[PATCH] KVM: arm64: Use different pointer authentication keys for pKVM
Mostafa Saleh
smostafa at google.com
Tue Jun 13 09:27:30 PDT 2023
Hi Oliver,
On Tue, Jun 13, 2023 at 12:16:02PM +0000, Oliver Upton wrote:
> On Tue, 16 May 2023 14:15:31 +0000, Mostafa Saleh wrote:
> > When the kernel is compiled with CONFIG_ARM64_PTR_AUTH_KERNEL, it
> > uses Armv8.3-Pauth for return address protection for the kernel code
> > including nvhe code in EL2.
> >
> > Same keys are used in both kernel(EL1) and nvhe code(EL2), this is
> > fine for nvhe but not when running in protected mode(pKVM) as the host
> > can't be trusted.
> >
> > [...]
>
> Applied to kvmarm/next, thanks!
>
> [1/1] KVM: arm64: Use different pointer authentication keys for pKVM
> https://git.kernel.org/kvmarm/kvmarm/c/fb737685beee
>
> --
Thanks! I did more testing and I found a bug in this patch.
It seems there is another entry point for the kenrel where pauth was
not handled properly "kvm_host_psci_cpu_entry", I will investigate this
further and send V2.
Sorry for the inconvenience!
Thanks,
Mostafa
More information about the linux-arm-kernel
mailing list