From: Sasha Levin Date: Fri, 28 Jul 2023 15:46:14 +0000 (-0400) Subject: Drop kvm-arm64-use-different-pointer-authentication-keys-.patch from 6.4 X-Git-Tag: v5.15.124~86 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5745c362ed9db5dc27855a6e53ecb0296554d92b;p=thirdparty%2Fkernel%2Fstable-queue.git Drop kvm-arm64-use-different-pointer-authentication-keys-.patch from 6.4 --- diff --git a/queue-6.4/kvm-arm64-handle-kvm_arm_init-failure-correctly-in-f.patch b/queue-6.4/kvm-arm64-handle-kvm_arm_init-failure-correctly-in-f.patch index 752834a782d..6c90ca97394 100644 --- a/queue-6.4/kvm-arm64-handle-kvm_arm_init-failure-correctly-in-f.patch +++ b/queue-6.4/kvm-arm64-handle-kvm_arm_init-failure-correctly-in-f.patch @@ -1,4 +1,4 @@ -From 062a794c55cbe4bc9f28d3a7dbdf77e89fd5c5d3 Mon Sep 17 00:00:00 2001 +From 9f27f8166957561f673a5b35c4c9a7d78c2eaf23 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 4 Jul 2023 20:32:43 +0100 Subject: KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm @@ -125,12 +125,12 @@ index 4eb601e7de507..06382da630123 100644 DECLARE_STATIC_KEY_FALSE(kvm_protected_mode_initialized); diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c -index 91bec8454d573..5c354a3bf7372 100644 +index 7d8c3dd8b7ca9..3a2606ba3e583 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c -@@ -53,11 +53,16 @@ DECLARE_KVM_NVHE_PER_CPU(struct kvm_nvhe_init_params, kvm_init_params); - - DECLARE_KVM_NVHE_PER_CPU(struct kvm_cpu_context, kvm_hyp_ctxt); +@@ -51,11 +51,16 @@ DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector); + DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_page); + DECLARE_KVM_NVHE_PER_CPU(struct kvm_nvhe_init_params, kvm_init_params); -static bool vgic_present; +static bool vgic_present, kvm_arm_initialised; @@ -146,7 +146,7 @@ index 91bec8454d573..5c354a3bf7372 100644 int kvm_arch_vcpu_should_kick(struct kvm_vcpu *vcpu) { return kvm_vcpu_exiting_guest_mode(vcpu) == IN_GUEST_MODE; -@@ -2422,6 +2427,8 @@ static __init int kvm_arm_init(void) +@@ -2396,6 +2401,8 @@ static __init int kvm_arm_init(void) if (err) goto out_subs; diff --git a/queue-6.4/kvm-arm64-use-different-pointer-authentication-keys-.patch b/queue-6.4/kvm-arm64-use-different-pointer-authentication-keys-.patch deleted file mode 100644 index 06b288927a2..00000000000 --- a/queue-6.4/kvm-arm64-use-different-pointer-authentication-keys-.patch +++ /dev/null @@ -1,147 +0,0 @@ -From 841a52c56c2617f57497f05868863901179c458d Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 14 Jun 2023 12:25:59 +0000 -Subject: KVM: arm64: Use different pointer authentication keys for pKVM - -From: Mostafa Saleh - -[ Upstream commit 8c15c2a0281087d19f62d7c2b5ab1f9e961b8d97 ] - -When the use of pointer authentication is enabled in the kernel it -applies to both the kernel itself as well as KVM's nVHE hypervisor. The -same keys are used for both the kernel and the nVHE hypervisor, which is -less than desirable for pKVM as the host is not trusted at runtime. - -Naturally, the fix is to use a different set of keys for the hypervisor -when running in protected mode. Have the host generate a new set of keys -for the hypervisor before deprivileging the kernel. While there might be -other sources of random directly available at EL2, this keeps the -implementation simple, and the host is trusted anyways until it is -deprivileged. - -Since the host and hypervisor no longer share a set of pointer -authentication keys, start context switching them on the host entry/exit -path exactly as we do for guest entry/exit. There is no need to handle -CPU migration as the nVHE code is not migratable in the first place. - -Signed-off-by: Mostafa Saleh -Link: https://lore.kernel.org/r/20230614122600.2098901-1-smostafa@google.com -Signed-off-by: Oliver Upton -Stable-dep-of: fa729bc7c9c8 ("KVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm") -Signed-off-by: Sasha Levin ---- - arch/arm64/kvm/arm.c | 26 ++++++++++++++++++++++++ - arch/arm64/kvm/hyp/nvhe/host.S | 36 +++++++++++++++++++++++++++++++++- - 2 files changed, 61 insertions(+), 1 deletion(-) - -diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c -index 7d8c3dd8b7ca9..91bec8454d573 100644 ---- a/arch/arm64/kvm/arm.c -+++ b/arch/arm64/kvm/arm.c -@@ -51,6 +51,8 @@ DECLARE_KVM_HYP_PER_CPU(unsigned long, kvm_hyp_vector); - DEFINE_PER_CPU(unsigned long, kvm_arm_hyp_stack_page); - DECLARE_KVM_NVHE_PER_CPU(struct kvm_nvhe_init_params, kvm_init_params); - -+DECLARE_KVM_NVHE_PER_CPU(struct kvm_cpu_context, kvm_hyp_ctxt); -+ - static bool vgic_present; - - static DEFINE_PER_CPU(unsigned char, kvm_arm_hardware_enabled); -@@ -2080,6 +2082,26 @@ static int __init kvm_hyp_init_protection(u32 hyp_va_bits) - return 0; - } - -+static void pkvm_hyp_init_ptrauth(void) -+{ -+ struct kvm_cpu_context *hyp_ctxt; -+ int cpu; -+ -+ for_each_possible_cpu(cpu) { -+ hyp_ctxt = per_cpu_ptr_nvhe_sym(kvm_hyp_ctxt, cpu); -+ hyp_ctxt->sys_regs[APIAKEYLO_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APIAKEYHI_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APIBKEYLO_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APIBKEYHI_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APDAKEYLO_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APDAKEYHI_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APDBKEYLO_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APDBKEYHI_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APGAKEYLO_EL1] = get_random_long(); -+ hyp_ctxt->sys_regs[APGAKEYHI_EL1] = get_random_long(); -+ } -+} -+ - /* Inits Hyp-mode on all online CPUs */ - static int __init init_hyp_mode(void) - { -@@ -2241,6 +2263,10 @@ static int __init init_hyp_mode(void) - kvm_hyp_init_symbols(); - - if (is_protected_kvm_enabled()) { -+ if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL) && -+ cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) -+ pkvm_hyp_init_ptrauth(); -+ - init_cpu_logical_map(); - - if (!init_psci_relay()) { -diff --git a/arch/arm64/kvm/hyp/nvhe/host.S b/arch/arm64/kvm/hyp/nvhe/host.S -index b6c0188c4b35a..c87c63133e10c 100644 ---- a/arch/arm64/kvm/hyp/nvhe/host.S -+++ b/arch/arm64/kvm/hyp/nvhe/host.S -@@ -10,6 +10,7 @@ - #include - #include - #include -+#include - - .text - -@@ -37,10 +38,43 @@ SYM_FUNC_START(__host_exit) - - /* Save the host context pointer in x29 across the function call */ - mov x29, x0 -+ -+#ifdef CONFIG_ARM64_PTR_AUTH_KERNEL -+alternative_if_not ARM64_HAS_ADDRESS_AUTH -+b __skip_pauth_save -+alternative_else_nop_endif -+ -+alternative_if ARM64_KVM_PROTECTED_MODE -+ /* Save kernel ptrauth keys. */ -+ add x18, x29, #CPU_APIAKEYLO_EL1 -+ ptrauth_save_state x18, x19, x20 -+ -+ /* Use hyp keys. */ -+ adr_this_cpu x18, kvm_hyp_ctxt, x19 -+ add x18, x18, #CPU_APIAKEYLO_EL1 -+ ptrauth_restore_state x18, x19, x20 -+ isb -+alternative_else_nop_endif -+__skip_pauth_save: -+#endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */ -+ - bl handle_trap - -- /* Restore host regs x0-x17 */ - __host_enter_restore_full: -+ /* Restore kernel keys. */ -+#ifdef CONFIG_ARM64_PTR_AUTH_KERNEL -+alternative_if_not ARM64_HAS_ADDRESS_AUTH -+b __skip_pauth_restore -+alternative_else_nop_endif -+ -+alternative_if ARM64_KVM_PROTECTED_MODE -+ add x18, x29, #CPU_APIAKEYLO_EL1 -+ ptrauth_restore_state x18, x19, x20 -+alternative_else_nop_endif -+__skip_pauth_restore: -+#endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */ -+ -+ /* Restore host regs x0-x17 */ - ldp x0, x1, [x29, #CPU_XREG_OFFSET(0)] - ldp x2, x3, [x29, #CPU_XREG_OFFSET(2)] - ldp x4, x5, [x29, #CPU_XREG_OFFSET(4)] --- -2.39.2 - diff --git a/queue-6.4/series b/queue-6.4/series index 6eb53b955e3..3456c4c155d 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -4,7 +4,6 @@ drm-amd-move-helper-for-dynamic-speed-switch-check-out-of-smu13.patch drm-amd-align-smu11-smu_msg_overridepcieparameters-implementation-with-smu13.patch r8169-revert-2ab19de62d67-r8169-remove-aspm-restrictions-now-that-aspm-is-disabled-during-napi-poll.patch jbd2-fix-wrongly-judgement-for-buffer-head-removing-.patch -kvm-arm64-use-different-pointer-authentication-keys-.patch kvm-arm64-handle-kvm_arm_init-failure-correctly-in-f.patch blk-mq-fix-stall-due-to-recursive-flush-plug.patch powerpc-pseries-vas-hold-mmap_mutex-after-mmap-lock-.patch