I recently discovered that the Pointer Authentication (PtrAuth) handling code in KVM is busted, and has been for a while. The main issue is that the we save the host's keys from a preemptible context. Things will go wrong at some point.
In order to address this, the first patch move the saving of the host's keys to vcpu_load(). It is done eagerly, which is a bore, but is at least safe. This is definitely stable material. The following two patches are adding an optimisation and a fix for a corner case: we handle key saving and HCR massaging as a fixup, much like the FPSIMD code. This subsequently allows us to deal with the ugly case of a guest enabling PtrAuth despite it not being advertised, resulting in PAC instructions UNDEF'ing while they should be NOPs. This has been very lightly tested on a model. Marc Zyngier (3): KVM: arm64: Save the host's PtrAuth keys in non-preemptible context KVM: arm64: Handle PtrAuth traps early KVM: arm64: Enforce PtrAuth being disabled if not advertized arch/arm64/include/asm/kvm_emulate.h | 6 --- arch/arm64/kvm/arm.c | 3 +- arch/arm64/kvm/handle_exit.c | 38 --------------- arch/arm64/kvm/hyp/switch.c | 73 ++++++++++++++++++++++++++++ arch/arm64/kvm/sys_regs.c | 13 ++--- 5 files changed, 80 insertions(+), 53 deletions(-) -- 2.26.2 _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
