KVM: arm64: Tidying up PAuth code in KVM

Tidy up some of the PAuth trapping code to clear up some comments
and avoid clang/checkpatch warnings. Also, don't bother setting
PAuth HCR_EL2 bits in pKVM, since it's handled by the hypervisor.

Signed-off-by: Fuad Tabba <tabba@google.com>
Link: https://lore.kernel.org/r/20240722163311.1493879-1-tabba@google.com
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

diff --git a/arch/arm64/include/asm/kvm_ptrauth.h b/arch/arm64/include/asm/kvm_ptrauth.h
index d81bac2..6199c9f 100644 (file)
--- a/arch/arm64/include/asm/kvm_ptrauth.h
+++ b/arch/arm64/include/asm/kvm_ptrauth.h
@@ -104,7 +104,7 @@ alternative_else_nop_endif
 
 #define __ptrauth_save_key(ctxt, key)                                  \
        do {                                                            \
-               u64 __val;                                              \
+               u64 __val;                                              \
                __val = read_sysreg_s(SYS_ ## key ## KEYLO_EL1);        \
                ctxt_sys_reg(ctxt, key ## KEYLO_EL1) = __val;           \
                __val = read_sysreg_s(SYS_ ## key ## KEYHI_EL1);        \

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 23e1fa5..9bef763 100644 (file)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -522,10 +522,10 @@ void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu)
 
 static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu)
 {
-       if (vcpu_has_ptrauth(vcpu)) {
+       if (vcpu_has_ptrauth(vcpu) && !is_protected_kvm_enabled()) {
                /*
-                * Either we're running running an L2 guest, and the API/APK
-                * bits come from L1's HCR_EL2, or API/APK are both set.
+                * Either we're running an L2 guest, and the API/APK bits come
+                * from L1's HCR_EL2, or API/APK are both set.
                 */
                if (unlikely(vcpu_has_nv(vcpu) && !is_hyp_ctxt(vcpu))) {
                        u64 val;
@@ -542,16 +542,10 @@ static void vcpu_set_pauth_traps(struct kvm_vcpu *vcpu)
                 * Save the host keys if there is any chance for the guest
                 * to use pauth, as the entry code will reload the guest
                 * keys in that case.
-                * Protected mode is the exception to that rule, as the
-                * entry into the EL2 code eagerly switch back and forth
-                * between host and hyp keys (and kvm_hyp_ctxt is out of
-                * reach anyway).
                 */
-               if (is_protected_kvm_enabled())
-                       return;
-
                if (vcpu->arch.hcr_el2 & (HCR_API | HCR_APK)) {
                        struct kvm_cpu_context *ctxt;
+
                        ctxt = this_cpu_ptr_hyp_sym(kvm_hyp_ctxt);
                        ptrauth_save_keys(ctxt);
                }

diff --git a/arch/arm64/kvm/hyp/include/hyp/switch.h b/arch/arm64/kvm/hyp/include/hyp/switch.h
index f59ccfe..37ff87d 100644 (file)
--- a/arch/arm64/kvm/hyp/include/hyp/switch.h
+++ b/arch/arm64/kvm/hyp/include/hyp/switch.h
@@ -27,7 +27,6 @@
 #include <asm/kvm_hyp.h>
 #include <asm/kvm_mmu.h>
 #include <asm/kvm_nested.h>
-#include <asm/kvm_ptrauth.h>
 #include <asm/fpsimd.h>
 #include <asm/debug-monitors.h>
 #include <asm/processor.h>

diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c
index 6af179c..8f5c56d 100644 (file)
--- a/arch/arm64/kvm/hyp/nvhe/switch.c
+++ b/arch/arm64/kvm/hyp/nvhe/switch.c
@@ -173,9 +173,8 @@ static void __pmu_switch_to_host(struct kvm_vcpu *vcpu)
 static bool kvm_handle_pvm_sys64(struct kvm_vcpu *vcpu, u64 *exit_code)
 {
        /*
-        * Make sure we handle the exit for workarounds and ptrauth
-        * before the pKVM handling, as the latter could decide to
-        * UNDEF.
+        * Make sure we handle the exit for workarounds before the pKVM
+        * handling, as the latter could decide to UNDEF.
         */
        return (kvm_hyp_handle_sysreg(vcpu, exit_code) ||
                kvm_handle_pvm_sysreg(vcpu, exit_code));