Skip to content

Commit baa28a5

Browse files
ouptonoupton
committed
KVM: arm64: Hoist PAuth checks into KVM_ARM_VCPU_INIT ioctl
Test for feature support in the ioctl handler rather than kvm_reset_vcpu(). Continue to uphold our all-or-nothing policy with address and generic pointer authentication. Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Oliver Upton <[email protected]>
1 parent be9c0c0 commit baa28a5

File tree

2 files changed

+16
-18
lines changed

2 files changed

+16
-18
lines changed

arch/arm64/kvm/arm.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1203,6 +1203,11 @@ static unsigned long system_supported_vcpu_features(void)
12031203
if (!system_supports_sve())
12041204
clear_bit(KVM_ARM_VCPU_SVE, &features);
12051205

1206+
if (!system_has_full_ptr_auth()) {
1207+
clear_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, &features);
1208+
clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);
1209+
}
1210+
12061211
return features;
12071212
}
12081213

@@ -1223,6 +1228,14 @@ static int kvm_vcpu_init_check_features(struct kvm_vcpu *vcpu,
12231228
if (features & ~system_supported_vcpu_features())
12241229
return -EINVAL;
12251230

1231+
/*
1232+
* For now make sure that both address/generic pointer authentication
1233+
* features are requested by the userspace together.
1234+
*/
1235+
if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, &features) !=
1236+
test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features))
1237+
return -EINVAL;
1238+
12261239
if (!test_bit(KVM_ARM_VCPU_EL1_32BIT, &features))
12271240
return 0;
12281241

arch/arm64/kvm/reset.c

Lines changed: 3 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -165,20 +165,9 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu)
165165
memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu));
166166
}
167167

168-
static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu)
168+
static void kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu)
169169
{
170-
/*
171-
* For now make sure that both address/generic pointer authentication
172-
* features are requested by the userspace together and the system
173-
* supports these capabilities.
174-
*/
175-
if (!test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) ||
176-
!test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features) ||
177-
!system_has_full_ptr_auth())
178-
return -EINVAL;
179-
180170
vcpu_set_flag(vcpu, GUEST_HAS_PTRAUTH);
181-
return 0;
182171
}
183172

184173
/**
@@ -233,12 +222,8 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
233222
}
234223

235224
if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) ||
236-
test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features)) {
237-
if (kvm_vcpu_enable_ptrauth(vcpu)) {
238-
ret = -EINVAL;
239-
goto out;
240-
}
241-
}
225+
test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features))
226+
kvm_vcpu_enable_ptrauth(vcpu);
242227

243228
if (vcpu_el1_is_32bit(vcpu))
244229
pstate = VCPU_RESET_PSTATE_SVC;

0 commit comments

Comments
 (0)