From patchwork Fri Oct 5 08:47:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148157 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp179846lji; Fri, 5 Oct 2018 01:49:46 -0700 (PDT) X-Google-Smtp-Source: ACcGV63EiKUfTmB7DOpPSwBMWXRtvrfO7l7P0Hj4RxOUOLezrfvQhwZijfK3y+4gHDe859iWuKus X-Received: by 2002:a62:11cb:: with SMTP id 72-v6mr10717015pfr.120.1538729386859; Fri, 05 Oct 2018 01:49:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729386; cv=none; d=google.com; s=arc-20160816; b=PlgEDDDccn5m6TKgYZTBdJwxvCSA3hodx9V2FlhE5zGsUVEIt9qS58ydDpRj2SGKPd ZcqfNBl+bHISqQ0rN+zXW9qJHkyRAiEXEpP3+AS/iIVeA8fAXlZrxz9/KBCQ0CeqcdGw fB0LPLerv2nnfSMNh0l3apHAQgU6ZsQ4P+nIX10U6J4yjocfLyCbAK1FCYsHAQqK7xhK phZSby2Z4+SvZtRsULaXsj07XHAatu0CH6FLLFPCZGwQSDTGct5a2IwSXtXDEyXHitOX qU1KHKzw327uxCTb8KkK/fWMcBBdN0qVv5YIaRxDKxgUArdfqXV/XxjZZN85jBaL7fK6 y63g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=RRpzJ48yQkQsmnWAuN+XnVPpszftbzq88v13+xeWCxg=; b=dL1KKD1KtfmiAI1X5kVAoHTeMfv8krd+CgDmD6txfLkVJ498+eTtgaMXU2uFmBMf5V CgZ1okYPKkRtJxJMn9Tcejw7UsdUc95yhzel8Q3EpFIGJ0kOzW+uP3h+v6/8m+dJdNdK x2Aj/2tK1rH2qlX85joJmTgU0p5FoGzPRmt+WX7BVa0wH4ouGmzX+Qze51dxtQqS5qoX tGVmxCKWAdcLjRKxkL4Vn96bEN2YRg3T0Tc7uN8lxIulUPwdpDyKZr50qYdgKPJ3Nceg q2sOTg5WpFqPU9JhzlHROMA4L9SkqhB4eJ84kwPuBC+lzXwwM+2ynXLDELeN1feajm7X 6P1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h13-v6si6400213pgp.138.2018.10.05.01.49.46; Fri, 05 Oct 2018 01:49:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728707AbeJEPr2 (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:28 -0400 Received: from foss.arm.com ([217.140.101.70]:47738 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728682AbeJEPr2 (ORCPT ); Fri, 5 Oct 2018 11:47:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4546F80D; Fri, 5 Oct 2018 01:49:44 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1050A3F5B3; Fri, 5 Oct 2018 01:49:40 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 01/17] arm64: add pointer authentication register bits Date: Fri, 5 Oct 2018 09:47:38 +0100 Message-Id: <20181005084754.20950-2-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland The ARMv8.3 pointer authentication extension adds: * New fields in ID_AA64ISAR1 to report the presence of pointer authentication functionality. * New control bits in SCTLR_ELx to enable this functionality. * New system registers to hold the keys necessary for this functionality. * A new ESR_ELx.EC code used when the new instructions are affected by configurable traps This patch adds the relevant definitions to and for these, to be used by subsequent patches. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko Cc: Catalin Marinas Cc: Marc Zyngier Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/esr.h | 3 ++- arch/arm64/include/asm/sysreg.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.11.0 Reviewed-by: Will Deacon diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ce70c3ffb993..022785162281 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -30,7 +30,8 @@ #define ESR_ELx_EC_CP14_LS (0x06) #define ESR_ELx_EC_FP_ASIMD (0x07) #define ESR_ELx_EC_CP10_ID (0x08) -/* Unallocated EC: 0x09 - 0x0B */ +#define ESR_ELx_EC_PAC (0x09) +/* Unallocated EC: 0x0A - 0x0B */ #define ESR_ELx_EC_CP14_64 (0x0C) /* Unallocated EC: 0x0d */ #define ESR_ELx_EC_ILL (0x0E) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index c1470931b897..343b7a3c59e0 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -171,6 +171,19 @@ #define SYS_TTBR1_EL1 sys_reg(3, 0, 2, 0, 1) #define SYS_TCR_EL1 sys_reg(3, 0, 2, 0, 2) +#define SYS_APIAKEYLO_EL1 sys_reg(3, 0, 2, 1, 0) +#define SYS_APIAKEYHI_EL1 sys_reg(3, 0, 2, 1, 1) +#define SYS_APIBKEYLO_EL1 sys_reg(3, 0, 2, 1, 2) +#define SYS_APIBKEYHI_EL1 sys_reg(3, 0, 2, 1, 3) + +#define SYS_APDAKEYLO_EL1 sys_reg(3, 0, 2, 2, 0) +#define SYS_APDAKEYHI_EL1 sys_reg(3, 0, 2, 2, 1) +#define SYS_APDBKEYLO_EL1 sys_reg(3, 0, 2, 2, 2) +#define SYS_APDBKEYHI_EL1 sys_reg(3, 0, 2, 2, 3) + +#define SYS_APGAKEYLO_EL1 sys_reg(3, 0, 2, 3, 0) +#define SYS_APGAKEYHI_EL1 sys_reg(3, 0, 2, 3, 1) + #define SYS_ICC_PMR_EL1 sys_reg(3, 0, 4, 6, 0) #define SYS_AFSR0_EL1 sys_reg(3, 0, 5, 1, 0) @@ -419,9 +432,13 @@ #define SYS_ICH_LR15_EL2 __SYS__LR8_EL2(7) /* Common SCTLR_ELx flags. */ +#define SCTLR_ELx_ENIA (1 << 31) +#define SCTLR_ELx_ENIB (1 << 30) +#define SCTLR_ELx_ENDA (1 << 27) #define SCTLR_ELx_EE (1 << 25) #define SCTLR_ELx_IESB (1 << 21) #define SCTLR_ELx_WXN (1 << 19) +#define SCTLR_ELx_ENDB (1 << 13) #define SCTLR_ELx_I (1 << 12) #define SCTLR_ELx_SA (1 << 3) #define SCTLR_ELx_C (1 << 2) @@ -515,11 +532,24 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64isar1 */ +#define ID_AA64ISAR1_GPI_SHIFT 28 +#define ID_AA64ISAR1_GPA_SHIFT 24 #define ID_AA64ISAR1_LRCPC_SHIFT 20 #define ID_AA64ISAR1_FCMA_SHIFT 16 #define ID_AA64ISAR1_JSCVT_SHIFT 12 +#define ID_AA64ISAR1_API_SHIFT 8 +#define ID_AA64ISAR1_APA_SHIFT 4 #define ID_AA64ISAR1_DPB_SHIFT 0 +#define ID_AA64ISAR1_APA_NI 0x0 +#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_API_NI 0x0 +#define ID_AA64ISAR1_API_IMP_DEF 0x1 +#define ID_AA64ISAR1_GPA_NI 0x0 +#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_GPI_NI 0x0 +#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 From patchwork Fri Oct 5 08:47:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148158 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp179914lji; Fri, 5 Oct 2018 01:49:51 -0700 (PDT) X-Google-Smtp-Source: ACcGV60uS0wYVrTQly4//zpxkXCJ6DQ+2Vl6zmNutowkyr/0zg/BAGR0nuabVoVUqv0Mls92Ung+ X-Received: by 2002:a17:902:6a8b:: with SMTP id n11-v6mr10324674plk.16.1538729391531; Fri, 05 Oct 2018 01:49:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729391; cv=none; d=google.com; s=arc-20160816; b=DqZspzFzdFx0aqgn4ahJMgBUBtXkQJfPDy3dhnDAKPTB0+Lo8IYlWJTg8q6j4SvaLe 3y9o7JJcCg4KUL080/B+FVNT/CdHffOcylqYNCo1EmjjgyOfI5WTvmEmpDZPbwL7jsMB TZ6NUg8+5Vv1QRWBQ9lbwphZL9g9St5Cam/O+BdZEJC5Vvr80hhP3RXepVdBgKz1OyCW vwOkQ/gq9zvvqNJAySTVfaeuYcmGEs38fUbUVtW6CfW2MTKTsgeMTynKs2GK9nLHl4px oBDF00EUNpHElWN75Us7PciJ1CP3N8biQfZ0Lk5xMAT2xJtGuxzVk/HS4u0qVIjyHsv8 Jmcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=IrxRymgqHeuWohaz6kfcl7WFW6fKoYRB41sVbsYy63M=; b=q8jdxF4dw/ppRmsutWMdSL8aPa8lJEutHjGlzb5hiPbuapRozo0EuBBcD5sjcsan6f RQtviFoH8Zypv+ZbS262FEQiLXnVbPPGnswR5uv6VvXIZrJdRGa+z9ZcKztdTbTogoBS 296hio237IRFQLPIbFxqm1ZOLpIFASXeMrmtLuWnHBi4YuChtXci2oDUCdZpvFYa2fti Ksbsf7TUXKKUFWlnOTgTQMtf0Vg7GRrxLVdnS8GT7ldMoCPR9B6vrX3DitVXLqzTlrjO Te/fn6AfYzGvUhod2YBfF0MPMm610e71Xkq59MBEhhjBpdHgnYJhSDOzt+1rqbSKnhNW At8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h13-v6si6400213pgp.138.2018.10.05.01.49.51; Fri, 05 Oct 2018 01:49:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728723AbeJEPre (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:34 -0400 Received: from foss.arm.com ([217.140.101.70]:47772 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728283AbeJEPre (ORCPT ); Fri, 5 Oct 2018 11:47:34 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A4D36ED1; Fri, 5 Oct 2018 01:49:49 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 700DC3F5B3; Fri, 5 Oct 2018 01:49:46 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 02/17] arm64/kvm: consistently handle host HCR_EL2 flags Date: Fri, 5 Oct 2018 09:47:39 +0100 Message-Id: <20181005084754.20950-3-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland In KVM we define the configuration of HCR_EL2 for a VHE HOST in HCR_HOST_VHE_FLAGS, but we don't have a similar definition for the non-VHE host flags, and open-code HCR_RW. Further, in head.S we open-code the flags for VHE and non-VHE configurations. In future, we're going to want to configure more flags for the host, so lets add a HCR_HOST_NVHE_FLAGS defintion, and consistently use both HCR_HOST_VHE_FLAGS and HCR_HOST_NVHE_FLAGS in the kvm code and head.S. We now use mov_q to generate the HCR_EL2 value, as we use when configuring other registers in head.S. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko Reviewed-by: Christoffer Dall Cc: Catalin Marinas Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 1 + arch/arm64/kernel/head.S | 5 ++--- arch/arm64/kvm/hyp/switch.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index aa45df752a16..f885f4e96002 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -87,6 +87,7 @@ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ HCR_FMO | HCR_IMO) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) +#define HCR_HOST_NVHE_FLAGS (HCR_RW) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) /* TCR_EL2 Registers bits */ diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index b0853069702f..651a06b1980f 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -494,10 +494,9 @@ ENTRY(el2_setup) #endif /* Hyp configuration. */ - mov x0, #HCR_RW // 64-bit EL1 + mov_q x0, HCR_HOST_NVHE_FLAGS cbz x2, set_hcr - orr x0, x0, #HCR_TGE // Enable Host Extensions - orr x0, x0, #HCR_E2H + mov_q x0, HCR_HOST_VHE_FLAGS set_hcr: msr hcr_el2, x0 isb diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c index ca46153d7915..a1c32c1f2267 100644 --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -157,7 +157,7 @@ static void __hyp_text __deactivate_traps_nvhe(void) mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; write_sysreg(mdcr_el2, mdcr_el2); - write_sysreg(HCR_RW, hcr_el2); + write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2); write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); } From patchwork Fri Oct 5 08:47:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148159 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp179963lji; Fri, 5 Oct 2018 01:49:57 -0700 (PDT) X-Google-Smtp-Source: ACcGV62CxNZ4Mry2mrIKeoWZztMctMQWsiNOJrKlUF9fsvq+Hi/2Pn2MrUPbWzlZ1L+GvYo3GXf9 X-Received: by 2002:a62:cc4:: with SMTP id 65-v6mr10898400pfm.127.1538729397730; Fri, 05 Oct 2018 01:49:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729397; cv=none; d=google.com; s=arc-20160816; b=AyQZyBAGwbfyD09d3z6u8ehBZwY3ekrNNJIzm+qomuvyfzW7wPPm81KhF1ndM5r4Oc fYHgNRrqMXWvqbt6EIFxGINNrrt+JBpQcl0rO++JJXdcf9tdFxcu/VPnNCHu5LsFWzeA Wkm1+ZIyjbpbHmSIb9Xb/+g9KvGtdqnJpYGsbph0UbvsAjh1M3zH7TLw+L8Bvmu0DgTn UcoaVBKbGzZBF9HzkeTHSaQLl7P0U+A3clxi5Bl6QIMnLTqc6XwFyGiI8Hi/bWkLOHMt 4lF6mdLthCNMqgATo+dOn6q+i6SlV4UA/auzMFaeHCT745CuT+AQ6H5YQjocpG/M3Pae LAMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=oNQtS8+KLFtk1Pmuh9ViExtIRHM/mn8hhkAacpYibjg=; b=M+2/0lnnwhGdjmU9DScmSJuIXVFNwQ6y2YJj71Csshq+rTApLAJZyjY9BJZIU25/Lb c6mLDJqdYEvJPNjjYESyFIMTzkuoHrpFRICrr2faixKt5Hm2bgvdlOYmaLEYgAsmXmAb 2bqIIgokgVDoJFVzqE8RehyvkAxTyNLJhvfww6AfJKEzMxHdAzXLmcu83QlMEvR2LEqd R6bZOZGDOWdcAxt/GIxW+D9N+gNpkmPB4MJ2QCI1mhGUO0ysyuBi7dWLgL2o1WbDv6Xn 0/q2nA2I865Ty6llAkKoB2LwlNI8P0+r3UFo/7RDbdznKjUN+O+6UOmE6g/27qMwezOH atXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e92-v6si8102633pld.358.2018.10.05.01.49.57; Fri, 05 Oct 2018 01:49:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728759AbeJEPrj (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:39 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47782 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728743AbeJEPri (ORCPT ); Fri, 5 Oct 2018 11:47:38 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 44E7615AD; Fri, 5 Oct 2018 01:49:54 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1051B3F5B3; Fri, 5 Oct 2018 01:49:50 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 03/17] arm64/kvm: hide ptrauth from guests Date: Fri, 5 Oct 2018 09:47:40 +0100 Message-Id: <20181005084754.20950-4-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland In subsequent patches we're going to expose ptrauth to the host kernel and userspace, but things are a bit trickier for guest kernels. For the time being, let's hide ptrauth from KVM guests. Regardless of how well-behaved the guest kernel is, guest userspace could attempt to use ptrauth instructions, triggering a trap to EL2, resulting in noise from kvm_handle_unknown_ec(). So let's write up a handler for the PAC trap, which silently injects an UNDEF into the guest, as if the feature were really missing. Signed-off-by: Mark Rutland [kristina: fix comment] Signed-off-by: Kristina Martsenko Reviewed-by: Andrew Jones Reviewed-by: Christoffer Dall Cc: Marc Zyngier Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/kvm/handle_exit.c | 18 ++++++++++++++++++ arch/arm64/kvm/sys_regs.c | 8 ++++++++ 2 files changed, 26 insertions(+) -- 2.11.0 diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c index e5e741bfffe1..53759b3c165d 100644 --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -173,6 +173,23 @@ static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run) return 1; } +/* + * Guest usage of a ptrauth instruction (which the guest EL1 did not turn into + * a NOP). + */ +static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu, struct kvm_run *run) +{ + /* + * We don't currently support ptrauth in a guest, and we mask the ID + * registers to prevent well-behaved guests from trying to make use of + * it. + * + * Inject an UNDEF, as if the feature really isn't present. + */ + kvm_inject_undefined(vcpu); + return 1; +} + static exit_handle_fn arm_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec, [ESR_ELx_EC_WFx] = kvm_handle_wfx, @@ -195,6 +212,7 @@ static exit_handle_fn arm_exit_handlers[] = { [ESR_ELx_EC_BKPT32] = kvm_handle_guest_debug, [ESR_ELx_EC_BRK64] = kvm_handle_guest_debug, [ESR_ELx_EC_FP_ASIMD] = handle_no_fpsimd, + [ESR_ELx_EC_PAC] = kvm_handle_ptrauth, }; static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 22fbbdbece3c..1ca592d38c3c 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1040,6 +1040,14 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz) kvm_debug("SVE unsupported for guests, suppressing\n"); val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT); + } else if (id == SYS_ID_AA64ISAR1_EL1) { + const u64 ptrauth_mask = (0xfUL << ID_AA64ISAR1_APA_SHIFT) | + (0xfUL << ID_AA64ISAR1_API_SHIFT) | + (0xfUL << ID_AA64ISAR1_GPA_SHIFT) | + (0xfUL << ID_AA64ISAR1_GPI_SHIFT); + if (val & ptrauth_mask) + kvm_debug("ptrauth unsupported for guests, suppressing\n"); + val &= ~ptrauth_mask; } else if (id == SYS_ID_AA64MMFR1_EL1) { if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT)) kvm_debug("LORegions unsupported for guests, suppressing\n"); From patchwork Fri Oct 5 08:47:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148160 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180006lji; Fri, 5 Oct 2018 01:50:01 -0700 (PDT) X-Google-Smtp-Source: ACcGV62Tmqvy+IPRHr4j/dHkr9/bpEYZ/dSauUc1NaD5PCogB8KkN5TT/jT7r19AUIixiPw4xdK7 X-Received: by 2002:a63:4907:: with SMTP id w7-v6mr9227324pga.123.1538729401530; Fri, 05 Oct 2018 01:50:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729401; cv=none; d=google.com; s=arc-20160816; b=Baw/Acz8sXw0vIO20H0XzwfhT7QYaHD8pDRfnVipPMGiYE/6CquqDGWTkErV/HMeSv yuolW9BkaNcr1Z1WCj1f82re8YSXi/Vh1j0+OpUIFh4eoD6o5XQh+g64ZQH75QDBiFTp OeLiMBlRvXVWCuO4+2bPZWM7GKUTwzfM4mD19XR2mNUUUJjvEM89GhmR7lNX+jNg+bub hox6/NrSAKKurL39KKi8AvM6UgUGVyzuEY5Lh8Hg43Xuv245JRe/UZYke1poaLw2dO+m K8jIk9DHm4puZxhGfx/FocnDrMgmctPCaTnbQOvol6tcGpIwBR37AbXYGJFalcc61FRt GNwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=IJC+bErrrPCxZKrk0SrvFxVMowYvffsVjpH9R0nOJEo=; b=Sosl/FS0IcXhnjnAlI+8xXxSRC39ht6KjDbedIwbYj75ckodBJpeswfmuoTGB9W1Ge dKaR19uILGMHK7T6T+haK0L1R0e5SecAoiVIW5di+shJcbhCYIgcYw65ZlqiNhwP+o9Y WiSHxl9zOGX0jJNP1IPqObzpIG/JSv3Zqc4e+AXOZAqGitAc28hnbOhaNYloTHaM7sJ9 lfE2gK5bi0HYs/R4uHDgrujQGQnaRePo9j7ICNZF+iRj57UpBqkMcp3H/VqylWZRky6v 8xXQ3jAR1t39iJ+jp06dFNufMRh3CGRWPODTpmzkXYZIAqgcY1xckNf7EeS9MIiIryip dIgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e92-v6si8102633pld.358.2018.10.05.01.50.01; Fri, 05 Oct 2018 01:50:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728772AbeJEPrn (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:43 -0400 Received: from foss.arm.com ([217.140.101.70]:47816 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728625AbeJEPrm (ORCPT ); Fri, 5 Oct 2018 11:47:42 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AF5DD15BE; Fri, 5 Oct 2018 01:49:58 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 79D113F5B3; Fri, 5 Oct 2018 01:49:55 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 04/17] arm64: Don't trap host pointer auth use to EL2 Date: Fri, 5 Oct 2018 09:47:41 +0100 Message-Id: <20181005084754.20950-5-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland To allow EL0 (and/or EL1) to use pointer authentication functionality, we must ensure that pointer authentication instructions and accesses to pointer authentication keys are not trapped to EL2. This patch ensures that HCR_EL2 is configured appropriately when the kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK}, ensuring that EL1 can access keys and permit EL0 use of instructions. For VHE kernels host EL0 (TGE && E2H) is unaffected by these settings, and it doesn't matter how we configure HCR_EL2.{API,APK}, so we don't bother setting them. This does not enable support for KVM guests, since KVM manages HCR_EL2 itself when running VMs. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko Acked-by: Christoffer Dall Cc: Catalin Marinas Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index f885f4e96002..1405bb24acac 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -24,6 +24,8 @@ /* Hyp Configuration Register (HCR) bits */ #define HCR_FWB (UL(1) << 46) +#define HCR_API (UL(1) << 41) +#define HCR_APK (UL(1) << 40) #define HCR_TEA (UL(1) << 37) #define HCR_TERR (UL(1) << 36) #define HCR_TLOR (UL(1) << 35) @@ -87,7 +89,7 @@ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ HCR_FMO | HCR_IMO) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) -#define HCR_HOST_NVHE_FLAGS (HCR_RW) +#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) /* TCR_EL2 Registers bits */ From patchwork Fri Oct 5 08:47:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148161 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180069lji; Fri, 5 Oct 2018 01:50:06 -0700 (PDT) X-Google-Smtp-Source: ACcGV62KmsBS6BvvFjG4XomqGK7YJoDU5VQTyQp6vqHjeuVDASA9NNjRrZ0t4XS05WVZQfzszgyD X-Received: by 2002:a17:902:a50e:: with SMTP id s14-v6mr10548532plq.78.1538729406196; Fri, 05 Oct 2018 01:50:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729406; cv=none; d=google.com; s=arc-20160816; b=Ys1a637Jb7VQQ/onEeMm5jic03g/EXr0pFAVxXlmz4zCYwEfyxB+1BxQGhX42j7iN8 n/eeT4baOFlfynRS/ehKgV6YKO6BKCGzD2YrZuubf7zqfAonXftcG1wEL+qz20NwiRDe uQPX+H0ca4sCmCD/6Q6zu3Bm4jaxrMQBUU+Oyg6hsM/r2kCtWGhpX3mniBvR2u1S0lS4 P21O4B8gLdXarRWpBlhpypiXZSgZTL4FccMaFVrcQ7ekiqWUOAjQjx1vmjx9QmC5PYWI QWGSeQKEKU4OK+6N0KMbd0IU5Lnoapk8hzol3KB+PkQdv4Y5gx77csaCcBw7vdntkZvC kofA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=dYIaC0CsuxN/vF2aDzIvnSc8U4Za1/SyXlByTm2hm+M=; b=O0+LWY/aCE/7fKv7TRMU9tPLiPZkC/uj9DvZNzd7Utcv9XvUyrTaEjbubUT3fR/iru V0sTiuDPcuxBt7f2/j5zReBUUCYjYN3i9kuUC/IIYH9n/YbvpgxNIH2kJrdvwpF+tV6O AjqlNOEHLdyaBDEnFsmkcLZHFp46VWoRsYdSllCOJrRTtRo3GBAw8Az5ciLOHBlPYU3u k5W6vEbc2XDnKAx5CtiA8fn+1u8MK7e3qgXVnyYVWnejiXiFaaCgNuPthtUPbvUqKf0x 9UfSpHkSeyWykso7S1h1X9oKuWOl7CIA6AlKsB71Q+pKAkpWNTomimxBAtazHlqbYri0 wDLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b13-v6si7351773pgj.154.2018.10.05.01.50.05; Fri, 05 Oct 2018 01:50:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728794AbeJEPrs (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:48 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47842 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728625AbeJEPrr (ORCPT ); Fri, 5 Oct 2018 11:47:47 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 191F51650; Fri, 5 Oct 2018 01:50:03 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D79A33F5B3; Fri, 5 Oct 2018 01:49:59 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 05/17] arm64/cpufeature: detect pointer authentication Date: Fri, 5 Oct 2018 09:47:42 +0100 Message-Id: <20181005084754.20950-6-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland So that we can dynamically handle the presence of pointer authentication functionality, wire up probing code in cpufeature.c. >From ARMv8.3 onwards, ID_AA64ISAR1 is no longer entirely RES0, and now has four fields describing the presence of pointer authentication functionality: * APA - address authentication present, using an architected algorithm * API - address authentication present, using an IMP DEF algorithm * GPA - generic authentication present, using an architected algorithm * GPI - generic authentication present, using an IMP DEF algorithm For the moment we only care about address authentication, so we only need to check APA and API. It is assumed that if all CPUs support an IMP DEF algorithm, the same algorithm is used across all CPUs. Note that when we implement KVM support, we will also need to ensure that CPUs have uniform support for GPA and GPI. Signed-off-by: Mark Rutland [kristina: update cpucap numbers] Signed-off-by: Kristina Martsenko Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/cpucaps.h | 5 ++++- arch/arm64/kernel/cpufeature.c | 47 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index ae1f70450fb2..276d4c95aa3c 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -51,7 +51,10 @@ #define ARM64_SSBD 30 #define ARM64_MISMATCHED_CACHE_TYPE 31 #define ARM64_HAS_STAGE2_FWB 32 +#define ARM64_HAS_ADDRESS_AUTH_ARCH 33 +#define ARM64_HAS_ADDRESS_AUTH_IMP_DEF 34 +#define ARM64_HAS_ADDRESS_AUTH 35 -#define ARM64_NCAPS 33 +#define ARM64_NCAPS 36 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index e238b7932096..0dd171c7d71e 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -142,6 +142,10 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_API_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_APA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -1035,6 +1039,22 @@ static void cpu_has_fwb(const struct arm64_cpu_capabilities *__unused) WARN_ON(val & (7 << 27 | 7 << 21)); } +#ifdef CONFIG_ARM64_PTR_AUTH +static bool has_address_auth(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + u64 isar1 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR1_EL1); + bool api, apa; + + apa = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_APA_SHIFT) > 0; + api = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_API_SHIFT) > 0; + + return apa || api; +} +#endif /* CONFIG_ARM64_PTR_AUTH */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1222,6 +1242,33 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_hw_dbm, }, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + { + .desc = "Address authentication (architected algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_ARCH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_APA_SHIFT, + .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, + .matches = has_cpuid_feature, + }, + { + .desc = "Address authentication (IMP DEF algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_IMP_DEF, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_API_SHIFT, + .min_field_value = ID_AA64ISAR1_API_IMP_DEF, + .matches = has_cpuid_feature, + }, + { + .capability = ARM64_HAS_ADDRESS_AUTH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_address_auth, + }, +#endif /* CONFIG_ARM64_PTR_AUTH */ {}, }; From patchwork Fri Oct 5 08:47:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148162 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180141lji; Fri, 5 Oct 2018 01:50:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV60p2IaTKgxp4XOAoShRk40UwtNJ8mIAeiVenZZE/N16zKAJuH2FFlUjsqqiB6NINUL3qJ+R X-Received: by 2002:a17:902:6102:: with SMTP id t2-v6mr10223470plj.278.1538729409719; Fri, 05 Oct 2018 01:50:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729409; cv=none; d=google.com; s=arc-20160816; b=Zn6CQgBHi/rgaoAcvwHOq2476oA3JNmeX6wvcVMVHVwiWzl3VoOC+zc8FQfi1O08Bz +nsOxfFnOP5CZa9rw6RawN/hsOIJc3ydVKamZ1fyMKqfhBHlq2ICK0tGAS1LYYRq47l8 WzABtG043dmm0/wmUzVcPeaAAKhjgd3tbeDyhLEIEl/at4SsjAuLdRAuQf8Nx1n0bGAM +3M8eKRRt9ffX3+yv0MUuBu6JvRt+a0ms2CYNQn82P8jkbJ/y4cj7pWNd03o5Hc/Gcx6 wlg+V+Me/LRzCzfSqdHczE9+kOZDFUkO+5pyaCJzPFFqlMy1hLD3LJNw+bhVDBK3DWGA Topw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=npue0S9qngdRfocSnc2TJI6vLsApR4OXDeytfCminkA=; b=S9xofeiX9rWdqVb+5thYYXlCuKjO9QGKM8bDoV3Qnobhx6Igs5WQrpqc6dSln5SM9u F+F1uVS4KH/iN+vboUzYpzlK2eAX1akZPgLyEtLxmjqNYClS4stxc3tQSdnSDhuXoM+g FT5WeqeJ4om8Zugk3j64oOolvJMcrgo8ydjmLCY9wCAvu2ajbD1vnTB3dB1CBHTU6Y+M bBETJ7i+h/qu301NcZvjy6EbdxG3h6cUqTbOuzvC7q/RgwWYTZYzDlEq4wE+Quz5lAcV NM75o+FdlJSeam009q5xNNrIf4NDA9RNxgpCu3L06lSa8TOm+GLnWJW1smAgpt360jq8 gnvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b13-v6si7351773pgj.154.2018.10.05.01.50.09; Fri, 05 Oct 2018 01:50:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728809AbeJEPrw (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:52 -0400 Received: from foss.arm.com ([217.140.101.70]:47856 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728587AbeJEPrv (ORCPT ); Fri, 5 Oct 2018 11:47:51 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7DE9815BF; Fri, 5 Oct 2018 01:50:07 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 48FD03F5B3; Fri, 5 Oct 2018 01:50:04 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 06/17] asm-generic: mm_hooks: allow hooks to be overridden individually Date: Fri, 5 Oct 2018 09:47:43 +0100 Message-Id: <20181005084754.20950-7-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland Currently, an architecture must either implement all of the mm hooks itself, or use all of those provided by the asm-generic implementation. When an architecture only needs to override a single hook, it must copy the stub implementations from the asm-generic version. To avoid this repetition, allow each hook to be overridden indiviually, by placing each under an #ifndef block. As architectures providing their own hooks can't include this file today, this shouldn't adversely affect any existing hooks. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko Acked-by: Arnd Bergmann Cc: linux-arch@vger.kernel.org --- include/asm-generic/mm_hooks.h | 11 +++++++++++ 1 file changed, 11 insertions(+) -- 2.11.0 diff --git a/include/asm-generic/mm_hooks.h b/include/asm-generic/mm_hooks.h index 8ac4e68a12f0..2b3ee15d3702 100644 --- a/include/asm-generic/mm_hooks.h +++ b/include/asm-generic/mm_hooks.h @@ -7,31 +7,42 @@ #ifndef _ASM_GENERIC_MM_HOOKS_H #define _ASM_GENERIC_MM_HOOKS_H +#ifndef arch_dup_mmap static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) { return 0; } +#endif +#ifndef arch_exit_mmap static inline void arch_exit_mmap(struct mm_struct *mm) { } +#endif +#ifndef arch_unmap static inline void arch_unmap(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long start, unsigned long end) { } +#endif +#ifndef arch_bprm_mm_init static inline void arch_bprm_mm_init(struct mm_struct *mm, struct vm_area_struct *vma) { } +#endif +#ifndef arch_vma_access_permitted static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { /* by default, allow everything */ return true; } +#endif + #endif /* _ASM_GENERIC_MM_HOOKS_H */ From patchwork Fri Oct 5 08:47:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148163 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180213lji; Fri, 5 Oct 2018 01:50:14 -0700 (PDT) X-Google-Smtp-Source: ACcGV63gP3m6XQ6Of8/Vh2ErTi/7BwtnfCyr4Q6m4v8xWomNezRgdeE5X4LdiSAUZPteTHCCP/KI X-Received: by 2002:a63:9c3:: with SMTP id 186-v6mr9324500pgj.249.1538729414707; Fri, 05 Oct 2018 01:50:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729414; cv=none; d=google.com; s=arc-20160816; b=DImowsiLYGSZRne+rAkCAscGOKUsq6Ca7QvKVy6AdqwVPjqXwJPKItylXnqB2uaQRD BjwEaQ1Im+Dgi4zF9S4RyFybQ7Dv+ithmOaTipBIsW9RVnhylyZLZLaJTa8kp99JBv/V HzwbNAQ4wJarvCXreI/ElV5ArW9jSQr75DLnVcYwTvLivn0ypihT6fDoIWHFBKDIp2V2 mr8lO3LN3ipERr3KJg+Vg/5YJxcVoAIxuk6BOP5/0qGbC5w3BjlgTCLy4qaGZGt+nXiJ H8FK85Hq4+8DCdAdna8sdziDPHycE2lqIGEm/3VQGZgrqXeEjF4f1PLIDSyDTwcb0MTh ONbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=X9VNFR2Mca9Xb7fZD7ZMjS6wGUV4haBQwV7Xj4Eg+EY=; b=BsGPDTLgn24ID/UxyL8Q5yZERxm+MQVDFZZS02ID2Pzh3aZZ69VXop6gJczydeYFvL O2DdeQ7OybaZwnjxcIgJnkNwvkxT+8GfWTUSBAK0DtwpP3bBDLOPyDEMZiRW6BgQjdrV 1DDtHpETV8gbcTA+ggpUGQQ5qxF0Ld26KOxoandeHJefTihirCGEmyH+Fa5CpM9QFbhG MpnIvPjB6M68EH9B638wBhwNn9O9QaKc6/dza0sno4ENZklZbx4e0tCf/VMV5srxtghq kGsDCDxRkhesAN23+q+/XAAgdG92j31dwj8looZOW484g9Qkvoxog9MIvI0o1JMMgMZE qc0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 66-v6si3746899pla.180.2018.10.05.01.50.14; Fri, 05 Oct 2018 01:50:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728826AbeJEPr4 (ORCPT + 32 others); Fri, 5 Oct 2018 11:47:56 -0400 Received: from foss.arm.com ([217.140.101.70]:47876 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728587AbeJEPr4 (ORCPT ); Fri, 5 Oct 2018 11:47:56 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C844B80D; Fri, 5 Oct 2018 01:50:11 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 933E03F5B3; Fri, 5 Oct 2018 01:50:08 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 07/17] arm64: add basic pointer authentication support Date: Fri, 5 Oct 2018 09:47:44 +0100 Message-Id: <20181005084754.20950-8-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland This patch adds basic support for pointer authentication, allowing userspace to make use of APIAKey. The kernel maintains an APIAKey value for each process (shared by all threads within), which is initialised to a random value at exec() time. To describe that address authentication instructions are available, the ID_AA64ISAR0.{APA,API} fields are exposed to userspace. A new hwcap, APIA, is added to describe that the kernel manages APIAKey. Instructions using other keys (APIBKey, APDAKey, APDBKey) are disabled, and will behave as NOPs. These may be made use of in future patches. No support is added for the generic key (APGAKey), though this cannot be trapped or made to behave as a NOP. Its presence is not advertised with a hwcap. Signed-off-by: Mark Rutland [kristina: init keys in arch_bprm_mm_init; add AA64ISAR1.API HWCAP_CAP; use sysreg_clear_set] Signed-off-by: Kristina Martsenko Tested-by: Adam Wallis Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/mmu.h | 5 +++ arch/arm64/include/asm/mmu_context.h | 16 ++++++++- arch/arm64/include/asm/pointer_auth.h | 63 +++++++++++++++++++++++++++++++++++ arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 10 ++++++ arch/arm64/kernel/cpuinfo.c | 1 + 6 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/pointer_auth.h -- 2.11.0 diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index dd320df0d026..f6480ea7b0d5 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -25,10 +25,15 @@ #ifndef __ASSEMBLY__ +#include + typedef struct { atomic64_t id; void *vdso; unsigned long flags; +#ifdef CONFIG_ARM64_PTR_AUTH + struct ptrauth_keys ptrauth_keys; +#endif } mm_context_t; /* diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 39ec0b8a689e..983f80925566 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -29,7 +29,6 @@ #include #include #include -#include #include #include #include @@ -216,6 +215,8 @@ static inline void __switch_mm(struct mm_struct *next) return; } + mm_ctx_ptrauth_switch(&next->context); + check_and_switch_context(next, cpu); } @@ -241,6 +242,19 @@ switch_mm(struct mm_struct *prev, struct mm_struct *next, void verify_cpu_asid_bits(void); void post_ttbr_update_workaround(void); +static inline void arch_bprm_mm_init(struct mm_struct *mm, + struct vm_area_struct *vma) +{ + mm_ctx_ptrauth_init(&mm->context); +} +#define arch_bprm_mm_init arch_bprm_mm_init + +/* + * We need to override arch_bprm_mm_init before including the generic hooks, + * which are otherwise sufficient for us. + */ +#include + #endif /* !__ASSEMBLY__ */ #endif /* !__ASM_MMU_CONTEXT_H */ diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h new file mode 100644 index 000000000000..2aefedc31d9e --- /dev/null +++ b/arch/arm64/include/asm/pointer_auth.h @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0 +#ifndef __ASM_POINTER_AUTH_H +#define __ASM_POINTER_AUTH_H + +#include + +#include +#include + +#ifdef CONFIG_ARM64_PTR_AUTH +/* + * Each key is a 128-bit quantity which is split across a pair of 64-bit + * registers (Lo and Hi). + */ +struct ptrauth_key { + unsigned long lo, hi; +}; + +/* + * We give each process its own instruction A key (APIAKey), which is shared by + * all threads. This is inherited upon fork(), and reinitialised upon exec*(). + * All other keys are currently unused, with APIBKey, APDAKey, and APBAKey + * instructions behaving as NOPs. + */ +struct ptrauth_keys { + struct ptrauth_key apia; +}; + +static inline void ptrauth_keys_init(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + get_random_bytes(keys, sizeof(*keys)); +} + +#define __ptrauth_key_install(k, v) \ +do { \ + struct ptrauth_key __pki_v = (v); \ + write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1); \ + write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1); \ +} while (0) + +static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + __ptrauth_key_install(APIA, keys->apia); +} + +#define mm_ctx_ptrauth_init(ctx) \ + ptrauth_keys_init(&(ctx)->ptrauth_keys) + +#define mm_ctx_ptrauth_switch(ctx) \ + ptrauth_keys_switch(&(ctx)->ptrauth_keys) + +#else /* CONFIG_ARM64_PTR_AUTH */ +#define mm_ctx_ptrauth_init(ctx) +#define mm_ctx_ptrauth_switch(ctx) +#endif /* CONFIG_ARM64_PTR_AUTH */ + +#endif /* __ASM_POINTER_AUTH_H */ diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 17c65c8f33cb..01f02ac500ae 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -48,5 +48,6 @@ #define HWCAP_USCAT (1 << 25) #define HWCAP_ILRCPC (1 << 26) #define HWCAP_FLAGM (1 << 27) +#define HWCAP_APIA (1 << 28) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 0dd171c7d71e..3157685aa56a 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1040,6 +1040,11 @@ static void cpu_has_fwb(const struct arm64_cpu_capabilities *__unused) } #ifdef CONFIG_ARM64_PTR_AUTH +static void cpu_enable_address_auth(struct arm64_cpu_capabilities const *cap) +{ + sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_ENIA); +} + static bool has_address_auth(const struct arm64_cpu_capabilities *entry, int __unused) { @@ -1267,6 +1272,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .capability = ARM64_HAS_ADDRESS_AUTH, .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_address_auth, + .cpu_enable = cpu_enable_address_auth, }, #endif /* CONFIG_ARM64_PTR_AUTH */ {}, @@ -1314,6 +1320,10 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { #ifdef CONFIG_ARM64_SVE HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE), #endif +#ifdef CONFIG_ARM64_PTR_AUTH + HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_APIA), + HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_APIA), +#endif {}, }; diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index e9ab7b3ed317..608411e3aaff 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -81,6 +81,7 @@ static const char *const hwcap_str[] = { "uscat", "ilrcpc", "flagm", + "apia", NULL }; From patchwork Fri Oct 5 08:47:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148164 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180260lji; Fri, 5 Oct 2018 01:50:18 -0700 (PDT) X-Google-Smtp-Source: ACcGV61jmenUpu5KLbHS3tTm2IoCJrBNEu0U1UmVjaEican7Pv+ZHwcDxsPW27drxVMLgPRRvfSx X-Received: by 2002:a63:7f0e:: with SMTP id a14-v6mr9249543pgd.296.1538729418385; Fri, 05 Oct 2018 01:50:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729418; cv=none; d=google.com; s=arc-20160816; b=gsxvtIoy36I2pdSfrc43p0J1l77mwv1Q9+6Trk3Y+3M+fjZ7kM0PEufMlvnDbGRgt4 s5599slIcCjf69+0vyQZIWHV2ylNxniGo4B+EE+V4d5dD61tcwWNTFO0p7APY9uc8GBW ZXuhZ6zjh1W8d+OqFHAaPimmpdAR1rDl20DdfCZjbBERZrhEdr8zDkq1O83sfJ755FSo qAu59/IFhay/EaSCyv5KxiIPQnd/BPnJRmuccofME2nAQ8j2urtyID/EZF7yNuL5ZHe9 /rw8xWQNOopQPRMvEkz5BTUSRbCu4V2WOg2P8Qhz8L8Hfd/tMdxB9DoJuSxoBIPbqsCJ FVzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=H1owDqpG3yd1ygvH/PE3SJPSIDILtKe5kkZYjvn6WxU=; b=Ue544m7Qn6tQHD3S/ODwcTAk5zfdgzF2XdPXtlMrnp5zxEADIH1Gae6flu2G0kvmiv bicApQAsRSEfTOord8rZfskXJ1TQ3yAn3xfLc1MCm0SBUD+y5opRAUVqF1epQbATg8qp bRnBwYgeCEA9V6d+rEv77pTFbtLu1AZmty4Hsnz+FuxWj1x3+agrlIhdU/5W6yogXs/x ci/cnyGOAs0nbh0ElHi/hm6aeCamPyhLLasIwVG+RqK+SUlNcyPIrdderOkXMY9RF5ZK r2OeYDqKhbzvCrgUHfYjoR0iHchzCJqRPlUgxsu4noZ2vi/oVXDkdOiJBY7aNxnND2tq CgtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 66-v6si3746899pla.180.2018.10.05.01.50.18; Fri, 05 Oct 2018 01:50:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728848AbeJEPsA (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:00 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47902 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728587AbeJEPsA (ORCPT ); Fri, 5 Oct 2018 11:48:00 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 127291684; Fri, 5 Oct 2018 01:50:16 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D1C5A3F5B3; Fri, 5 Oct 2018 01:50:12 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 08/17] arm64: expose user PAC bit positions via ptrace Date: Fri, 5 Oct 2018 09:47:45 +0100 Message-Id: <20181005084754.20950-9-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland When pointer authentication is in use, data/instruction pointers have a number of PAC bits inserted into them. The number and position of these bits depends on the configured TCR_ELx.TxSZ and whether tagging is enabled. ARMv8.3 allows tagging to differ for instruction and data pointers. For userspace debuggers to unwind the stack and/or to follow pointer chains, they need to be able to remove the PAC bits before attempting to use a pointer. This patch adds a new structure with masks describing the location of the PAC bits in userspace instruction and data pointers (i.e. those addressable via TTBR0), which userspace can query via PTRACE_GETREGSET. By clearing these bits from pointers (and replacing them with the value of bit 55), userspace can acquire the PAC-less versions. This new regset is exposed when the kernel is built with (user) pointer authentication support, and the feature is enabled. Otherwise, it is hidden. Signed-off-by: Mark Rutland [kristina: cpus_have_cap -> cpus_have_const_cap] Signed-off-by: Kristina Martsenko Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- arch/arm64/include/asm/pointer_auth.h | 8 ++++++++ arch/arm64/include/uapi/asm/ptrace.h | 7 +++++++ arch/arm64/kernel/ptrace.c | 38 +++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 4 files changed, 54 insertions(+) -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 2aefedc31d9e..15486079e9ec 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -2,9 +2,11 @@ #ifndef __ASM_POINTER_AUTH_H #define __ASM_POINTER_AUTH_H +#include #include #include +#include #include #ifdef CONFIG_ARM64_PTR_AUTH @@ -49,6 +51,12 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) __ptrauth_key_install(APIA, keys->apia); } +/* + * The EL0 pointer bits used by a pointer authentication code. + * This is dependent on TBI0 being enabled, or bits 63:56 would also apply. + */ +#define ptrauth_pac_mask() GENMASK(54, VA_BITS) + #define mm_ctx_ptrauth_init(ctx) \ ptrauth_keys_init(&(ctx)->ptrauth_keys) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 98c4ce55d9c3..4994d718771a 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -228,6 +228,13 @@ struct user_sve_header { SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags) \ : SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags)) +/* pointer authentication masks (NT_ARM_PAC_MASK) */ + +struct user_pac_mask { + __u64 data_mask; + __u64 insn_mask; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 6219486fa25f..cb8246f8c603 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -958,6 +959,30 @@ static int sve_set(struct task_struct *target, #endif /* CONFIG_ARM64_SVE */ +#ifdef CONFIG_ARM64_PTR_AUTH +static int pac_mask_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) +{ + /* + * The PAC bits can differ across data and instruction pointers + * depending on TCR_EL1.TBID*, which we may make use of in future, so + * we expose separate masks. + */ + unsigned long mask = ptrauth_pac_mask(); + struct user_pac_mask uregs = { + .data_mask = mask, + .insn_mask = mask, + }; + + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return -EINVAL; + + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &uregs, 0, -1); +} +#endif /* CONFIG_ARM64_PTR_AUTH */ + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -970,6 +995,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_SVE REGSET_SVE, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + REGSET_PAC_MASK, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1039,6 +1067,16 @@ static const struct user_regset aarch64_regsets[] = { .get_size = sve_get_size, }, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + [REGSET_PAC_MASK] = { + .core_note_type = NT_ARM_PAC_MASK, + .n = sizeof(struct user_pac_mask) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .get = pac_mask_get, + /* this cannot be set dynamically */ + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index c5358e0ae7c5..3f23273d690c 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -420,6 +420,7 @@ typedef struct elf64_shdr { #define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */ #define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */ #define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension registers */ +#define NT_ARM_PAC_MASK 0x406 /* ARM pointer authentication code masks */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Fri Oct 5 08:47:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148165 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180328lji; Fri, 5 Oct 2018 01:50:23 -0700 (PDT) X-Google-Smtp-Source: ACcGV63FJ+0Nq0Qb/G8Fanm2VJM3rnBQ8tc0mo/Jb+XI674qHpYaI9QIKlEq8fnyCBraVWis9yFx X-Received: by 2002:a62:85cb:: with SMTP id m72-v6mr10761359pfk.173.1538729423157; Fri, 05 Oct 2018 01:50:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729423; cv=none; d=google.com; s=arc-20160816; b=rdUPuXfEa1H4cp9bAWKqMUFfaFrIhu0YRExGfTilzTCtLb3icO6Zc0Gb7XZOLI2/oa LdL2vNGMiXDnpGCi6zarxXHKjWIYWOlpLoFhNDzdOAw07Me+z7gTitx7tBOLkOY61H0d t4yoTtYq18kh8qcxJnNuUO0rVD4SYC85LeARkxcQv+9b1HooObQ7LTYLhF5hM7+uXJCp 0y1CZYn4vTWomTWnbZ8SgO3pZSZ9pl78xESejzI2Qke++EnsvzUKn2e0yQd2nX5bsMcx 0cQNdFey9/iwr6lO6NCqjXJ7gnE3khSTCQF49KkuZ2g5jGduqe3kQ175ETfXp+asVHBI OLjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=2bWVTRCfEWijMRQjUg5R6tLPVRRhfmCkYP+tuaBrysw=; b=haRsBkm5SIyf7kjlJIKPsl43EUpHyOsnYLMC5mJ1aS8TWVEMs4kRUdxLt87BgTRtFI 8VqkFpuvZdqN//kcADL3liShKiXWLxQh1kD0jJHYws2G7+rSi4J+p7LJ4jXUPe2mS7l8 nKzb4x0xpQ5de6i4MV24l9DKTDwSP3nnhSjr6gVFk0JMIvpeUfVY07Hr9qxaIORBi+SM ozPlda7+5HgJFTP2hlOg28UKwmUMLSaHFS/maXlQX5LNglrkXWhaiT85ncIHAdOZl8WU KWb+G938sqpv+miaLQbPhJCkCKEhjGANy/kmxSAZgwTDGaDAiVNzDeDsImtUGqEXk4r8 3yNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s12-v6si6336911pgr.98.2018.10.05.01.50.22; Fri, 05 Oct 2018 01:50:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728866AbeJEPsF (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:05 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47920 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbeJEPsE (ORCPT ); Fri, 5 Oct 2018 11:48:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8F6F2ED1; Fri, 5 Oct 2018 01:50:20 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5A9CB3F5B3; Fri, 5 Oct 2018 01:50:17 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 09/17] arm64: perf: strip PAC when unwinding userspace Date: Fri, 5 Oct 2018 09:47:46 +0100 Message-Id: <20181005084754.20950-10-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland When the kernel is unwinding userspace callchains, we can't expect that the userspace consumer of these callchains has the data necessary to strip the PAC from the stored LR. This patch has the kernel strip the PAC from user stackframes when the in-kernel unwinder is used. This only affects the LR value, and not the FP. This only affects the in-kernel unwinder. When userspace performs unwinding, it is up to userspace to strip PACs as necessary (which can be determined from DWARF information). Signed-off-by: Mark Rutland [kristina: add pointer_auth.h #include] Signed-off-by: Kristina Martsenko Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- arch/arm64/include/asm/pointer_auth.h | 7 +++++++ arch/arm64/kernel/perf_callchain.c | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 15486079e9ec..f5a4b075be65 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -57,6 +57,12 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) */ #define ptrauth_pac_mask() GENMASK(54, VA_BITS) +/* Only valid for EL0 TTBR0 instruction pointers */ +static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) +{ + return ptr & ~ptrauth_pac_mask(); +} + #define mm_ctx_ptrauth_init(ctx) \ ptrauth_keys_init(&(ctx)->ptrauth_keys) @@ -64,6 +70,7 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) ptrauth_keys_switch(&(ctx)->ptrauth_keys) #else /* CONFIG_ARM64_PTR_AUTH */ +#define ptrauth_strip_insn_pac(lr) (lr) #define mm_ctx_ptrauth_init(ctx) #define mm_ctx_ptrauth_switch(ctx) #endif /* CONFIG_ARM64_PTR_AUTH */ diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c index bcafd7dcfe8b..94754f07f67a 100644 --- a/arch/arm64/kernel/perf_callchain.c +++ b/arch/arm64/kernel/perf_callchain.c @@ -18,6 +18,7 @@ #include #include +#include #include struct frame_tail { @@ -35,6 +36,7 @@ user_backtrace(struct frame_tail __user *tail, { struct frame_tail buftail; unsigned long err; + unsigned long lr; /* Also check accessibility of one struct frame_tail beyond */ if (!access_ok(VERIFY_READ, tail, sizeof(buftail))) @@ -47,7 +49,9 @@ user_backtrace(struct frame_tail __user *tail, if (err) return NULL; - perf_callchain_store(entry, buftail.lr); + lr = ptrauth_strip_insn_pac(buftail.lr); + + perf_callchain_store(entry, lr); /* * Frame pointers should strictly progress back up the stack From patchwork Fri Oct 5 08:47:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148166 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180387lji; Fri, 5 Oct 2018 01:50:27 -0700 (PDT) X-Google-Smtp-Source: ACcGV62iM+d62JpuGvT2Ea+ihwilfhMdEcfzngD3ubjSt12NcwTgo7m95+/yiUC+BTqKzVTZ3CSE X-Received: by 2002:a62:509a:: with SMTP id g26-v6mr10672894pfj.62.1538729427537; Fri, 05 Oct 2018 01:50:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729427; cv=none; d=google.com; s=arc-20160816; b=tmyzqmoi8+61oKPp2z1mNVoXsE9ddVUOVtKtMhm/9QfLkhLPfoWJh0dYYtOSaeYdE6 xIxrtjLwImUrpNuS34BGTXcx/X+pZeCgDF4TMMYYnMd1Hh5hAb0DDc6X2TzpoAN6rdxR RC6KtrFhpMFh9aNCOyJs7mmG+MSOJlr2RYe3I5MpsccIhv2Xx4AvNif/8hyJUi0+zqxE 1YRvk1C4PqEq8WOtKQCobDOvatsz8S5lWCC7A7kirExKWpexQLcrLoB1D7rQr5JxCU6H IkCLdth1cfdKb/KO0UgfRQpWty71noftaqWEsDMgWEoAqB34TDUkoyeToSR1o8SmX+6A 9Zwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=D/EWroOlXWnyjHMgJfJ0Vl9eiUr6vt/X7RRF6AXTveM=; b=V8OhdA7Q1HhBw2vySGy8aB+kQ4rvi4XegvXiWTtnCQYOHH/y9+pMT97b7+0J4Xf62p PrDQXHQAZ0a7B4FsHrzoFHfXjd36vgwkxOgN1BxERqk7pXQK0U8+6DnsFM+2exX+6nzc 3XfXVkaKOkidILkuGTIY0Tuv3K48+eOeB5XH664LmhLx7AoCFNsls9pRpa1xi785yhrl ygEefB2/UkuzAsU1EtZ73MxTdxqvEvAuGKzmrg/A42jifqCq6Yuu3EL6SiMqpLIUXRfN Iee2Bp+YZQziDTszOGVsAWDyCR/pstLF93jd5xL9iOXQ6qyaLYrVg06huUNOFA8KolGl eP/w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o24-v6si5965380pgv.242.2018.10.05.01.50.27; Fri, 05 Oct 2018 01:50:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728888AbeJEPsJ (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:09 -0400 Received: from foss.arm.com ([217.140.101.70]:47942 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbeJEPsJ (ORCPT ); Fri, 5 Oct 2018 11:48:09 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C6D131688; Fri, 5 Oct 2018 01:50:24 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9154D3F5B3; Fri, 5 Oct 2018 01:50:21 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 10/17] arm64: enable pointer authentication Date: Fri, 5 Oct 2018 09:47:47 +0100 Message-Id: <20181005084754.20950-11-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland Now that all the necessary bits are in place for userspace, add the necessary Kconfig logic to allow this to be enabled. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko Cc: Catalin Marinas Cc: Will Deacon --- arch/arm64/Kconfig | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) -- 2.11.0 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 1b1a0e95c751..8a6d44160fa8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1134,6 +1134,29 @@ config ARM64_RAS_EXTN endmenu +menu "ARMv8.3 architectural features" + +config ARM64_PTR_AUTH + bool "Enable support for pointer authentication" + default y + help + Pointer authentication (part of the ARMv8.3 Extensions) provides + instructions for signing and authenticating pointers against secret + keys, which can be used to mitigate Return Oriented Programming (ROP) + and other attacks. + + This option enables these instructions at EL0 (i.e. for userspace). + + Choosing this option will cause the kernel to initialise secret keys + for each process at exec() time, with these keys being + context-switched along with the process. + + The feature is detected at runtime. If the feature is not present in + hardware it will not be advertised to userspace nor will it be + enabled. + +endmenu + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Fri Oct 5 08:47:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148167 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180482lji; Fri, 5 Oct 2018 01:50:35 -0700 (PDT) X-Google-Smtp-Source: ACcGV60GcZcPjMeCirHP8PusxLIe3tMipM8TbGk1QCucx6mwdhttRgNNqv8CKw1UjGzuzcm4xBOO X-Received: by 2002:a62:6643:: with SMTP id a64-v6mr10738088pfc.202.1538729434947; Fri, 05 Oct 2018 01:50:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729434; cv=none; d=google.com; s=arc-20160816; b=k6LTzgDdSIqLqLsutalgKb9+4e4A2aGjuTrrt+fKQVlZNmwGy44+bHyRF/Dya/1pbr /fWhOpZkAs1FYjREYhfUUOrmyX60hnouIRhwnvV/iDPsj7KPJNaYVNoWqIU4yrkNByIZ BvOAByw+pz7ICzqgo0yuXuCS4TOUBwTO3a2ZrVe4BpqfIMp96hJ6OSKrMBQtkgwfK67e PgyjdRB9N+A1VbTY7f4a36X3pODYMA0DHGk+KKrvnCLGWprXR/a2ECbrU5bf02j8Z67T J2siPJ+F9QJoqklxu7tgwTc6w3saNTa3r3uUupq8GQDoExaqlgSlGxDzmr4waHAtyeM8 tkBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=V4Ag82KlhFbgxYTEH0zmlcXM0Vh51xFaWoZzPIj2d0M=; b=fjIiTpewo6Fh7S5gCxUI0ge3OZX9vzkgMjrhykmQyu31nAmi3w4NLbT8TWWfpjTefz qxAEpEmmsQIf0x8cdMqJ2rCsWrfdXRrwSZr/wm2JZwXwmec47SdjNrtGFaFE9UGQs3Lv MNyzrY1v3FNJ31whqCcjbMlRx24XdVDMq1SBkdn7nN+D6DgwZ5eSHpEwNYb+LU0YjedZ 6NuXVynPRu1IfxlylrUFYPgJ4U+5cDcuzT8iHwdmmhuyZZrECsWU5ag97m6//pZiROJL tYDEJjMeBHMeVdm8zIsnxCYYjzQvptYttl6Wb1gnEEY2C2GHcCqH9CDAihq1WmBXYmwI A+/A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j6-v6si7776398plk.145.2018.10.05.01.50.34; Fri, 05 Oct 2018 01:50:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728904AbeJEPsR (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:17 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47964 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbeJEPsQ (ORCPT ); Fri, 5 Oct 2018 11:48:16 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0E99615AD; Fri, 5 Oct 2018 01:50:32 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CDE543F5B3; Fri, 5 Oct 2018 01:50:28 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 11/17] arm64: docs: document pointer authentication Date: Fri, 5 Oct 2018 09:47:48 +0100 Message-Id: <20181005084754.20950-12-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland Now that we've added code to support pointer authentication, add some documentation so that people can figure out if/how to use it. Signed-off-by: Mark Rutland [kristina: update cpu-feature-registers.txt] Signed-off-by: Kristina Martsenko Cc: Andrew Jones Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- Documentation/arm64/booting.txt | 8 +++ Documentation/arm64/cpu-feature-registers.txt | 4 ++ Documentation/arm64/elf_hwcaps.txt | 5 ++ Documentation/arm64/pointer-authentication.txt | 84 ++++++++++++++++++++++++++ 4 files changed, 101 insertions(+) create mode 100644 Documentation/arm64/pointer-authentication.txt -- 2.11.0 Reviewed-by: Ramana Radhakrishnan diff --git a/Documentation/arm64/booting.txt b/Documentation/arm64/booting.txt index 8d0df62c3fe0..8df9f4658d6f 100644 --- a/Documentation/arm64/booting.txt +++ b/Documentation/arm64/booting.txt @@ -205,6 +205,14 @@ Before jumping into the kernel, the following conditions must be met: ICC_SRE_EL2.SRE (bit 0) must be initialised to 0b0. - The DT or ACPI tables must describe a GICv2 interrupt controller. + For CPUs with pointer authentication functionality: + - If EL3 is present: + SCR_EL3.APK (bit 16) must be initialised to 0b1 + SCR_EL3.API (bit 17) must be initialised to 0b1 + - If the kernel is entered at EL1: + HCR_EL2.APK (bit 40) must be initialised to 0b1 + HCR_EL2.API (bit 41) must be initialised to 0b1 + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. diff --git a/Documentation/arm64/cpu-feature-registers.txt b/Documentation/arm64/cpu-feature-registers.txt index 7964f03846b1..b165677ffab9 100644 --- a/Documentation/arm64/cpu-feature-registers.txt +++ b/Documentation/arm64/cpu-feature-registers.txt @@ -190,6 +190,10 @@ infrastructure: |--------------------------------------------------| | JSCVT | [15-12] | y | |--------------------------------------------------| + | API | [11-8] | y | + |--------------------------------------------------| + | APA | [7-4] | y | + |--------------------------------------------------| | DPB | [3-0] | y | x--------------------------------------------------x diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt index d6aff2c5e9e2..95509a7b0ffe 100644 --- a/Documentation/arm64/elf_hwcaps.txt +++ b/Documentation/arm64/elf_hwcaps.txt @@ -178,3 +178,8 @@ HWCAP_ILRCPC HWCAP_FLAGM Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0001. + +HWCAP_APIA + + EL0 AddPac and Auth functionality using APIAKey_EL1 is enabled, as + described by Documentation/arm64/pointer-authentication.txt. diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt new file mode 100644 index 000000000000..8a9cb5713770 --- /dev/null +++ b/Documentation/arm64/pointer-authentication.txt @@ -0,0 +1,84 @@ +Pointer authentication in AArch64 Linux +======================================= + +Author: Mark Rutland +Date: 2017-07-19 + +This document briefly describes the provision of pointer authentication +functionality in AArch64 Linux. + + +Architecture overview +--------------------- + +The ARMv8.3 Pointer Authentication extension adds primitives that can be +used to mitigate certain classes of attack where an attacker can corrupt +the contents of some memory (e.g. the stack). + +The extension uses a Pointer Authentication Code (PAC) to determine +whether pointers have been modified unexpectedly. A PAC is derived from +a pointer, another value (such as the stack pointer), and a secret key +held in system registers. + +The extension adds instructions to insert a valid PAC into a pointer, +and to verify/remove the PAC from a pointer. The PAC occupies a number +of high-order bits of the pointer, which varies dependent on the +configured virtual address size and whether pointer tagging is in use. + +A subset of these instructions have been allocated from the HINT +encoding space. In the absence of the extension (or when disabled), +these instructions behave as NOPs. Applications and libraries using +these instructions operate correctly regardless of the presence of the +extension. + + +Basic support +------------- + +When CONFIG_ARM64_PTR_AUTH is selected, and relevant HW support is +present, the kernel will assign a random APIAKey value to each process +at exec*() time. This key is shared by all threads within the process, +and the key is preserved across fork(). Presence of functionality using +APIAKey is advertised via HWCAP_APIA. + +Recent versions of GCC can compile code with APIAKey-based return +address protection when passed the -msign-return-address option. This +uses instructions in the HINT space, and such code can run on systems +without the pointer authentication extension. + +The remaining instruction and data keys (APIBKey, APDAKey, APDBKey) are +reserved for future use, and instructions using these keys must not be +used by software until a purpose and scope for their use has been +decided. To enable future software using these keys to function on +contemporary kernels, where possible, instructions using these keys are +made to behave as NOPs. + +The generic key (APGAKey) is currently unsupported. Instructions using +the generic key must not be used by software. + + +Debugging +--------- + +When CONFIG_ARM64_PTR_AUTH is selected, and relevant HW support is +present, the kernel will expose the position of TTBR0 PAC bits in the +NT_ARM_PAC_MASK regset (struct user_pac_mask), which userspace can +acqure via PTRACE_GETREGSET. + +Separate masks are exposed for data pointers and instruction pointers, +as the set of PAC bits can vary between the two. Debuggers should not +expect that HWCAP_APIA implies the presence (or non-presence) of this +regset -- in future the kernel may support the use of APIBKey, APDAKey, +and/or APBAKey, even in the absence of APIAKey. + +Note that the masks apply to TTBR0 addresses, and are not valid to apply +to TTBR1 addresses (e.g. kernel pointers). + + +Virtualization +-------------- + +Pointer authentication is not currently supported in KVM guests. KVM +will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of +the feature will result in an UNDEFINED exception being injected into +the guest. From patchwork Fri Oct 5 08:47:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148168 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180547lji; Fri, 5 Oct 2018 01:50:40 -0700 (PDT) X-Google-Smtp-Source: ACcGV62xTskWk3Z+7bTubc3gM5aGgORRrlCc2+oUYZXps2c03LCx2Y6CCExRZxRFyYKQkPKqw8QW X-Received: by 2002:a62:1985:: with SMTP id 127-v6mr10579762pfz.51.1538729439905; Fri, 05 Oct 2018 01:50:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729439; cv=none; d=google.com; s=arc-20160816; b=y4616jJJXdoyfj49UugMDa/mboR722mHU9/TrZtRsMzsUDhhTucoBtIHencgkIvF3/ cwiyCGm4aK0VLCSvp7h82hICJ01goPzE/hj2kmBHiCB2AXJCyl0GzqaCrB3qGh/ntPrI zVkmF688oW8b5qcIiQro9au9AVBxnYQT8R0e74g7d1opZCqENaLIzX5WO1WXxMzbDrmZ +GAaanueBDm8f3Etq+Fu2BFUoaHabmF/5Z5UqCF1bz9Re0BniHMN4O3xOqOBzNpGxTVR CrKgq6esmtWITIWlmLgGnYwOnw4q59COxqdyWPrCdRfTlGe8sT71mJCodhDG2LIhZWyD NKFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=4q0pGaMUnLHXtjWCxxnxvj/dbW2yxMIO8kohW+WIVRs=; b=W9znrPknV/JTzzZ1EGBUvI1tTUg31VVJuPPlGfs21T7Bx5MNcoe4pCZkqtDHocHz7U weg1MU2oNqgwF3tucz3VQj1lXaNWEnktOq0xTNpd+vxCAdKe2zJcyAhmAQu+vJNVSZOm jBD+akt3hJOEBWIPip9gEU7IjcQKwACyTDkDaUkSXNM27rUXbTjIVFixf9XlIEhhcxI/ 6wta1JcMx+d8814CMVnnH9tdL6k2k99QghOU2fGptrQHaMVm5dVKCw8JOzb71NC/Cuu5 9uKrB7ObBOCrA7d/ATwnRFNtRxN4HsjAadI7yhKmpYf/phIxSvcKzHwegRq5vx7RkNiH cTAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z12-v6si7416349pgv.387.2018.10.05.01.50.39; Fri, 05 Oct 2018 01:50:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728921AbeJEPsW (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:22 -0400 Received: from foss.arm.com ([217.140.101.70]:47988 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbeJEPsV (ORCPT ); Fri, 5 Oct 2018 11:48:21 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6F80D15BF; Fri, 5 Oct 2018 01:50:37 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 396F53F5B3; Fri, 5 Oct 2018 01:50:34 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC 12/17] arm64: move ptrauth keys to thread_info Date: Fri, 5 Oct 2018 09:47:49 +0100 Message-Id: <20181005084754.20950-13-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland To use pointer authentication in the kernel, we'll need to switch keys in the entry assembly. This patch moves the pointer auth keys into thread_info to make this possible. There should be no functional change as a result of this patch. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko --- arch/arm64/include/asm/mmu.h | 5 ----- arch/arm64/include/asm/mmu_context.h | 13 ------------- arch/arm64/include/asm/pointer_auth.h | 13 +++++++------ arch/arm64/include/asm/thread_info.h | 4 ++++ arch/arm64/kernel/process.c | 4 ++++ 5 files changed, 15 insertions(+), 24 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index f6480ea7b0d5..dd320df0d026 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -25,15 +25,10 @@ #ifndef __ASSEMBLY__ -#include - typedef struct { atomic64_t id; void *vdso; unsigned long flags; -#ifdef CONFIG_ARM64_PTR_AUTH - struct ptrauth_keys ptrauth_keys; -#endif } mm_context_t; /* diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 983f80925566..387e810063c7 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -215,8 +215,6 @@ static inline void __switch_mm(struct mm_struct *next) return; } - mm_ctx_ptrauth_switch(&next->context); - check_and_switch_context(next, cpu); } @@ -242,17 +240,6 @@ switch_mm(struct mm_struct *prev, struct mm_struct *next, void verify_cpu_asid_bits(void); void post_ttbr_update_workaround(void); -static inline void arch_bprm_mm_init(struct mm_struct *mm, - struct vm_area_struct *vma) -{ - mm_ctx_ptrauth_init(&mm->context); -} -#define arch_bprm_mm_init arch_bprm_mm_init - -/* - * We need to override arch_bprm_mm_init before including the generic hooks, - * which are otherwise sufficient for us. - */ #include #endif /* !__ASSEMBLY__ */ diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index f5a4b075be65..cedb03bd175b 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -63,16 +63,17 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) return ptr & ~ptrauth_pac_mask(); } -#define mm_ctx_ptrauth_init(ctx) \ - ptrauth_keys_init(&(ctx)->ptrauth_keys) +#define ptrauth_task_init_user(tsk) \ + ptrauth_keys_init(&(tsk)->thread_info.keys_user); \ + ptrauth_keys_switch(&(tsk)->thread_info.keys_user) -#define mm_ctx_ptrauth_switch(ctx) \ - ptrauth_keys_switch(&(ctx)->ptrauth_keys) +#define ptrauth_task_switch(tsk) \ + ptrauth_keys_switch(&(tsk)->thread_info.keys_user) #else /* CONFIG_ARM64_PTR_AUTH */ #define ptrauth_strip_insn_pac(lr) (lr) -#define mm_ctx_ptrauth_init(ctx) -#define mm_ctx_ptrauth_switch(ctx) +#define ptrauth_task_init_user(tsk) +#define ptrauth_task_switch(tsk) #endif /* CONFIG_ARM64_PTR_AUTH */ #endif /* __ASM_POINTER_AUTH_H */ diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index cb2c10a8f0a8..ea9272fb52d4 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -28,6 +28,7 @@ struct task_struct; #include +#include #include #include @@ -43,6 +44,9 @@ struct thread_info { u64 ttbr0; /* saved TTBR0_EL1 */ #endif int preempt_count; /* 0 => preemptable, <0 => bug */ +#ifdef CONFIG_ARM64_PTR_AUTH + struct ptrauth_keys keys_user; +#endif }; #define thread_saved_pc(tsk) \ diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 7f1628effe6d..fae52be66c92 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -57,6 +57,7 @@ #include #include #include +#include #include #ifdef CONFIG_STACKPROTECTOR @@ -425,6 +426,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev, contextidr_thread_switch(next); entry_task_switch(next); uao_thread_switch(next); + ptrauth_task_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case @@ -492,6 +494,8 @@ unsigned long arch_randomize_brk(struct mm_struct *mm) void arch_setup_new_exec(void) { current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0; + + ptrauth_task_init_user(current); } #ifdef CONFIG_GCC_PLUGIN_STACKLEAK From patchwork Fri Oct 5 08:47:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148169 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180622lji; Fri, 5 Oct 2018 01:50:44 -0700 (PDT) X-Google-Smtp-Source: ACcGV637qtC890vFE5JJ/2yX5vFV9hnWwAMy6tZKabsCECTDvFtnMRkJh2pY1WjtW4WNqd4Gn3W2 X-Received: by 2002:a62:c60a:: with SMTP id m10-v6mr10049353pfg.15.1538729444852; Fri, 05 Oct 2018 01:50:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729444; cv=none; d=google.com; s=arc-20160816; b=uUJ7a8TQGwikX13TQSTw/6LCkQp+8q/7h2IS7VfYi0gq4MLPNyj6S7Ui75POsAhIy/ YCNRIFTjCtoJFMFDUmRtTDfuj+n+RuPPBfsAX5KizF8X9uo6DSr84fn/nawiT+NReS3I pICvvHi0U1jo+F7IR5GpK1MPnH0UtXIQSiu9//FufVibS8fEkMYGit72rJEm1yIgrP1T 0EWpwzUPKfgXSWLGT8yy7uDJiviqyBeIzpJ0BvPRBpOa67XWFgE/yo5GI3eJ8nNmH85J +E1cHLt0jzjYmtY+T1Ki4+GNdFixdKAd9bTOhtqCtj9aSpGlkIGFr1kv1H3Cc5V7WREN SWuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=ExiZ+q0+rPgT6waq8Xzvw8KmMAKND+mcNOTmRQnM4qI=; b=B0jmWKpmHdQhfIYKLNL3XUr90rHzhxYTTHymAiU7Yvm556rpal3PoCVulxSlYh4e1e 4qoDPAgReVgRp4wUcMtuaCOkvrZfUSW7dFe9TMR6aI3rXS94yP/y223vhN50lVx6LmQf BqF96RoU/eXzZNDglI44tCc2Ng6pQW30QZXHW1uLIwd24y1XYaPMrCZ8X3pV+n+dJckw cdmta08KwuSSnm/LRD9Wsm//be/rsrU1wemkYa239458t/eaSX8Fp2zqtXREkThc/z2L eO1aovpM6bv5FPAnqdAzayMv6q3qmsABMU2ATJmGx3ot2TcmW4qP3XBJgejdKtKiCKdy /Fdw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10-v6si6185777pgb.71.2018.10.05.01.50.44; Fri, 05 Oct 2018 01:50:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728944AbeJEPs1 (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:27 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:48008 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbeJEPs1 (ORCPT ); Fri, 5 Oct 2018 11:48:27 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5500F15BE; Fri, 5 Oct 2018 01:50:42 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2013B3F5B3; Fri, 5 Oct 2018 01:50:38 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC 13/17] arm64: install user ptrauth keys at kernel exit time Date: Fri, 5 Oct 2018 09:47:50 +0100 Message-Id: <20181005084754.20950-14-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland This will mean we do more work per EL0 exception return, but is a stepping-stone to enable keys within the kernel. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko --- arch/arm64/include/asm/pointer_auth.h | 7 +------ arch/arm64/include/asm/ptrauth-asm.h | 26 ++++++++++++++++++++++++++ arch/arm64/kernel/asm-offsets.c | 7 +++++++ arch/arm64/kernel/entry.S | 9 +++++++-- arch/arm64/kernel/process.c | 1 - 5 files changed, 41 insertions(+), 9 deletions(-) create mode 100644 arch/arm64/include/asm/ptrauth-asm.h -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index cedb03bd175b..5e40533f4ea2 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -64,16 +64,11 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) } #define ptrauth_task_init_user(tsk) \ - ptrauth_keys_init(&(tsk)->thread_info.keys_user); \ - ptrauth_keys_switch(&(tsk)->thread_info.keys_user) - -#define ptrauth_task_switch(tsk) \ - ptrauth_keys_switch(&(tsk)->thread_info.keys_user) + ptrauth_keys_init(&(tsk)->thread_info.keys_user) #else /* CONFIG_ARM64_PTR_AUTH */ #define ptrauth_strip_insn_pac(lr) (lr) #define ptrauth_task_init_user(tsk) -#define ptrauth_task_switch(tsk) #endif /* CONFIG_ARM64_PTR_AUTH */ #endif /* __ASM_POINTER_AUTH_H */ diff --git a/arch/arm64/include/asm/ptrauth-asm.h b/arch/arm64/include/asm/ptrauth-asm.h new file mode 100644 index 000000000000..f50bdfc4046c --- /dev/null +++ b/arch/arm64/include/asm/ptrauth-asm.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_PTRAUTH_ASM_H +#define __ASM_PTRAUTH_ASM_H + +#include +#include + +#ifdef CONFIG_ARM64_PTR_AUTH + + .macro ptrauth_keys_install_user tsk, tmp +alternative_if ARM64_HAS_ADDRESS_AUTH + ldr \tmp, [\tsk, #(TSK_TI_KEYS_USER + PTRAUTH_KEY_APIALO)] + msr_s SYS_APIAKEYLO_EL1, \tmp + ldr \tmp, [\tsk, #(TSK_TI_KEYS_USER + PTRAUTH_KEY_APIAHI)] + msr_s SYS_APIAKEYHI_EL1, \tmp +alternative_else_nop_endif + .endm + +#else /* CONFIG_ARM64_PTR_AUTH */ + + .macro ptrauth_keys_install_user tsk, tmp + .endm + +#endif /* CONFIG_ARM64_PTR_AUTH */ + +#endif /* __ASM_PTRAUTH_ASM_H */ diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index 323aeb5f2fe6..b6be0dd037fd 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -45,6 +45,9 @@ int main(void) #ifdef CONFIG_ARM64_SW_TTBR0_PAN DEFINE(TSK_TI_TTBR0, offsetof(struct task_struct, thread_info.ttbr0)); #endif +#ifdef CONFIG_ARM64_PTR_AUTH + DEFINE(TSK_TI_KEYS_USER, offsetof(struct task_struct, thread_info.keys_user)); +#endif DEFINE(TSK_STACK, offsetof(struct task_struct, stack)); BLANK(); DEFINE(THREAD_CPU_CONTEXT, offsetof(struct task_struct, thread.cpu_context)); @@ -169,5 +172,9 @@ int main(void) DEFINE(SDEI_EVENT_INTREGS, offsetof(struct sdei_registered_event, interrupted_regs)); DEFINE(SDEI_EVENT_PRIORITY, offsetof(struct sdei_registered_event, priority)); #endif +#ifdef CONFIG_ARM64_PTR_AUTH + DEFINE(PTRAUTH_KEY_APIALO, offsetof(struct ptrauth_keys, apia.lo)); + DEFINE(PTRAUTH_KEY_APIAHI, offsetof(struct ptrauth_keys, apia.hi)); +#endif return 0; } diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 09dbea221a27..1e925f6d2978 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -23,8 +23,9 @@ #include #include -#include #include +#include +#include #include #include #include @@ -33,8 +34,8 @@ #include #include #include +#include #include -#include #include /* @@ -325,6 +326,10 @@ alternative_else_nop_endif apply_ssbd 0, x0, x1 .endif + .if \el == 0 + ptrauth_keys_install_user tsk, x0 + .endif + msr elr_el1, x21 // set up the return data msr spsr_el1, x22 ldp x0, x1, [sp, #16 * 0] diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index fae52be66c92..857ae05cd04c 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -426,7 +426,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev, contextidr_thread_switch(next); entry_task_switch(next); uao_thread_switch(next); - ptrauth_task_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case From patchwork Fri Oct 5 08:47:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristina Martsenko X-Patchwork-Id: 148170 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp180684lji; Fri, 5 Oct 2018 01:50:49 -0700 (PDT) X-Google-Smtp-Source: ACcGV63o9wDdZ13v8H3FGv08B3fLGdTL1Il1XGtonvKlEXBAbXqDlLLisMHII5kIYMzrWl2GOQd8 X-Received: by 2002:a63:3c46:: with SMTP id i6-v6mr9182845pgn.286.1538729449153; Fri, 05 Oct 2018 01:50:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538729449; cv=none; d=google.com; s=arc-20160816; b=tqt6LuicgFwJwK8MdkdQtZ7MYscr+Qez29RNs/4QkbK/euKvGc4r8086G0hWrhg2cW fwfqis9b6+Sm9kIOy9Ncu/VSjfCUZk68uLkHgAiqFsQSyupEvT2jhtHidQ342U8/W2Q8 O8Vdiz2iIhItrJJhZWiUwSG8BSSU5Z6TYKypvJsyo7cFfCfRQI8/YhSee8on9aUYxHGj zQ5/Bmc6lNHbpTSWuFjNeVDagD/UDblakrfoKxT90W2ZxWE2LSNWhVp94cUglaNS4wpO UXRkc8oKF84qQDrIp3hunxXsSit3Z5A6GbdIHeWXPb1Pki6RI8v/v52MIFE1t5kn7ukI FTbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=4xCflmaAlUPnxxWkkcErOh7EaiZVAXVSRTTeGTPyqyU=; b=KtZOG/BI4LWdU6WQooRWtGeH5QeBbQ2+Zu9J+hVPZxnNrBsHVo56PCnvbm1IwsfAUS Knxp5/WhommQtazAAoHuXy6/3C2+kGxFwpq7xWah0xAWSvrK0Z/RU7RTcIhSgTX1ziyo k6KSGlo5jaBB6Zzc53JKXi7nBdqGWjIY4zuKT9sruyBqoMMvSJrY7dvyZi6UmJ5o2Vph cOOtzbI3kWT7Xea6G/U/5HXIg5ggH1P6HuvSOdLEIVVIW0EF4HeYbi6DFzPU9XEe+7og NH2NhSbB3Gjpp5AAoqvD3RF/4b0rq3NNbZlWd8WFXxBYaviTp0xvDsQeFdglthcapQzD X1vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10-v6si6185777pgb.71.2018.10.05.01.50.48; Fri, 05 Oct 2018 01:50:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728958AbeJEPsb (ORCPT + 32 others); Fri, 5 Oct 2018 11:48:31 -0400 Received: from foss.arm.com ([217.140.101.70]:48042 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728012AbeJEPsb (ORCPT ); Fri, 5 Oct 2018 11:48:31 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 881E21650; Fri, 5 Oct 2018 01:50:46 -0700 (PDT) Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 52E713F5B3; Fri, 5 Oct 2018 01:50:43 -0700 (PDT) From: Kristina Martsenko To: linux-arm-kernel@lists.infradead.org Cc: Adam Wallis , Amit Kachhap , Andrew Jones , Ard Biesheuvel , Arnd Bergmann , Catalin Marinas , Christoffer Dall , Dave P Martin , Jacob Bramley , Kees Cook , Marc Zyngier , Mark Rutland , Ramana Radhakrishnan , "Suzuki K . Poulose" , Will Deacon , kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC 14/17] arm64: unwind: strip PAC from kernel addresses Date: Fri, 5 Oct 2018 09:47:51 +0100 Message-Id: <20181005084754.20950-15-kristina.martsenko@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20181005084754.20950-1-kristina.martsenko@arm.com> References: <20181005084754.20950-1-kristina.martsenko@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland When we enable pointer authentication in the kernel, LR values saved to the stack will have a PAC which we must strip in order to retrieve the real return address. Strip PACs when unwinding the stack in order to account for this. Signed-off-by: Mark Rutland Signed-off-by: Kristina Martsenko --- arch/arm64/include/asm/pointer_auth.h | 10 +++++++--- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/stacktrace.c | 3 +++ 3 files changed, 11 insertions(+), 4 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 5e40533f4ea2..e60f225d9fa2 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -55,12 +55,16 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) * The EL0 pointer bits used by a pointer authentication code. * This is dependent on TBI0 being enabled, or bits 63:56 would also apply. */ -#define ptrauth_pac_mask() GENMASK(54, VA_BITS) +#define ptrauth_pac_mask_ttbr0() GENMASK(54, VA_BITS) + +#define ptrauth_pac_mask_ttbr1() (GENMASK(63, 56) | GENMASK(54, VA_BITS)) -/* Only valid for EL0 TTBR0 instruction pointers */ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) { - return ptr & ~ptrauth_pac_mask(); + if (ptr & BIT_ULL(55)) + return ptr | ptrauth_pac_mask_ttbr1(); + else + return ptr & ~ptrauth_pac_mask_ttbr0(); } #define ptrauth_task_init_user(tsk) \ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index cb8246f8c603..bf4d6d384e4f 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -970,7 +970,7 @@ static int pac_mask_get(struct task_struct *target, * depending on TCR_EL1.TBID*, which we may make use of in future, so * we expose separate masks. */ - unsigned long mask = ptrauth_pac_mask(); + unsigned long mask = ptrauth_pac_mask_ttbr0(); struct user_pac_mask uregs = { .data_mask = mask, .insn_mask = mask, diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c index 4989f7ea1e59..44f6a64a8006 100644 --- a/arch/arm64/kernel/stacktrace.c +++ b/arch/arm64/kernel/stacktrace.c @@ -24,6 +24,7 @@ #include #include +#include #include #include @@ -56,6 +57,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame) frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp)); frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 8)); + frame->pc = ptrauth_strip_insn_pac(frame->pc); + #ifdef CONFIG_FUNCTION_GRAPH_TRACER if (tsk->ret_stack && (frame->pc == (unsigned long)return_to_handler)) {