Not having PtrAuth on non-VHE KVM (for whatever reason VHE is not enabled on a v8.3 system) has always looked like an oddity. This trivial series remedies it, and allows a non-VHE KVM to offer PtrAuth to its guests. In the tradition of not having separate security between host-EL1 and EL2, EL2 reuses the keys set up by host-EL1. It is likely that, should we switch to a mode where EL2 is more distrusting of EL1, we'd have private keys there. The last two patches are respectively an optimization when save/restoring the PtrAuth context, and a cleanup of the alternatives used by that same save/restore code. * From v1 [1]: - Move the hand-crafted literal load to using a mov_q macro (Andrew, Mark) - Added a cleanup of the alternatives on the save/restore path (Mark) [1] https://lore.kernel.org/kvm/20200615081954.6233-1-maz@xxxxxxxxxx/ Marc Zyngier (5): KVM: arm64: Enable Address Authentication at EL2 if available KVM: arm64: Allow ARM64_PTR_AUTH when ARM64_VHE=n KVM: arm64: Allow PtrAuth to be enabled from userspace on non-VHE systems KVM: arm64: Check HCR_EL2 instead of shadow copy to swap PtrAuth registers KVM: arm64: Simplify PtrAuth alternative patching arch/arm64/Kconfig | 4 +--- arch/arm64/include/asm/kvm_ptrauth.h | 30 ++++++++++------------------ arch/arm64/kvm/hyp-init.S | 5 +++++ arch/arm64/kvm/reset.c | 21 ++++++++++--------- 4 files changed, 27 insertions(+), 33 deletions(-) -- 2.27.0 _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/mailman/listinfo/kvmarm