| Message ID | 20220204165506.2846058-7-peter.maydell@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | target/arm: -cpu host/max KVM and HVF fixes | expand |
On 2/5/22 03:55, Peter Maydell wrote: > Currently we don't allow guests under hvf to use the PAuth extension, > because we didn't have any special code to handle that, and therefore > in arm_cpu_pauth_finalize() we will sanitize the ID_AA64ISAR1 value > the guest sees to clear the PAuth related fields. > > Add support for this in the same way that KVM does it, by defaulting > to "PAuth enabled" if the host CPU has it and allowing the user to > disable it via '-cpu pauth=no' on the command line. > > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > --- > target/arm/cpu64.c | 14 ++++++++++---- > 1 file changed, 10 insertions(+), 4 deletions(-) Currently not a problem in practice because M1 doesn't support PAuth, so the ID fields are already clear. However, it is a confusing difference to kvm, and presumably some future Apple chip will enable PAuth. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
On Sun, 6 Feb 2022 at 00:26, Richard Henderson <richard.henderson@linaro.org> wrote: > > On 2/5/22 03:55, Peter Maydell wrote: > > Currently we don't allow guests under hvf to use the PAuth extension, > > because we didn't have any special code to handle that, and therefore > > in arm_cpu_pauth_finalize() we will sanitize the ID_AA64ISAR1 value > > the guest sees to clear the PAuth related fields. > > > > Add support for this in the same way that KVM does it, by defaulting > > to "PAuth enabled" if the host CPU has it and allowing the user to > > disable it via '-cpu pauth=no' on the command line. > > > > Signed-off-by: Peter Maydell<peter.maydell@linaro.org> > > --- > > target/arm/cpu64.c | 14 ++++++++++---- > > 1 file changed, 10 insertions(+), 4 deletions(-) > > Currently not a problem in practice because M1 doesn't support PAuth, so the ID fields are > already clear. However, it is a confusing difference to kvm, and presumably some future > Apple chip will enable PAuth. No, this is an actual bug that was reported to me. The M1 does support PAuth, with an IMPDEF algorithm (and no support for QARMA5), and we were suppressing this by clearing the ID register fields. thanks -- PMM
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c index fd611c97116..5be5ade6c9d 100644 --- a/target/arm/cpu64.c +++ b/target/arm/cpu64.c @@ -633,9 +633,10 @@ void arm_cpu_pauth_finalize(ARMCPU *cpu, Error **errp) uint64_t t; /* Exit early if PAuth is enabled, and fall through to disable it */ - if (kvm_enabled() && cpu->prop_pauth) { + if ((kvm_enabled() || hvf_enabled()) && cpu->prop_pauth) { if (!cpu_isar_feature(aa64_pauth, cpu)) { - error_setg(errp, "'pauth' feature not supported by KVM on this host"); + error_setg(errp, "'pauth' feature not supported by %s on this host", + kvm_enabled() ? "KVM" : "hvf"); } return; @@ -672,10 +673,14 @@ void aarch64_add_pauth_properties(Object *obj) /* Default to PAUTH on, with the architected algorithm on TCG. */ qdev_property_add_static(DEVICE(obj), &arm_cpu_pauth_property); - if (kvm_enabled()) { + if (kvm_enabled() || hvf_enabled()) { /* * Mirror PAuth support from the probed sysregs back into the - * property for KVM. Is it just a bit backward? Yes it is! + * property for KVM or hvf. Is it just a bit backward? Yes it is! + * Note that prop_pauth is true whether the host CPU supports the + * architected QARMA5 algorithm or the IMPDEF one. We don't + * provide the separate pauth-impdef property for KVM or hvf, + * only for TCG. */ cpu->prop_pauth = cpu_isar_feature(aa64_pauth, cpu); } else { @@ -695,6 +700,7 @@ static void aarch64_host_initfn(Object *obj) #elif defined(CONFIG_HVF) ARMCPU *cpu = ARM_CPU(obj); hvf_arm_set_cpu_features_from_host(cpu); + aarch64_add_pauth_properties(obj); #else g_assert_not_reached(); #endif
Currently we don't allow guests under hvf to use the PAuth extension, because we didn't have any special code to handle that, and therefore in arm_cpu_pauth_finalize() we will sanitize the ID_AA64ISAR1 value the guest sees to clear the PAuth related fields. Add support for this in the same way that KVM does it, by defaulting to "PAuth enabled" if the host CPU has it and allowing the user to disable it via '-cpu pauth=no' on the command line. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- target/arm/cpu64.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-)