I recently discovered that the Pointer Authentication (PtrAuth) handling code in KVM is busted, and has been for a while. The main issue is that the we save the host's keys from a preemptible context. Things will go wrong at some point. In order to address this, the first patch move the saving of the host's keys to vcpu_load(). It is done eagerly, which is a bore, but is at least safe. This is definitely stable material. The following patch is adding an optimisatioe: we handle key saving and HCR massaging as a fixup, much like the FPSIMD code. Subsequent patch cleans up our HYP per-CPU accessor and make it sparse friendly, asthe last patch makes heavy use of it by killing the per-vcpu backpointer to the physical CPU context, avoiding the first bug altogether. This has been very lightly tested on a model. Unless someone shouts, I plan to send this as part of the pending set of fixes. * From v1: - Dropped the misbehaving guest handling patch - Added the two cleanup patches to the series (previously posted separately) Marc Zyngier (4): KVM: arm64: Save the host's PtrAuth keys in non-preemptible context KVM: arm64: Handle PtrAuth traps early KVM: arm64: Stop sparse from moaning at __hyp_this_cpu_ptr KVM: arm64: Remove host_cpu_context member from vcpu structure arch/arm64/include/asm/kvm_asm.h | 13 ++++-- arch/arm64/include/asm/kvm_emulate.h | 6 --- arch/arm64/include/asm/kvm_host.h | 3 -- arch/arm64/kvm/arm.c | 6 +-- arch/arm64/kvm/handle_exit.c | 32 ++------------ arch/arm64/kvm/hyp/debug-sr.c | 4 +- arch/arm64/kvm/hyp/switch.c | 65 +++++++++++++++++++++++++++- arch/arm64/kvm/hyp/sysreg-sr.c | 6 ++- arch/arm64/kvm/pmu.c | 8 +--- arch/arm64/kvm/sys_regs.c | 13 +++--- 10 files changed, 91 insertions(+), 65 deletions(-) -- 2.26.2 _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
