Commit a1ee8abb authored by Mark Rutland's avatar Mark Rutland Committed by Will Deacon
Browse files

arm64/kvm: hide ptrauth from guests 



In subsequent patches we're going to expose ptrauth to the host kernel
and userspace, but things are a bit trickier for guest kernels. For the
time being, let's hide ptrauth from KVM guests.

Regardless of how well-behaved the guest kernel is, guest userspace
could attempt to use ptrauth instructions, triggering a trap to EL2,
resulting in noise from kvm_handle_unknown_ec(). So let's write up a
handler for the PAC trap, which silently injects an UNDEF into the
guest, as if the feature were really missing.

Reviewed-by: default avatarRichard Henderson <richard.henderson@linaro.org>
Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
Signed-off-by: default avatarKristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: default avatarAndrew Jones <drjones@redhat.com>
Reviewed-by: default avatarChristoffer Dall <christoffer.dall@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: kvmarm@lists.cs.columbia.edu
Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
parent 4eaed6aa

arch/arm64/kvm/handle_exit.c

+18 −0
Original line number Diff line number Diff line
@@ -173,6 +173,23 @@ static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run) 
	return 1;

}



/*

 * Guest usage of a ptrauth instruction (which the guest EL1 did not turn into

 * a NOP).

 */

static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu, struct kvm_run *run)

{

	/*

	 * We don't currently support ptrauth in a guest, and we mask the ID

	 * registers to prevent well-behaved guests from trying to make use of

	 * it.

	 *

	 * Inject an UNDEF, as if the feature really isn't present.

	 */

	kvm_inject_undefined(vcpu);

	return 1;

}



static exit_handle_fn arm_exit_handlers[] = {

	[0 ... ESR_ELx_EC_MAX]	= kvm_handle_unknown_ec,

	[ESR_ELx_EC_WFx]	= kvm_handle_wfx,
@@ -195,6 +212,7 @@ static exit_handle_fn arm_exit_handlers[] = { 
	[ESR_ELx_EC_BKPT32]	= kvm_handle_guest_debug,

	[ESR_ELx_EC_BRK64]	= kvm_handle_guest_debug,

	[ESR_ELx_EC_FP_ASIMD]	= handle_no_fpsimd,

	[ESR_ELx_EC_PAC]	= kvm_handle_ptrauth,

};



static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu)

arch/arm64/kvm/sys_regs.c

+8 −0
Original line number Diff line number Diff line
@@ -1040,6 +1040,14 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz) 
			kvm_debug("SVE unsupported for guests, suppressing\n");



		val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);

	} else if (id == SYS_ID_AA64ISAR1_EL1) {

		const u64 ptrauth_mask = (0xfUL << ID_AA64ISAR1_APA_SHIFT) |

					 (0xfUL << ID_AA64ISAR1_API_SHIFT) |

					 (0xfUL << ID_AA64ISAR1_GPA_SHIFT) |

					 (0xfUL << ID_AA64ISAR1_GPI_SHIFT);

		if (val & ptrauth_mask)

			kvm_debug("ptrauth unsupported for guests, suppressing\n");

		val &= ~ptrauth_mask;

	} else if (id == SYS_ID_AA64MMFR1_EL1) {

		if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT))

			kvm_debug("LORegions unsupported for guests, suppressing\n");

CRA Git | Maintained and supported by SUSTech CRA and CCSE