| Revision | 95ea96e8b1610f2d1bfa2abd0d12c40d647e563d (tree) |
|---|---|
| Time | 2022-01-20 20:47:52 |
| Author | Marc Zyngier <maz@kern...> |
| Commiter | Peter Maydell |
hw/arm/virt: KVM: Enable PAuth when supported by the host
Add basic support for Pointer Authentication when running a KVM
guest and that the host supports it, loosely based on the SVE
support.
Although the feature is enabled by default when the host advertises
it, it is possible to disable it by setting the 'pauth=off' CPU
property. The 'pauth' comment is removed from cpu-features.rst,
as it is now common to both TCG and KVM.
Tested on an Apple M1 running 5.16-rc6.
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220107150154.2490308-1-maz@kernel.org
[PMM: fixed indentation]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
docs/system/arm/cpu-features.rst (diff)
target/arm/cpu.c (diff)
target/arm/cpu.h (diff) target/arm/cpu64.c (diff) target/arm/kvm64.c (diff)| @@ -217,10 +217,6 @@ TCG VCPU Features | ||
| 217 | 217 | TCG VCPU features are CPU features that are specific to TCG. |
| 218 | 218 | Below is the list of TCG VCPU features and their descriptions. |
| 219 | 219 | |
| 220 | - pauth Enable or disable ``FEAT_Pauth``, pointer | |
| 221 | - authentication. By default, the feature is | |
| 222 | - enabled with ``-cpu max``. | |
| 223 | - | |
| 224 | 220 | pauth-impdef When ``FEAT_Pauth`` is enabled, either the |
| 225 | 221 | *impdef* (Implementation Defined) algorithm |
| 226 | 222 | is enabled or the *architected* QARMA algorithm |
| @@ -1380,17 +1380,10 @@ void arm_cpu_finalize_features(ARMCPU *cpu, Error **errp) | ||
| 1380 | 1380 | return; |
| 1381 | 1381 | } |
| 1382 | 1382 | |
| 1383 | - /* | |
| 1384 | - * KVM does not support modifications to this feature. | |
| 1385 | - * We have not registered the cpu properties when KVM | |
| 1386 | - * is in use, so the user will not be able to set them. | |
| 1387 | - */ | |
| 1388 | - if (!kvm_enabled()) { | |
| 1389 | - arm_cpu_pauth_finalize(cpu, &local_err); | |
| 1390 | - if (local_err != NULL) { | |
| 1391 | - error_propagate(errp, local_err); | |
| 1392 | - return; | |
| 1393 | - } | |
| 1383 | + arm_cpu_pauth_finalize(cpu, &local_err); | |
| 1384 | + if (local_err != NULL) { | |
| 1385 | + error_propagate(errp, local_err); | |
| 1386 | + return; | |
| 1394 | 1387 | } |
| 1395 | 1388 | } |
| 1396 | 1389 |
| @@ -2091,6 +2084,7 @@ static void arm_host_initfn(Object *obj) | ||
| 2091 | 2084 | kvm_arm_set_cpu_features_from_host(cpu); |
| 2092 | 2085 | if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { |
| 2093 | 2086 | aarch64_add_sve_properties(obj); |
| 2087 | + aarch64_add_pauth_properties(obj); | |
| 2094 | 2088 | } |
| 2095 | 2089 | #else |
| 2096 | 2090 | hvf_arm_set_cpu_features_from_host(cpu); |
| @@ -1076,6 +1076,7 @@ void aarch64_sve_narrow_vq(CPUARMState *env, unsigned vq); | ||
| 1076 | 1076 | void aarch64_sve_change_el(CPUARMState *env, int old_el, |
| 1077 | 1077 | int new_el, bool el0_a64); |
| 1078 | 1078 | void aarch64_add_sve_properties(Object *obj); |
| 1079 | +void aarch64_add_pauth_properties(Object *obj); | |
| 1079 | 1080 | |
| 1080 | 1081 | /* |
| 1081 | 1082 | * SVE registers are encoded in KVM's memory in an endianness-invariant format. |
| @@ -630,6 +630,15 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) | ||
| 630 | 630 | int arch_val = 0, impdef_val = 0; |
| 631 | 631 | uint64_t t; |
| 632 | 632 | |
| 633 | + /* Exit early if PAuth is enabled, and fall through to disable it */ | |
| 634 | + if (kvm_enabled() && cpu->prop_pauth) { | |
| 635 | + if (!cpu_isar_feature(aa64_pauth, cpu)) { | |
| 636 | + error_setg(errp, "'pauth' feature not supported by KVM on this host"); | |
| 637 | + } | |
| 638 | + | |
| 639 | + return; | |
| 640 | + } | |
| 641 | + | |
| 633 | 642 | /* TODO: Handle HaveEnhancedPAC, HaveEnhancedPAC2, HaveFPAC. */ |
| 634 | 643 | if (cpu->prop_pauth) { |
| 635 | 644 | if (cpu->prop_pauth_impdef) { |
| @@ -655,6 +664,23 @@ static Property arm_cpu_pauth_property = | ||
| 655 | 664 | static Property arm_cpu_pauth_impdef_property = |
| 656 | 665 | DEFINE_PROP_BOOL("pauth-impdef", ARMCPU, prop_pauth_impdef, false); |
| 657 | 666 | |
| 667 | +void aarch64_add_pauth_properties(Object *obj) | |
| 668 | +{ | |
| 669 | + ARMCPU *cpu = ARM_CPU(obj); | |
| 670 | + | |
| 671 | + /* Default to PAUTH on, with the architected algorithm on TCG. */ | |
| 672 | + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); | |
| 673 | + if (kvm_enabled()) { | |
| 674 | + /* | |
| 675 | + * Mirror PAuth support from the probed sysregs back into the | |
| 676 | + * property for KVM. Is it just a bit backward? Yes it is! | |
| 677 | + */ | |
| 678 | + cpu->prop_pauth = cpu_isar_feature(aa64_pauth, cpu); | |
| 679 | + } else { | |
| 680 | + qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_property); | |
| 681 | + } | |
| 682 | +} | |
| 683 | + | |
| 658 | 684 | /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host); |
| 659 | 685 | * otherwise, a CPU with as many features enabled as our emulation supports. |
| 660 | 686 | * The version of '-cpu max' for qemu-system-arm is defined in cpu.c; |
| @@ -829,13 +855,10 @@ static void aarch64_max_initfn(Object *obj) | ||
| 829 | 855 | cpu->dcz_blocksize = 7; /* 512 bytes */ |
| 830 | 856 | #endif |
| 831 | 857 | |
| 832 | - /* Default to PAUTH on, with the architected algorithm. */ | |
| 833 | - qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); | |
| 834 | - qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_impdef_property); | |
| 835 | - | |
| 836 | 858 | bitmap_fill(cpu->sve_vq_supported, ARM_MAX_VQ); |
| 837 | 859 | } |
| 838 | 860 | |
| 861 | + aarch64_add_pauth_properties(obj); | |
| 839 | 862 | aarch64_add_sve_properties(obj); |
| 840 | 863 | object_property_add(obj, "sve-max-vq", "uint32", cpu_max_get_sve_max_vq, |
| 841 | 864 | cpu_max_set_sve_max_vq, NULL, NULL); |
| @@ -491,6 +491,12 @@ static int read_sys_reg64(int fd, uint64_t *pret, uint64_t id) | ||
| 491 | 491 | return ioctl(fd, KVM_GET_ONE_REG, &idreg); |
| 492 | 492 | } |
| 493 | 493 | |
| 494 | +static bool kvm_arm_pauth_supported(void) | |
| 495 | +{ | |
| 496 | + return (kvm_check_extension(kvm_state, KVM_CAP_ARM_PTRAUTH_ADDRESS) && | |
| 497 | + kvm_check_extension(kvm_state, KVM_CAP_ARM_PTRAUTH_GENERIC)); | |
| 498 | +} | |
| 499 | + | |
| 494 | 500 | bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) |
| 495 | 501 | { |
| 496 | 502 | /* Identify the feature bits corresponding to the host CPU, and |
| @@ -521,6 +527,17 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf) | ||
| 521 | 527 | */ |
| 522 | 528 | struct kvm_vcpu_init init = { .target = -1, }; |
| 523 | 529 | |
| 530 | + /* | |
| 531 | + * Ask for Pointer Authentication if supported. We can't play the | |
| 532 | + * SVE trick of synthesising the ID reg as KVM won't tell us | |
| 533 | + * whether we have the architected or IMPDEF version of PAuth, so | |
| 534 | + * we have to use the actual ID regs. | |
| 535 | + */ | |
| 536 | + if (kvm_arm_pauth_supported()) { | |
| 537 | + init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS | | |
| 538 | + 1 << KVM_ARM_VCPU_PTRAUTH_GENERIC); | |
| 539 | + } | |
| 540 | + | |
| 524 | 541 | if (!kvm_arm_create_scratch_host_vcpu(cpus_to_try, fdarray, &init)) { |
| 525 | 542 | return false; |
| 526 | 543 | } |
| @@ -865,6 +882,10 @@ int kvm_arch_init_vcpu(CPUState *cs) | ||
| 865 | 882 | assert(kvm_arm_sve_supported()); |
| 866 | 883 | cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_SVE; |
| 867 | 884 | } |
| 885 | + if (cpu_isar_feature(aa64_pauth, cpu)) { | |
| 886 | + cpu->kvm_init_features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS | | |
| 887 | + 1 << KVM_ARM_VCPU_PTRAUTH_GENERIC); | |
| 888 | + } | |
| 868 | 889 | |
| 869 | 890 | /* Do KVM_ARM_VCPU_INIT ioctl */ |
| 870 | 891 | ret = kvm_arm_vcpu_init(cs); |
Fork