[PATCH] KVM: arm64: Prevent vcpu_has_ptrauth from generating OOL functions
Nathan Chancellor
natechancellor at gmail.com
Thu Jul 23 11:59:34 EDT 2020
On Thu, Jul 23, 2020 at 09:17:15AM +0100, Marc Zyngier wrote:
> Hi Nathan,
>
> On 2020-07-23 03:51, Nathan Chancellor wrote:
> > On Wed, Jul 22, 2020 at 05:22:31PM +0100, Marc Zyngier wrote:
> > > So far, vcpu_has_ptrauth() is implemented in terms of
> > > system_supports_*_auth()
> > > calls, which are declared "inline". In some specific conditions (clang
> > > and SCS), the "inline" very much turns into an "out of line", which
> > > leads to a fireworks when this predicate is evaluated on a non-VHE
> > > system (right at the beginning of __hyp_handle_ptrauth).
> > >
> > > Instead, make sure vcpu_has_ptrauth gets expanded inline by directly
> > > using the cpus_have_final_cap() helpers, which are __always_inline,
> > > generate much better code, and are the only thing that make sense when
> > > running at EL2 on a nVHE system.
> > >
> > > Fixes: 29eb5a3c57f7 ("KVM: arm64: Handle PtrAuth traps early")
> > > Reported-by: Nathan Chancellor <natechancellor at gmail.com>
> > > Reported-by: Nick Desaulniers <ndesaulniers at google.com>
> > > Signed-off-by: Marc Zyngier <maz at kernel.org>
> >
> > Thank you for the quick fix! I have booted a mainline kernel with this
> > patch with Shadow Call Stack enabled and verified that using KVM no
> > longer causes a panic.
>
> Great! I'll try and ferry this to mainline as quickly as possible.
Awesome, I will keep an eye out.
> > Reviewed-by: Nathan Chancellor <natechancellor at gmail.com>
> > Tested-by: Nathan Chancellor <natechancellor at gmail.com>
> >
> > For the future, is there an easy way to tell which type of system I am
> > using (nVHE or VHE)? I am new to the arm64 KVM world but it is something
> > that I am going to continue to test with various clang technologies now
> > that I have actual hardware capable of it that can run a mainline
> > kernel.
>
> ARMv8.0 CPUs are only capable of running non-VHE. So if you have
> something based on older ARM CPUs (such as A57, A72, A53, A73, A35...),
> or licensee CPUs (ThunderX, XGene, EMag...), this will only run
> non-VHE (the host kernel runs at EL1, while the hypervisor runs at
> EL2.
>
> From ARMv8.1 onward, VHE is normally present, and the host kernel
> can run at EL2 directly. ARM CPUs include A55, A65, A75, A76, A77,
> N1, while licensee CPUs include TX2, Kunpeng 920, and probably some
> more.
>
> As pointed out by Zenghui in another email, KVM shows which mode
> it is using. Even without KVM, the kernel prints very early on:
>
> [ 0.000000] CPU features: detected: Virtualization Host Extensions
>
> Note that this is only a performance difference, and that most
> features that are supported by the CPU can be used by KVM in either
> mode.
>
> Thanks again,
>
> M.
> --
> Jazz is not dead. It just smells funny...
Excellent, thank you both for the in-depth explanation. Hopefully my
test farm continues to grow so I can stay on top of testing this stuff.
Cheers,
Nathan
More information about the linux-arm-kernel
mailing list