Skip to content

aarch64: Expose pointer authentication to guests #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2025
Merged

aarch64: Expose pointer authentication to guests #388

merged 1 commit into from
Aug 14, 2025

Conversation

pcc
Copy link
Contributor

@pcc pcc commented Aug 13, 2025
edited
Loading

Pointer authentication is an Arm CPU feature that may be used to mitigate
against various security vulnerabilities. It is not exposed to KVM guests
by default, so do so.

Signed-off-by: Peter Collingbourne pcc@google.com

@tylerfanelli
Copy link
Member

Thanks for the contribution. Can you add a Signed-off-by line to the commit?

@MatiasVara
Copy link
Collaborator

Thanks for contribution! I am not very familiar with what/why is exposed to the guest, may it help to add two words in the commit msg about what is exposed and why?

@pcc
Copy link
Contributor Author

pcc commented Aug 13, 2025

Thanks for the contribution. Can you add a Signed-off-by line to the commit?

Done.

Thanks for contribution! I am not very familiar with what/why is exposed to the guest, may it help to add two words in the commit msg about what is exposed and why?

Done.

tylerfanelli
tylerfanelli approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@tylerfanelli tylerfanelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks! The integration test failure is on x86_64, so is not related to this change.

@jakecorrenti
Copy link
Member

I'll create an issue for the flaky test. I've noticed it quite a bit recently.

@jakecorrenti
Copy link
Member

@pcc can rebase your branch? I'll merge it once you do that

@pcc
aarch64: Expose pointer authentication to guests
e7823cb 
Pointer authentication is an Arm CPU feature that may be used to mitigate
against various security vulnerabilities. It is not exposed to KVM guests
by default, so do so.

Signed-off-by: Peter Collingbourne <pcc@google.com>
@pcc
Copy link
Contributor Author

pcc commented Aug 14, 2025

@pcc can rebase your branch? I'll merge it once you do that

Done

@jakecorrenti jakecorrenti merged commit 7116644 into containers:main Aug 14, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MatiasVara MatiasVara MatiasVara approved these changes

@tylerfanelli tylerfanelli tylerfanelli approved these changes

@jakecorrenti jakecorrenti Awaiting requested review from jakecorrenti jakecorrenti is a code owner

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc is a code owner

@slp slp Awaiting requested review from slp slp is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pcc @tylerfanelli @MatiasVara @jakecorrenti