/scripts/Makefile.build:485: recipe for target 'arch/arm64' failed
make[3]: *** [arch/arm64] Error 2
I know this is pretty old now and I am trying to get these builders
updated. However, the kernel docs still show that GCC v5.1 is
supported [0].
Jon
[0] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/Documentation/process/changes.rst
--
nvpublic
next prev parent reply other threads:[~2024-04-23 9:22 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-19 10:29 [PATCH v4 00/15] KVM/arm64: Add NV support for ERET and PAuth Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 01/15] KVM: arm64: Harden __ctxt_sys_reg() against out-of-range values Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 02/15] KVM: arm64: Add helpers for ESR_ELx_ERET_ISS_ERET* Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 03/15] KVM: arm64: Constraint PAuth support to consistent implementations Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 04/15] KVM: arm64: nv: Drop VCPU_HYP_CONTEXT flag Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 05/15] KVM: arm64: nv: Configure HCR_EL2 for FEAT_NV2 Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 06/15] KVM: arm64: nv: Add trap forwarding for ERET and SMC Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 07/15] KVM: arm64: nv: Fast-track 'InHost' exception returns Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 08/15] KVM: arm64: nv: Honor HFGITR_EL2.ERET being set Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 09/15] KVM: arm64: nv: Handle HCR_EL2.{API,APK} independently Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 10/15] KVM: arm64: nv: Reinject PAC exceptions caused by HCR_EL2.API==0 Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 11/15] KVM: arm64: nv: Add kvm_has_pauth() helper Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 12/15] KVM: arm64: nv: Add emulation for ERETAx instructions Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-23 9:22 ` Jon Hunter [this message]
2024-04-23 9:22 ` Jon Hunter
2024-04-23 9:40 ` Zenghui Yu
2024-04-23 9:40 ` Zenghui Yu
2024-04-23 11:42 ` Marc Zyngier
2024-04-23 11:42 ` Marc Zyngier
2024-04-23 12:30 ` Jon Hunter
2024-04-23 12:30 ` Jon Hunter
2024-04-23 12:09 ` Jon Hunter
2024-04-23 12:09 ` Jon Hunter
2024-04-19 10:29 ` [PATCH v4 13/15] KVM: arm64: nv: Handle ERETA[AB] instructions Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 14/15] KVM: arm64: nv: Advertise support for PAuth Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 10:29 ` [PATCH v4 15/15] KVM: arm64: Drop trapping of PAuth instructions/keys Marc Zyngier
2024-04-19 10:29 ` Marc Zyngier
2024-04-19 17:59 ` [PATCH v4 00/15] KVM/arm64: Add NV support for ERET and PAuth Oliver Upton
2024-04-19 17:59 ` Oliver Upton
2024-04-20 11:49 ` Marc Zyngier
2024-04-20 11:49 ` Marc Zyngier
2024-04-20 12:18 ` Marc Zyngier
2024-04-20 12:18 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14667111-4ad6-48d2-93ee-742c5075f407@nvidia.com \
--to=jonathanh@nvidia.com \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-tegra@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=smostafa@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.