KVM: arm64: Hoist PAuth checks into KVM_ARM_VCPU_INIT ioctl

Test for feature support in the ioctl handler rather than
kvm_reset_vcpu(). Continue to uphold our all-or-nothing policy with
address and generic pointer authentication.

Link: https://lore.kernel.org/r/20230920195036.1169791-5-oliver.upton@linux.dev
Signed-off-by: Oliver Upton <oliver.upton@linux.dev>

diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index e73e134fa2fae9da4f7fcbaf29761dc0e11c5ca7..ab866a7370a3162636114119fa3545a1ff9bfe36 100644 (file)
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -1203,6 +1203,11 @@ static unsigned long system_supported_vcpu_features(void)
        if (!system_supports_sve())
                clear_bit(KVM_ARM_VCPU_SVE, &features);
 
+       if (!system_has_full_ptr_auth()) {
+               clear_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, &features);
+               clear_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features);
+       }
+
        return features;
 }
 
@@ -1223,6 +1228,14 @@ static int kvm_vcpu_init_check_features(struct kvm_vcpu *vcpu,
        if (features & ~system_supported_vcpu_features())
                return -EINVAL;
 
+       /*
+        * For now make sure that both address/generic pointer authentication
+        * features are requested by the userspace together.
+        */
+       if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, &features) !=
+           test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, &features))
+               return -EINVAL;
+
        if (!test_bit(KVM_ARM_VCPU_EL1_32BIT, &features))
                return 0;
 

diff --git a/arch/arm64/kvm/reset.c b/arch/arm64/kvm/reset.c
index 3cb08d35b8e04c1ab2e4ab78109fb6a4c2f0dd02..bbcf5bbd66d94c167bb4c0fee55bfd2cd24dfa38 100644 (file)
--- a/arch/arm64/kvm/reset.c
+++ b/arch/arm64/kvm/reset.c
@@ -165,20 +165,9 @@ static void kvm_vcpu_reset_sve(struct kvm_vcpu *vcpu)
                memset(vcpu->arch.sve_state, 0, vcpu_sve_state_size(vcpu));
 }
 
-static int kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu)
+static void kvm_vcpu_enable_ptrauth(struct kvm_vcpu *vcpu)
 {
-       /*
-        * For now make sure that both address/generic pointer authentication
-        * features are requested by the userspace together and the system
-        * supports these capabilities.
-        */
-       if (!test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) ||
-           !test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features) ||
-           !system_has_full_ptr_auth())
-               return -EINVAL;
-
        vcpu_set_flag(vcpu, GUEST_HAS_PTRAUTH);
-       return 0;
 }
 
 /**
@@ -233,12 +222,8 @@ int kvm_reset_vcpu(struct kvm_vcpu *vcpu)
        }
 
        if (test_bit(KVM_ARM_VCPU_PTRAUTH_ADDRESS, vcpu->arch.features) ||
-           test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features)) {
-               if (kvm_vcpu_enable_ptrauth(vcpu)) {
-                       ret = -EINVAL;
-                       goto out;
-               }
-       }
+           test_bit(KVM_ARM_VCPU_PTRAUTH_GENERIC, vcpu->arch.features))
+               kvm_vcpu_enable_ptrauth(vcpu);
 
        if (vcpu_el1_is_32bit(vcpu))
                pstate = VCPU_RESET_PSTATE_SVC;