Re: [PATCH v2] KVM: arm64: Use different pointer authentication keys for pKVM

From: Oliver Upton
Date: Wed Jun 14 2023 - 11:32:47 EST

Next message: Peter Xu: "Re: [PATCH 4/7] mm/hugetlb: Prepare hugetlb_follow_page_mask() for FOLL_PIN"
Previous message: Peter Zijlstra: "Re: printk.time causes rare kernel boot hangs"
In reply to: Mostafa Saleh: "[PATCH v2] KVM: arm64: Use different pointer authentication keys for pKVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 14 Jun 2023 12:25:59 +0000, Mostafa Saleh wrote:
> When the use of pointer authentication is enabled in the kernel it
> applies to both the kernel itself as well as KVM's nVHE hypervisor. The
> same keys are used for both the kernel and the nVHE hypervisor, which is
> less than desirable for pKVM as the host is not trusted at runtime.
>
> Naturally, the fix is to use a different set of keys for the hypervisor
> when running in protected mode. Have the host generate a new set of keys
> for the hypervisor before deprivileging the kernel. While there might be
> other sources of random directly available at EL2, this keeps the
> implementation simple, and the host is trusted anyways until it is
> deprivileged.
>
> [...]

Applied to kvmarm/next, thanks!

[1/1] KVM: arm64: Use different pointer authentication keys for pKVM
https://git.kernel.org/kvmarm/kvmarm/c/8c15c2a02810

--
Best,
Oliver

Next message: Peter Xu: "Re: [PATCH 4/7] mm/hugetlb: Prepare hugetlb_follow_page_mask() for FOLL_PIN"
Previous message: Peter Zijlstra: "Re: printk.time causes rare kernel boot hangs"
In reply to: Mostafa Saleh: "[PATCH v2] KVM: arm64: Use different pointer authentication keys for pKVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]