From patchwork Wed Jul 19 16:01:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108299 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011363obm; Wed, 19 Jul 2017 09:02:48 -0700 (PDT) X-Received: by 10.84.217.153 with SMTP id p25mr664870pli.218.1500480168306; Wed, 19 Jul 2017 09:02:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480168; cv=none; d=google.com; s=arc-20160816; b=F0HJDKsVtZFPSJJJbS3a9FLXtCPRmrV9hIJ+33wyaW3HhoK0v07C9YNPhy3I2brvnl 8ASh/iWbxhS22pWwNUNYCoqQ1QgSjHwKvbAtBYs+1ursW/rUKL60/0k7ORYaffnI9HYD bRmO2QB0BiB2NVjNx8bdzQTiiV+LC1tPxVoji3c3CKe2RVDdacHQCExUP/mhbcVVO5Bi AfjlyGQXHYXq9rrNyV4U6sijAiJhX44aXXD0J4pdMk07teOqIgd/sN0wQca8nu8QiVjn g1h2MV0tPd27IElOT4BE2NjfxsFsuZ0LKPyphOmDH7iYIP1ywsQ9h9evNwlM/nr8H3M+ dZdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=+zhmOHXB+mpuCdR+VI68eD9XICnOEbmmM/v8UeVVzoU=; b=wmIMrNzWBdnEqVa5pPWRxlWNQVvDboqYUCxzTBp3BzVLTn73S7hh/cnmrwI26Cd3Dr egoBuO+fCziCRLwteSk2eP/h6ZnrWmnE8WFqpkzUYNVUJvVVK0jRTR1QiTThHMt9urz0 +/98xoSLQrqdzlntAu6MM1uUBPVHVEYSc2o8iDkJ92v4AJwFeBI+Zoi3sHeOb8611M2h s/JNNlFcFEVtbcQh5M+JZOiIY5VrnowyJ5yabytzOXz/u5udPkqflKd/W2y7OybLCD6C up30KP7Jdy1w4cHGLmiF0omhS24UvPAhbiH4GusBW33KdKbuU1GKHX9VZUk0lfVGayTg bGLg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w30si239362pfl.445.2017.07.19.09.02.47; Wed, 19 Jul 2017 09:02:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932871AbdGSQCp (ORCPT + 25 others); Wed, 19 Jul 2017 12:02:45 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42228 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755217AbdGSQCj (ORCPT ); Wed, 19 Jul 2017 12:02:39 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 916F315AD; Wed, 19 Jul 2017 09:02:39 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3B29B3F577; Wed, 19 Jul 2017 09:02:37 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 01/11] arm64: docs: describe ELF hwcaps Date: Wed, 19 Jul 2017 17:01:22 +0100 Message-Id: <1500480092-28480-2-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We don't document our ELF hwcaps, leaving developers to interpret them according to hearsay, guesswork, or (in exceptional cases) inspection of the current kernel code. This is less than optimal, and it would be far better if we had some definitive description of each of the ELF hwcaps that developers could refer to. This patch adds a document describing the (native) arm64 ELF hwcaps. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Dave Martin Cc: Suzuki K Poulose Cc: Will Deacon --- Documentation/arm64/elf_hwcaps.txt | 133 +++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 Documentation/arm64/elf_hwcaps.txt -- 1.9.1 diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt new file mode 100644 index 0000000..7bc2921 --- /dev/null +++ b/Documentation/arm64/elf_hwcaps.txt @@ -0,0 +1,133 @@ +ARM64 ELF hwcaps +================ + +This document describes the usage and semantics of the arm64 ELF hwcaps. + + +1. Introduction +--------------- + +Some hardware or software features are only available on some CPU +implementations, and/or with certain kernel configurations, but have no +architected discovery mechanism available to userspace code at EL0. The +kernel exposes the presence of these features to userspace through a set +of flags called hwcaps, exposed in the auxilliary vector. + +Userspace software can test for features by acquiring the AT_HWCAP entry +of the auxilliary vector, and testing whether the relevant flags are +set, e.g. + +bool floating_point_is_present(void) +{ + unsigned long hwcaps = getauxval(AT_HWCAP); + if (hwcaps & HWCAP_FP) + return true; + + return false; +} + +Where software relies on a feature described by a hwcap, it should check +the relevant hwcap flag to verify that the feature is present before +attempting to make use of the feature. + +Features cannot be probed reliably through other means. When a feature +is not available, attempting to use it may result in unpredictable +behaviour, and is not guaranteed to result in any reliable indication +that the feature is unavailable, such as a SIGILL. + + +2. Interpretation of hwcaps +--------------------------- + +The majority of hwcaps are intended to indicate the presence of features +which are described by architected ID registers inaccessible to +userspace code at EL0. These hwcaps are defined in terms of ID register +fields, and should be interpreted with reference to the definition of +these fields in the ARM Architecture Reference Manual (ARM ARM). + +Such hwcaps are described below in the form: + + Functionality implied by idreg.field == val. + +Such hwcaps indicate the availability of functionality that the ARM ARM +defines as being present when idreg.field has value val, but do not +indicate that idreg.field is precisely equal to val, nor do they +indicate the absence of functionality implied by other values of +idreg.field. + +Other hwcaps may indicate the presence of features which cannot be +described by ID registers alone. These may be described without +reference to ID registers, and may refer to other documentation. + + +3. The hwcaps exposed in AT_HWCAP +--------------------------------- + +HWCAP_FP + + Functionality implied by ID_AA64PFR0_EL1.FP == 0b0000. + +HWCAP_ASIMD + + Functionality implied by ID_AA64PFR0_EL1.AdvSIMD == 0b0000. + +HWCAP_EVTSTRM + + The generic timer is configured to generate events at a frequency of + approximately 100KHz. + +HWCAP_AES + + Functionality implied by ID_AA64ISAR1_EL1.AES == 0b0001. + +HWCAP_PMULL + + Functionality implied by ID_AA64ISAR1_EL1.AES == 0b0010. + +HWCAP_SHA1 + + Functionality implied by ID_AA64ISAR0_EL1.SHA1 == 0b0001. + +HWCAP_SHA2 + + Functionality implied by ID_AA64ISAR0_EL1.SHA2 == 0b0001. + +HWCAP_CRC32 + + Functionality implied by ID_AA64ISAR0_EL1.CRC32 == 0b0001. + +HWCAP_ATOMICS + + Functionality implied by ID_AA64ISAR0_EL1.Atomic == 0b0010. + +HWCAP_FPHP + + Functionality implied by ID_AA64PFR0_EL1.FP == 0b0001. + +HWCAP_ASIMDHP + + Functionality implied by ID_AA64PFR0_EL1.AdvSIMD == 0b0001. + +HWCAP_CPUID + + EL0 access to certain ID registers is available, to the extent + described by Documentation/arm64/cpu-feature-registers.txt. + + These ID registers may imply the availability of features. + +HWCAP_ASIMDRDM + + Functionality implied by ID_AA64ISAR0_EL1.RDM == 0b0001. + +HWCAP_JSCVT + + Functionality implied by ID_AA64ISAR1_EL1.JSCVT == 0b0001. + +HWCAP_FCMA + + Functionality implied by ID_AA64ISAR1_EL1.FCMA == 0b0001. + +HWCAP_LRCPC + + Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0001. + From patchwork Wed Jul 19 16:01:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108309 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1014547obm; Wed, 19 Jul 2017 09:05:24 -0700 (PDT) X-Received: by 10.101.83.138 with SMTP id x10mr565395pgq.201.1500480324221; Wed, 19 Jul 2017 09:05:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480324; cv=none; d=google.com; s=arc-20160816; b=hZ8wXIKf+Rn8TUw3rWYa1MS+ouqg2w1q+byCFHUE9erh0Yf4ot5S6QMRgERWhTeAM7 MScoC7YoweopGwSYYoNdfGa2tagtt2dOA/c8v6eExZId5UeqwKywFfl+8M8rdjsv5fmp fojwpyNxrnE29zUmzReTcYnBDerkDz75Y0uTULNY3RaQFP9tWgJXxDakZ8he5iITP4Ym J9rtm4CDgGiZ9O+uBRIsmMkxgo0dcEo7CY4TKIKPvQYENrWRE9Q6NUbYPAgb0MVRw4OR ooBOmA/LW4ps0UBLstIQRzL5AaNjaVZUv74NVfJvlcrEAnU3cFN6n1sYWkBj/eNRZeBr bKLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=roL+YgoW24A8JFl1VfyyIeqSdXUCvcKCU+kvZdYPqG4=; b=gOjYHKjwIvoig0JjB9Yf7LIlwiV3yj5Gv9R/wbVBFtpm0Spg9HY6Pw+hV22TDlGlaF 0osOR285fal6KDIMyDPRH40kmXYcCXWFIEBgjChxZEZ8elxFkCb5eLK4VVd3wDEMQMq1 VCiZxr2cNLx9ijU680hCU9Fvp26oCCpovsRnjbuMaVecfp2QOfxERG+B3HaAtlNqqeZO EExsLWWWbogn1lDyclc2B9XfaEnpTGrEk+JDHSLaB+YAF1JL2L8tW//XIvvR8Uvahtph nFCFkwI2A7cew2capOu7bNYySrksv7Z6Hy8kUSJ9AeW0ce82hDlwxWFGcWztaKuE4zjs IKuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u80si248889pfk.346.2017.07.19.09.05.23; Wed, 19 Jul 2017 09:05:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933151AbdGSQFV (ORCPT + 25 others); Wed, 19 Jul 2017 12:05:21 -0400 Received: from foss.arm.com ([217.140.101.70]:42240 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932661AbdGSQCo (ORCPT ); Wed, 19 Jul 2017 12:02:44 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 727FD15B2; Wed, 19 Jul 2017 09:02:44 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 19E993F577; Wed, 19 Jul 2017 09:02:41 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 02/11] asm-generic: mm_hooks: allow hooks to be overridden individually Date: Wed, 19 Jul 2017 17:01:23 +0100 Message-Id: <1500480092-28480-3-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, an architecture must either implement all of the mm hooks itself, or use all of those provided by the asm-generic implementation. When an architecture only needs to override a single hook, it must copy the stub implementations from the asm-generic version. To avoid this repetition, allow each hook to be overridden indiviually, by placing each under an #ifndef block. As architectures providing their own hooks can't include this file today, this shouldn't adversely affect any existing hooks. Signed-off-by: Mark Rutland Cc: Arnd Bergmann Cc: linux-arch@vger.kernel.org --- include/asm-generic/mm_hooks.h | 11 +++++++++++ 1 file changed, 11 insertions(+) -- 1.9.1 diff --git a/include/asm-generic/mm_hooks.h b/include/asm-generic/mm_hooks.h index 41e5b67..b4bf1b8 100644 --- a/include/asm-generic/mm_hooks.h +++ b/include/asm-generic/mm_hooks.h @@ -6,30 +6,41 @@ #ifndef _ASM_GENERIC_MM_HOOKS_H #define _ASM_GENERIC_MM_HOOKS_H +#ifndef arch_dup_mmap static inline void arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) { } +#endif +#ifndef arch_exit_mmap static inline void arch_exit_mmap(struct mm_struct *mm) { } +#endif +#ifndef arch_unmap static inline void arch_unmap(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long start, unsigned long end) { } +#endif +#ifndef arch_bprm_mm_init static inline void arch_bprm_mm_init(struct mm_struct *mm, struct vm_area_struct *vma) { } +#endif +#ifndef arch_vma_access_permitted static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { /* by default, allow everything */ return true; } +#endif + #endif /* _ASM_GENERIC_MM_HOOKS_H */ From patchwork Wed Jul 19 16:01:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108300 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011469obm; Wed, 19 Jul 2017 09:02:53 -0700 (PDT) X-Received: by 10.99.126.86 with SMTP id o22mr599425pgn.382.1500480173829; Wed, 19 Jul 2017 09:02:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480173; cv=none; d=google.com; s=arc-20160816; b=PcIxGa7ewTI91JvgBuRt95zF2vT2hhFM+ppN/vw1QbvO9jxZ647d8jSxCNXCmFsW2B cfYZm2hGpQGPu0XII+Ewna5wNXoll5PR5l/JuxVXWzSAtHDpxLZxAuk9vTsLHFbp99GM +z2g6sRSkg0+VVt6H6nYcz9oWBnqCRaCerTA44+hms77XeTsFJSAe5YsWeabrhcPo0eN pKUMAq8pekMOedhuETSvxByBGCL+tuwM/04eM/oIydoACEvjzNLanmbyoETXgXaqxPMi YHUZaA0sYNpHd43oOGja7OW0vLQ9HsEH7nm/21PmDxG5EbnDGSR2lq8bRfQzMYV5ukmN e9ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=FxTUtEA6yvjnYYw2TJyhMNhqdt4yLvop/ge5UQHMSjo=; b=sDz+u3IHAQGt4QQQMYcIPuYM8qQJJpXuLUMZLfp8CCZtaW63XRFCOlaHmxfSLqIocm DSI7lqyBRKo8WtKGwIz0i0DH9uFWKP+xphhKpVZ9z1mXtVXPiogtwOygG8bvXbXEVdBN jGqmcUlBhvpAA2SzeBulZpbjtrWiUQPd6LkqG2DyWWA/rGD5TqEQiPl22CRX7BY19fmd fKLQEp9VQsYX47AM4s+Rmyv+NYZxOrw8TEYUfFHyb8fWLhN2Wesj2OQ4fYKD3NPu02Tm 2KOnMOGPXSnwXdPcUzK9MUjztsn0VroRrTISvOvaQYVcw4FzVZHReFxxv9pIbQQEoKZ+ U+tg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w30si239362pfl.445.2017.07.19.09.02.53; Wed, 19 Jul 2017 09:02:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933161AbdGSQCv (ORCPT + 25 others); Wed, 19 Jul 2017 12:02:51 -0400 Received: from foss.arm.com ([217.140.101.70]:42252 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932593AbdGSQCs (ORCPT ); Wed, 19 Jul 2017 12:02:48 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BDECD15BE; Wed, 19 Jul 2017 09:02:47 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 623783F577; Wed, 19 Jul 2017 09:02:45 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 03/11] arm64: add pointer authentication register bits Date: Wed, 19 Jul 2017 17:01:24 +0100 Message-Id: <1500480092-28480-4-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The ARMv8.3 pointer authentication extension adds: * New fields in ID_AA64ISAR1 to report the presence of pointer authentication functionality. * New control bits in SCTLR_ELx to enable this functionality. * New system registers to hold the keys necessary for this functionality. * A new ESR_ELx.EC code used when the new instructions are affected by configurable traps This patch adds the relevant definitions to and for these, to be used by subsequent patches. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/esr.h | 3 ++- arch/arm64/include/asm/sysreg.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) -- 1.9.1 diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index 8cabd57..f6ebc1f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -30,7 +30,8 @@ #define ESR_ELx_EC_CP14_LS (0x06) #define ESR_ELx_EC_FP_ASIMD (0x07) #define ESR_ELx_EC_CP10_ID (0x08) -/* Unallocated EC: 0x09 - 0x0B */ +#define ESR_ELx_EC_PAC (0x09) +/* Unallocated EC: 0x0A - 0x0B */ #define ESR_ELx_EC_CP14_64 (0x0C) /* Unallocated EC: 0x0d */ #define ESR_ELx_EC_ILL (0x0E) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 16e44fa..d902cc5 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -164,6 +164,19 @@ #define SYS_TTBR1_EL1 sys_reg(3, 0, 2, 0, 1) #define SYS_TCR_EL1 sys_reg(3, 0, 2, 0, 2) +#define SYS_APIAKEYLO_EL1 sys_reg(3, 0, 2, 1, 0) +#define SYS_APIAKEYHI_EL1 sys_reg(3, 0, 2, 1, 1) +#define SYS_APIBKEYLO_EL1 sys_reg(3, 0, 2, 1, 2) +#define SYS_APIBKEYHI_EL1 sys_reg(3, 0, 2, 1, 3) + +#define SYS_APDAKEYLO_EL1 sys_reg(3, 0, 2, 2, 0) +#define SYS_APDAKEYHI_EL1 sys_reg(3, 0, 2, 2, 1) +#define SYS_APDBKEYLO_EL1 sys_reg(3, 0, 2, 2, 2) +#define SYS_APDBKEYHI_EL1 sys_reg(3, 0, 2, 2, 3) + +#define SYS_APGAKEYLO_EL1 sys_reg(3, 0, 2, 3, 0) +#define SYS_APGAKEYHI_EL1 sys_reg(3, 0, 2, 3, 1) + #define SYS_ICC_PMR_EL1 sys_reg(3, 0, 4, 6, 0) #define SYS_AFSR0_EL1 sys_reg(3, 0, 5, 1, 0) @@ -296,7 +309,11 @@ #define SYS_ICH_LR15_EL2 __SYS__LR8_EL2(7) /* Common SCTLR_ELx flags. */ +#define SCTLR_ELx_ENIA (1 << 31) +#define SCTLR_ELx_ENIB (1 << 30) +#define SCTLR_ELx_ENDA (1 << 27) #define SCTLR_ELx_EE (1 << 25) +#define SCTLR_ELx_ENDB (1 << 13) #define SCTLR_ELx_I (1 << 12) #define SCTLR_ELx_SA (1 << 3) #define SCTLR_ELx_C (1 << 2) @@ -326,9 +343,22 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64isar1 */ +#define ID_AA64ISAR1_GPI_SHIFT 28 +#define ID_AA64ISAR1_GPA_SHIFT 24 #define ID_AA64ISAR1_LRCPC_SHIFT 20 #define ID_AA64ISAR1_FCMA_SHIFT 16 #define ID_AA64ISAR1_JSCVT_SHIFT 12 +#define ID_AA64ISAR1_APA_SHIFT 4 +#define ID_AA64ISAR1_API_SHIFT 8 + +#define ID_AA64ISAR1_APA_NI 0x0 +#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_API_NI 0x0 +#define ID_AA64ISAR1_API_IMP_DEF 0x1 +#define ID_AA64ISAR1_GPA_NI 0x0 +#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_GPI_NI 0x0 +#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 /* id_aa64pfr0 */ #define ID_AA64PFR0_GIC_SHIFT 24 From patchwork Wed Jul 19 16:01:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108301 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011663obm; Wed, 19 Jul 2017 09:03:03 -0700 (PDT) X-Received: by 10.84.168.195 with SMTP id f61mr680268plb.234.1500480183859; Wed, 19 Jul 2017 09:03:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480183; cv=none; d=google.com; s=arc-20160816; b=MSdxSmHIvd56XdX2li9jQu5BLqDIUSi/DUN7yVCnjQz2FfTyWbYumX2NwqCWXjh0jZ 4AFmTYtftB2XTSNwrQnOAykPcvtwNDn9JGGzH04sShAXt6z4va7FZHFXFmlK+k61mQlv vXs4n5jXIEngdvMTdW4ItpPBMbf4EIxcFo9SpvgoyAeEvmuaRa0wlR9s+cX8uu6vdvqa Z+g6zE7ww5vy584tbilOb7DVj96tJBORdATv+NtfcPgpLPiv/Ilg96GXxfNB7mfYgc5j J6o8EgrvSXxi+8ZuLguPEEx8iBmDVvFEokWQstxEzbWH/tpHF+Jbad26P6VykMiBHFNF vnZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=fa3eOWiet3sVJJ7JXPlXuIzZF74GWAYogHz2PwZvQ7Q=; b=QT12UyMzaLTSq6JAMnDYhAtC9/ZOHYXKhj26htV68PS2TPNGVcqbS4c/qa5/i6iucw ELBDcLLc1mRVhxlzauK3C7PpMMIJSdlO9U80fZLRXJSuzW5Tua6VwxWeYJvtFe0/81H/ U9T5Sox6ZFbKZ7DS2I7l+P60BW+2UqqYEQ2wBafpROTAMCA+h4Pemcq2Bp23WoLHm1jS Ph1CuzxsFshrBDYKJQ8T2NZcPzKVu8btIH6pEy39hXRxP2kTuj8oSHFQE8ZMz8gq3UoC ap58spjlnATE8SOo/BaiMUtRcGupIBF+0vEOq6zUVqT5Pc2uifUQ/9MMroVnAK/K20WY +E4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s139si240442pgs.644.2017.07.19.09.03.03; Wed, 19 Jul 2017 09:03:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755162AbdGSQC7 (ORCPT + 25 others); Wed, 19 Jul 2017 12:02:59 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42284 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932593AbdGSQC4 (ORCPT ); Wed, 19 Jul 2017 12:02:56 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C25C715BF; Wed, 19 Jul 2017 09:02:55 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6AB683F577; Wed, 19 Jul 2017 09:02:53 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 04/11] arm64/cpufeature: add ARMv8.3 id_aa64isar1 bits Date: Wed, 19 Jul 2017 17:01:25 +0100 Message-Id: <1500480092-28480-5-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >From ARMv8.3 onwards, ID_AA64ISAR1 is no longer entirely RES0, and now has four fields describing the presence of pointer authentication functionality: * APA - address authentication present, using an architected algorithm * API - address authentication present, using an IMP DEF algorithm * GPA - generic authentication present, using an architected algorithm * GPI - generic authentication present, using an IMP DEF algoithm This patch adds the requisite definitions so that we can identify the presence of this functionality. For the timebeing, the features are hidden from userspace. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Will Deacon Cc: Suzuki K Poulose --- arch/arm64/kernel/cpufeature.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) -- 1.9.1 Reviewed-by: Suzuki K Poulose diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 9f9e0064..b23ad83 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -120,7 +120,11 @@ static int __init register_cpu_hwcaps_dumper(void) ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), - ARM64_FTR_END, + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_GPI_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_GPA_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_API_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_APA_SHIFT, 4, 0), + ARM64_FTR_END }; static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { From patchwork Wed Jul 19 16:01:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108302 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011705obm; Wed, 19 Jul 2017 09:03:05 -0700 (PDT) X-Received: by 10.84.174.3 with SMTP id q3mr626584plb.289.1500480185645; Wed, 19 Jul 2017 09:03:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480185; cv=none; d=google.com; s=arc-20160816; b=B793SDWJQNYbACGnlVVsU1X8D5QEjlggkswkFH8BRjuVBOJTAgnT97CVCpiC0uSJjl Yc0CWkk6g0olpbV1PlBGmy8WQQ+qpXYPoGk61t+6IKY8nGK7Ds+51CRiPksmRgdas6sM VgphrxZb0lsIco5vOoNiqRYZ7IFE8jqwOceglGVVyneob1XgTIRavr66pc5IA5x1wsPi GnNjHjbvzXhfnrQwFQW+unxpdL+1OExpGgZeIFbdUwuChWs3oZMLVFyeBUxslC3Ce8UB s3JTeZiYdBKmCFxeI79QIuKzxjdYIAWXGTohayCe66KDq5Ti+5AfSFm2WmXZ2MkD22Oc H6KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=NtmXuX66YdJHrfZUBbAdRKXZayzacvCWoIaN4/+dLys=; b=HC9DrY86PwH6rVw8gu7Bh59TsoQehDeuA5OIg9pKVlQh03sjn0eYR93bsdiZlz04OH 6tFhL1H2RI0/m15OpW07V/qLTHUxmdOu8AA0iaJlt35JZVbYSm42ZJfWNC/28qAuircK ianBp4zZ04+HFAVrnHt9ZwX1BTwRuyLwd0UsHfzcUJatdLacr8un3yFHxJESGhJObSKa 4FTo8IoU8/UDq5abLYPstebUWqL0LZCjAbUgn3CAOg83K+Ldvwlr57CNFjit3iuO5lda Mq2l13sPBXe2wXorOcmXho8doss5Ei8rXtqwjvrnJoHXM63dmDCwRIVCrD8vO9N6gED4 XRAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s139si240442pgs.644.2017.07.19.09.03.05; Wed, 19 Jul 2017 09:03:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755503AbdGSQDB (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:01 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42300 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754369AbdGSQC7 (ORCPT ); Wed, 19 Jul 2017 12:02:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DD30E1610; Wed, 19 Jul 2017 09:02:58 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 875093F577; Wed, 19 Jul 2017 09:02:56 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 05/11] arm64/cpufeature: detect pointer authentication Date: Wed, 19 Jul 2017 17:01:26 +0100 Message-Id: <1500480092-28480-6-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org So that we can dynamically handle the presence of pointer authentication functionality, wire up probing code in cpufeature.c. Currently, this only detects the presence of an architected algorithm. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/cpucaps.h | 4 +++- arch/arm64/kernel/cpufeature.c | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) -- 1.9.1 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index 8d2272c..903b458 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -39,7 +39,9 @@ #define ARM64_WORKAROUND_QCOM_FALKOR_E1003 18 #define ARM64_WORKAROUND_858921 19 #define ARM64_WORKAROUND_CAVIUM_30115 20 +#define ARM64_HAS_ADDRESS_AUTH 21 +#define ARM64_HAS_GENERIC_AUTH 22 -#define ARM64_NCAPS 21 +#define ARM64_NCAPS 23 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index b23ad83..4016b1e7 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -892,6 +892,28 @@ static bool has_no_fpsimd(const struct arm64_cpu_capabilities *entry, int __unus .min_field_value = 0, .matches = has_no_fpsimd, }, +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + { + .desc = "Address authentication (architected algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH, + .def_scope = SCOPE_SYSTEM, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_APA_SHIFT, + .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, + .matches = has_cpuid_feature, + }, + { + .desc = "Generic authentication (architected algorithm)", + .capability = ARM64_HAS_GENERIC_AUTH, + .def_scope = SCOPE_SYSTEM, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_GPA_SHIFT, + .min_field_value = ID_AA64ISAR1_GPA_ARCHITECTED, + .matches = has_cpuid_feature + }, +#endif /* CONFIG_ARM64_POINTER_AUTHENTICATION */ {}, }; From patchwork Wed Jul 19 16:01:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108303 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011858obm; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) X-Received: by 10.84.195.131 with SMTP id j3mr605981pld.147.1500480193070; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480193; cv=none; d=google.com; s=arc-20160816; b=Tsjvutzg9D486GFH8Wmpq+bSQ003+rD1JyguJ6ECnWcoQP3FDmDL6TOePmezljyHd2 lKuX7/6+sMHq/WBeELjtUs8vUEAGh85RuU/r9MSEy5dPn67DCBntyzj7qwVE6yJDzNR1 Q5Z21E/+frL6i3+yscpI76HKBWMIprgF30zkm1id6GViINqSRnGCEyH8zzzrxWws4hsM aN6NXpIVyWzfpLM+bYCqfuPZPLFhzjuQBiNcYe9Z+YYDPmT89ru1KHTJ+H28mB5QpR2O WfRAQVM9F80UF/mKKf2XkJ67pQJ2NlbgwGSe+5rpqxily/R2yb65AZfaFabfBO2u3el3 UTww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Z6O+aBZy6eRPrlztAzvL6M+urmrlnj8UAqMUJppyNLo=; b=nZ9z0qZYKMh1musIzyfwrkU7ARqtvS5qnW2B0UTGvGB85nBegrDyfqMqlvNOGsLEDx lc+RURJruCV+i9DB1rfZkwcCzgBuL2SXhMNqwhIDa+2pzYjryY1iveQHLOI76Fa9jYxy orVnmaSbnAyiqfXV20y8J7IwOgDf7TekSx8SrNg6qr+v6Bwl5mE2MpSbKvDRrqvu3HsU Z6tFboUZhFZebmOCXDWpH/Bu+QLlMOEkEpgKjzo9aRDytT3v2Xiz8W4/K7qm9+gxMq3H cEz31MVBOCRDfMNEoINnFAJ4mdC2qLHoBrOU9ENtARmoiN8ch1TerDMTVF4s8bHxiQH0 Zo0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s144si270017pgs.186.2017.07.19.09.03.12; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933213AbdGSQDJ (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:09 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42312 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754369AbdGSQDH (ORCPT ); Wed, 19 Jul 2017 12:03:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F3B602B; Wed, 19 Jul 2017 09:03:06 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9AFE83F577; Wed, 19 Jul 2017 09:03:04 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 06/11] arm64: Don't trap host pointer auth use to EL2 Date: Wed, 19 Jul 2017 17:01:27 +0100 Message-Id: <1500480092-28480-7-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To allow EL0 (and/or EL1) to use pointer authentication functionality, we must ensure that pointer authentication instructions and accesses to pointer authentication keys are not trapped to EL2 (where we will not be able to handle them). This patch ensures that HCR_EL2 is configured appropriately when the kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK}, ensuring that EL1 can access keys and permit EL0 use of instructions. For VHE kernels, EL2 access is controlled by EL3, and we need not set anything. This does not enable support for KVM guests, since KVM manages HCR_EL2 itself. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Christoffer Dall Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 2 ++ arch/arm64/kernel/head.S | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) -- 1.9.1 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 61d694c..c1267e8 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -23,6 +23,8 @@ #include /* Hyp Configuration Register (HCR) bits */ +#define HCR_API (UL(1) << 41) +#define HCR_APK (UL(1) << 40) #define HCR_E2H (UL(1) << 34) #define HCR_ID (UL(1) << 33) #define HCR_CD (UL(1) << 32) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 973df7d..8b8e8d7 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -412,10 +412,25 @@ CPU_LE( bic x0, x0, #(1 << 25) ) // Clear the EE bit for EL2 /* Hyp configuration. */ mov x0, #HCR_RW // 64-bit EL1 - cbz x2, set_hcr + cbz x2, 1f orr x0, x0, #HCR_TGE // Enable Host Extensions orr x0, x0, #HCR_E2H -set_hcr: +1: +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + /* + * Disable pointer authentication traps to EL2. The HCR_EL2.{APK,API} + * bits exist iff at least one authentication mechanism is implemented. + */ + mrs x1, id_aa64isar1_el1 + mov_q x3, ((0xf << ID_AA64ISAR1_GPI_SHIFT) | \ + (0xf << ID_AA64ISAR1_GPA_SHIFT) | \ + (0xf << ID_AA64ISAR1_API_SHIFT) | \ + (0xf << ID_AA64ISAR1_APA_SHIFT)) + and x1, x1, x3 + cbz x1, 1f + orr x0, x0, #(HCR_APK | HCR_API) +1: +#endif msr hcr_el2, x0 isb From patchwork Wed Jul 19 16:01:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108304 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011923obm; Wed, 19 Jul 2017 09:03:16 -0700 (PDT) X-Received: by 10.99.42.80 with SMTP id q77mr586711pgq.300.1500480196400; Wed, 19 Jul 2017 09:03:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480196; cv=none; d=google.com; s=arc-20160816; b=DkohSxcvRPHr2pK1TQ0DmkJIelgRobAuI8sairYaSajg0lKFl2P9MMfNaWqvPsIcOK Mo6jGqaDBgfczqBMfUF75ANkd4JRFfr+E4XH6PMDAdOzOyMYkQz3lcqFqQIouqXBwY+C w0guQ2HueSssJ2BQPjzVgOSDmOABYEVkhBthQTxcjgiKVKVCmTv4xJDkIODPEJCWkm/C FccHB/67WHtcHzy5PtOQyDu4YYD40TK6yxV8ka7htnkWWWMbHxoshwl1FI/WeW7ohs4w o4+XEPBoermOYZAekZDZ+SrXY2Ws2apwEUd5v9sAK2vBGy3xOUxgtVCaU5201pJSX/ME EJxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=BdSMEH46o6rSjvJ1bYhwCzTLiY5pOn06dSRznPtYr2s=; b=Rw2xL4jx5B0ppo2Hm2QqR+JeTLWAEXk+BfNpjWM7/2zS+exaIOMieGGNT1rwujrrQo K4K7dtMDciijie01LfYeVD7Rdc16yD2+mXMgPz3JFCg2dm1yY9sz0GkOxj244wDc6Mhs fZJMx9iKCudlqlHykjiHI/jgFZ/aILRBuevfyhn/Nr73Zs9kdKy67HPGgtuI8LRqhNw6 7kLi6VGA2Qbglsarnjjm9S24UvEcJ07C3r9XaI7ueSOhUFDT5W4bzFDa6a2lkuVO9rag XJ5ynHCqZW27KuITb3E/96oDXW/VyV0+3rYD4xX4Q4avmK7omN7RHPYZJmv40VJnBl8p TpnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f30si80642plf.380.2017.07.19.09.03.15; Wed, 19 Jul 2017 09:03:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933275AbdGSQDN (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:13 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42330 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933218AbdGSQDK (ORCPT ); Wed, 19 Jul 2017 12:03:10 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4494A15AD; Wed, 19 Jul 2017 09:03:10 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DF4F23F577; Wed, 19 Jul 2017 09:03:07 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 07/11] arm64: add basic pointer authentication support Date: Wed, 19 Jul 2017 17:01:28 +0100 Message-Id: <1500480092-28480-8-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds basic support for pointer authentication, allowing userspace to make use of APIAKey. The kernel maintains an APIAKey value for each process (shared by all threads within), which is initialised to a random value at exec() time. Instructions using other keys (APIBKey, APDAKey, APDBKey) are disabled, and will behave as NOPs. These may be made use of in future patches. No support is added for the generic key (APGAKey), though this cannot be trapped or made to behave as a NOP. Its presence is not advertised with a hwcap. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/Kconfig | 23 +++++++++ arch/arm64/include/asm/mmu.h | 5 ++ arch/arm64/include/asm/mmu_context.h | 25 +++++++++- arch/arm64/include/asm/pointer_auth.h | 89 +++++++++++++++++++++++++++++++++++ arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 11 +++++ arch/arm64/kernel/cpuinfo.c | 1 + 7 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 arch/arm64/include/asm/pointer_auth.h -- 1.9.1 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index dfd9086..15a9931 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -962,6 +962,29 @@ config ARM64_UAO endmenu +menu "ARMv8.3 architectural features" + +config ARM64_POINTER_AUTHENTICATION + bool "Enable support for pointer authentication" + default y + help + Pointer authentication (part of the ARMv8.3 Extensions) provides + instructions for signing and authenticating pointers against secret + keys, which can be used to mitigate Return Oriented Programming (ROP) + and other attacks. + + This option enables these instructions at EL0 (i.e. for userspace). + + Choosing this option will cause the kernel to initialise secret keys + for each process at exec() time, with these keys being + context-switched along with the process. + + The feature is detected at runtime. If the feature is not present in + hardware it will not be advertised to userspace nor will it be + enabled. + +endmenu + config ARM64_MODULE_CMODEL_LARGE bool diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index 5468c83..6a848f3 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -16,10 +16,15 @@ #ifndef __ASM_MMU_H #define __ASM_MMU_H +#include + typedef struct { atomic64_t id; void *vdso; unsigned long flags; +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + struct ptrauth_keys ptrauth_keys; +#endif } mm_context_t; /* diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 3257895a..06757a5 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -31,7 +31,6 @@ #include #include #include -#include #include #include #include @@ -154,7 +153,14 @@ static inline void cpu_replace_ttbr1(pgd_t *pgd) #define destroy_context(mm) do { } while(0) void check_and_switch_context(struct mm_struct *mm, unsigned int cpu); -#define init_new_context(tsk,mm) ({ atomic64_set(&(mm)->context.id, 0); 0; }) +static inline int init_new_context(struct task_struct *tsk, + struct mm_struct *mm) +{ + atomic64_set(&mm->context.id, 0); + mm_ctx_ptrauth_init(&mm->context); + + return 0; +} /* * This is called when "tsk" is about to enter lazy TLB mode. @@ -200,6 +206,8 @@ static inline void __switch_mm(struct mm_struct *next) return; } + mm_ctx_ptrauth_switch(&next->context); + check_and_switch_context(next, cpu); } @@ -226,6 +234,19 @@ static inline void __switch_mm(struct mm_struct *next) void verify_cpu_asid_bits(void); +static inline void arch_dup_mmap(struct mm_struct *oldmm, + struct mm_struct *mm) +{ + mm_ctx_ptrauth_dup(&oldmm->context, &mm->context); +} +#define arch_dup_mmap arch_dup_mmap + +/* + * We need to override arch_dup_mmap before including the generic hooks, which + * are otherwise sufficient for us. + */ +#include + #endif /* !__ASSEMBLY__ */ #endif /* !__ASM_MMU_CONTEXT_H */ diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h new file mode 100644 index 0000000..964da0c --- /dev/null +++ b/arch/arm64/include/asm/pointer_auth.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2016 ARM Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#ifndef __ASM_POINTER_AUTH_H +#define __ASM_POINTER_AUTH_H + +#include + +#include +#include + +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION +/* + * Each key is a 128-bit quantity which is split accross a pair of 64-bit + * registers (Lo and Hi). + */ +struct ptrauth_key { + unsigned long lo, hi; +}; + +/* + * We give each process its own instruction A key (APIAKey), which is shared by + * all threads. This is inherited upon fork(), and reinitialised upon exec*(). + * All other keys are currently unused, with APIBKey, APDAKey, and APBAKey + * instructions behaving as NOPs. + */ +struct ptrauth_keys { + struct ptrauth_key apia; +}; + +static inline void ptrauth_keys_init(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + get_random_bytes(keys, sizeof(*keys)); +} + +#define __ptrauth_key_install(k, v) \ +do { \ + write_sysreg_s(v.lo, SYS_ ## k ## KEYLO_EL1); \ + write_sysreg_s(v.hi, SYS_ ## k ## KEYHI_EL1); \ +} while (0) + +static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + __ptrauth_key_install(APIA, keys->apia); +} + +static inline void ptrauth_keys_dup(struct ptrauth_keys *old, + struct ptrauth_keys *new) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + *new = *old; +} + +#define mm_ctx_ptrauth_init(ctx) \ + ptrauth_keys_init(&(ctx)->ptrauth_keys) + +#define mm_ctx_ptrauth_switch(ctx) \ + ptrauth_keys_switch(&(ctx)->ptrauth_keys) + +#define mm_ctx_ptrauth_dup(oldctx, newctx) \ + ptrauth_keys_dup(&(oldctx)->ptrauth_keys, &(newctx)->ptrauth_keys) + +#else +#define mm_ctx_ptrauth_init(ctx) +#define mm_ctx_ptrauth_switch(ctx) +#define mm_ctx_ptrauth_dup(oldctx, newctx) +#endif + +#endif /* __ASM_POINTER_AUTH_H */ diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 4e187ce..0481c73 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -35,5 +35,6 @@ #define HWCAP_JSCVT (1 << 13) #define HWCAP_FCMA (1 << 14) #define HWCAP_LRCPC (1 << 15) +#define HWCAP_APIA (1 << 16) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 4016b1e7..7e2885e 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -778,6 +778,15 @@ static bool runs_at_el2(const struct arm64_cpu_capabilities *entry, int __unused return is_kernel_in_hyp_mode(); } +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION +static int cpu_enable_address_auth(void *__unused) +{ + config_sctlr_el1(0, SCTLR_ELx_ENIA); + + return 0; +} +#endif /* CONFIG_ARM64_POINTER_AUTHENTICATION */ + static bool hyp_offset_low(const struct arm64_cpu_capabilities *entry, int __unused) { @@ -902,6 +911,7 @@ static bool has_no_fpsimd(const struct arm64_cpu_capabilities *entry, int __unus .field_pos = ID_AA64ISAR1_APA_SHIFT, .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, .matches = has_cpuid_feature, + .enable = cpu_enable_address_auth, }, { .desc = "Generic authentication (architected algorithm)", @@ -945,6 +955,7 @@ static bool has_no_fpsimd(const struct arm64_cpu_capabilities *entry, int __unus HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_JSCVT_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_JSCVT), HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_FCMA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_FCMA), HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_LRCPC_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_LRCPC), + HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_APIA), {}, }; diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index f495ee5..b5bd2d3 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -68,6 +68,7 @@ "jscvt", "fcma", "lrcpc", + "apia", NULL }; From patchwork Wed Jul 19 16:01:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108305 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1012039obm; Wed, 19 Jul 2017 09:03:21 -0700 (PDT) X-Received: by 10.99.140.13 with SMTP id m13mr529952pgd.333.1500480201492; Wed, 19 Jul 2017 09:03:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480201; cv=none; d=google.com; s=arc-20160816; b=f8xl9kgvpXP7HwCQzNRZon7I+AaPj27760+0p1bXLFt0PgsUrDzd0FgwY/8LGrBRPO 2Wb63LNVdRnwj3+kVSwQZDQEoAF4lT2RzhG5EaTyEUZJMo8kZhbrYUrVK3/6yHAs1HNP GgXeC41Kju6Jzr/w+PTxmxFrtRXyUA3HBtQ0kXTSvDr56SiHwLOzEnGl29cVNwS3jYVV q7uUIAZmP7/yMI1Vc5NQNxG5UBHWyymmG2L5hE/MZbmGJKVtH8m4M540hYFeosLJbZqB cmpZmsVu4hj1EdjXpPjGAvSuqexQYFcM3RyphvFZmETjLYCCW4Q0X5cxlxCn1gmClDQ6 roOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=t9EZq+cHbfo+A6/Dz1Kwo2or3rVauS/p2T0DFgbEG/c=; b=KT2dah6ABD/UA46xj1Is9zKkgm3NrnZB3d22K5C+nt2nmmZIWr38MKRykA7Q2+uhUv pOINr/5//fx++KAYAIGNhCJiNyC+RSuodPLFhKNKD0l6DFndPqXPNYe65sL8RhtHDt2j sAogS7Mi5VYlmhRgWS9kw1ct3PtESzSAcE6TpeR9JeUza873qt9+2fo9KB3BRh2mTaJD 2Nng8VCmW1JeDswLo3D5qJqwv+4pdQVdvWhvImletSmdEdj53oEHZ9jxujP7NcJNIEqt rcUhU0lTY/PbQeCgjtdPd44WcZ9Fbo2ihLhRAsn6xjKubaYbuJHdmWeeqq7f+Nr2rQqZ xR4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f30si80642plf.380.2017.07.19.09.03.21; Wed, 19 Jul 2017 09:03:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933327AbdGSQDS (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:18 -0400 Received: from foss.arm.com ([217.140.101.70]:42346 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933274AbdGSQDN (ORCPT ); Wed, 19 Jul 2017 12:03:13 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 72C6215B2; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 1C9C63F577; Wed, 19 Jul 2017 09:03:10 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 08/11] arm64: expose user PAC bit positions via ptrace Date: Wed, 19 Jul 2017 17:01:29 +0100 Message-Id: <1500480092-28480-9-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When pointer authentication is in use, data/instruction pointers have a number of PAC bits inserted into them. The number and position of these bits depends on the configured TCR_ELx.TxSZ and whether tagging is enabled. ARMv8.3 allows tagging to differ for instruction and data pointers. For userspace debuggers to unwind the stack and/or to follow pointer chains, they need to be able to remove the PAC bits before attempting to use a pointer. This patch adds a new structure with masks describing the location of the PAC bits in userspace instruction and data pointers (i.e. those addressable via TTBR0), which userspace can query via PTRACE_GETREGSET. By clearing these bits from pointers, userspace can acquire the PAC-less versions. This new regset is exposed when the kernel is built with (user) pointer authentication support, and the feature is enabled. Otherwise, it is hidden. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Jiong Wang Cc: Will Deacon Cc: Yao Qi --- arch/arm64/include/asm/pointer_auth.h | 8 +++++++ arch/arm64/include/uapi/asm/ptrace.h | 5 +++++ arch/arm64/kernel/ptrace.c | 39 +++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 4 files changed, 53 insertions(+) -- 1.9.1 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 964da0c..ae72c7c 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -16,9 +16,11 @@ #ifndef __ASM_POINTER_AUTH_H #define __ASM_POINTER_AUTH_H +#include #include #include +#include #include #ifdef CONFIG_ARM64_POINTER_AUTHENTICATION @@ -71,6 +73,12 @@ static inline void ptrauth_keys_dup(struct ptrauth_keys *old, *new = *old; } +/* + * The pointer bits used by a pointer authentication code. + * If we were to use tagged pointers, bits 63:56 would also apply. + */ +#define ptrauth_pac_mask() GENMASK(54, VA_BITS) + #define mm_ctx_ptrauth_init(ctx) \ ptrauth_keys_init(&(ctx)->ptrauth_keys) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index d1ff83d..5092fbf 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -90,6 +90,11 @@ struct user_hwdebug_state { } dbg_regs[16]; }; +struct user_pac_mask { + __u64 data_mask; + __u64 insn_mask; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 1b38c01..fae9d50 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -40,8 +40,10 @@ #include #include +#include #include #include +#include #include #include #include @@ -701,6 +703,30 @@ static int system_call_set(struct task_struct *target, return ret; } +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION +static int pac_mask_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) +{ + /* + * The PAC bits can differ across data and instruction pointers + * depending on TCR_EL1.TBID*, which we may make use of in future, so + * we expose separate masks. + */ + unsigned long mask = ptrauth_pac_mask(); + struct user_pac_mask uregs = { + .data_mask = mask, + .insn_mask = mask, + }; + + if (!cpus_have_cap(ARM64_HAS_ADDRESS_AUTH)) + return -EINVAL; + + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &uregs, 0, -1); +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -710,6 +736,9 @@ enum aarch64_regset { REGSET_HW_WATCH, #endif REGSET_SYSTEM_CALL, +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + REGSET_PAC_MASK, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -767,6 +796,16 @@ enum aarch64_regset { .get = system_call_get, .set = system_call_set, }, +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + [REGSET_PAC_MASK] = { + .core_note_type = NT_ARM_PAC_MASK, + .n = sizeof(struct user_pac_mask) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .get = pac_mask_get, + /* this cannot be set dynamically */ + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index b5280db..60652f1 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -416,6 +416,7 @@ #define NT_ARM_HW_BREAK 0x402 /* ARM hardware breakpoint registers */ #define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */ #define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */ +#define NT_ARM_PAC_MASK 0x406 /* ARM pointer authentication code masks */ #define NT_METAG_CBUF 0x500 /* Metag catch buffer registers */ #define NT_METAG_RPIPE 0x501 /* Metag read pipeline state */ #define NT_METAG_TLS 0x502 /* Metag TLS pointer */ From patchwork Wed Jul 19 16:01:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108308 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1012908obm; Wed, 19 Jul 2017 09:04:02 -0700 (PDT) X-Received: by 10.99.49.137 with SMTP id x131mr602471pgx.246.1500480242231; Wed, 19 Jul 2017 09:04:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480242; cv=none; d=google.com; s=arc-20160816; b=hIb6lhn03dsm6otjS/ZaC/ENu0JOgCuqbwC1/qvH0DTnvFvmRmNgsDIh1YfpRX1R/z eJwSON0mze+asVvNA4fAc7I8cCM/VVEK1GpjGd56Dn+eKY94aOnk3c22yqYvCWl/g+Ot 5TkB8Z3rCqyqp+D56WQfnlndrWn1yImbtyvge30b4J58ck4XAwIYnnDW9IecQzY8Dhs5 NC4WceWU+LIFlO4k0SmkayqLgTiVlf/BQrODbpsEZyIK5J5KV2R+Lhnv2ZCtrRZ9h10x s8pT1QHl9MgCjFY97m4C3YAhi0WDDkW3otZPa/TuzbaTuHFDpIRf4fpKyG70ObuQDNY+ pUVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Atbqv8EQU3ri3nvkltDm3Ewlo3Q04LmVGCxacdoA9cQ=; b=bWOT5yJtOcJ/Pxn9Pz+gsmndVzlw2rcEam0IxounVHym8TngADI5ht+0U8ntcBPAb7 VmCIUwyxriTTdlbUrF9LM0eJbQfIqgJzmRBbfRUq+t4bMz16oe45tPMG0nh4+umjSwNs BSZUjAJbC7l3llWQBFvRtX905MLUfVuPAT41FM988lX7AfWmMAt1EcEAmJnUmORsfoAZ px0yMOKI0Q0S1KyD0J4QSXDzMvM64Cmfd6lnTTNLBnHELv4UADcC6VxbHYvjeYUvs4OH BbAyNDN0DYURGu+5ZIHDlNFWBGXx1r3MxXwbmkuSfUYfpkBni4Z9WgtAk8ES0g4Ooco5 dW7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r9si242356pfb.420.2017.07.19.09.04.01; Wed, 19 Jul 2017 09:04:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932968AbdGSQD7 (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:59 -0400 Received: from foss.arm.com ([217.140.101.70]:42374 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933276AbdGSQDR (ORCPT ); Wed, 19 Jul 2017 12:03:17 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F191215BE; Wed, 19 Jul 2017 09:03:16 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 50D393F577; Wed, 19 Jul 2017 09:03:14 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 09/11] arm64/kvm: preserve host HCR_EL2 value Date: Wed, 19 Jul 2017 17:01:30 +0100 Message-Id: <1500480092-28480-10-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When restoring HCR_EL2 for the host, KVM uses HCR_HOST_VHE_FLAGS, which is a constant value. This works today, as the host HCR_EL2 value is always the same, but this will get in the way of supporting extensions that require HCR_EL2 bits to be set conditionally for the host. To allow such features to work without KVM having to explicitly handle every possible host feature combination, this patch has KVM save/restore the host HCR when switching to/from a guest HCR. For __{activate,deactivate}_traps(), the HCR save/restore is made common across the !VHE and VHE paths. As the host and guest HCR values must have E2H set when VHE is in use, register redirection should always be in effect at EL2, and this change should not adversely affect the VHE code. For the hyp TLB maintenance code, __tlb_switch_to_host_vhe() is updated to toggle the TGE bit with a RMW sequence, as we already do in __tlb_switch_to_guest_vhe(). The now unused HCR_HOST_VHE_FLAGS definition is removed. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc Zyngier Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 1 - arch/arm64/include/asm/kvm_host.h | 5 ++++- arch/arm64/kvm/hyp/switch.c | 5 +++-- arch/arm64/kvm/hyp/tlb.c | 6 +++++- 4 files changed, 12 insertions(+), 5 deletions(-) -- 1.9.1 Reviewed-by: Christoffer Dall diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index c1267e8..7b9c898 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -84,7 +84,6 @@ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) #define HCR_INT_OVERRIDE (HCR_FMO | HCR_IMO) -#define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) /* TCR_EL2 Registers bits */ #define TCR_EL2_RES1 ((1 << 31) | (1 << 23)) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index d686300..0d7c3dd 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -198,10 +198,13 @@ struct kvm_cpu_context { struct kvm_vcpu_arch { struct kvm_cpu_context ctxt; - /* HYP configuration */ + /* Guest HYP configuration */ u64 hcr_el2; u32 mdcr_el2; + /* Host HYP configuration */ + u64 host_hcr_el2; + /* Exception Information */ struct kvm_vcpu_fault_info fault; diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c index 945e79c..6108813 100644 --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -71,6 +71,8 @@ static void __hyp_text __activate_traps(struct kvm_vcpu *vcpu) { u64 val; + vcpu->arch.host_hcr_el2 = read_sysreg(hcr_el2); + /* * We are about to set CPTR_EL2.TFP to trap all floating point * register accesses to EL2, however, the ARM ARM clearly states that @@ -110,7 +112,6 @@ static void __hyp_text __deactivate_traps_vhe(void) MDCR_EL2_TPMS; write_sysreg(mdcr_el2, mdcr_el2); - write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2); write_sysreg(CPACR_EL1_FPEN, cpacr_el1); write_sysreg(vectors, vbar_el1); } @@ -123,7 +124,6 @@ static void __hyp_text __deactivate_traps_nvhe(void) mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; write_sysreg(mdcr_el2, mdcr_el2); - write_sysreg(HCR_RW, hcr_el2); write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); } @@ -145,6 +145,7 @@ static void __hyp_text __deactivate_traps(struct kvm_vcpu *vcpu) __deactivate_traps_arch()(); write_sysreg(0, hstr_el2); write_sysreg(0, pmuserenr_el0); + write_sysreg(vcpu->arch.host_hcr_el2, hcr_el2); } static void __hyp_text __activate_vm(struct kvm_vcpu *vcpu) diff --git a/arch/arm64/kvm/hyp/tlb.c b/arch/arm64/kvm/hyp/tlb.c index 73464a9..c2b0680 100644 --- a/arch/arm64/kvm/hyp/tlb.c +++ b/arch/arm64/kvm/hyp/tlb.c @@ -49,12 +49,16 @@ static hyp_alternate_select(__tlb_switch_to_guest, static void __hyp_text __tlb_switch_to_host_vhe(struct kvm *kvm) { + u64 val; + /* * We're done with the TLB operation, let's restore the host's * view of HCR_EL2. */ write_sysreg(0, vttbr_el2); - write_sysreg(HCR_HOST_VHE_FLAGS, hcr_el2); + val = read_sysreg(hcr_el2); + val |= HCR_TGE; + write_sysreg(val, hcr_el2); } static void __hyp_text __tlb_switch_to_host_nvhe(struct kvm *kvm) From patchwork Wed Jul 19 16:01:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108306 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1012180obm; Wed, 19 Jul 2017 09:03:27 -0700 (PDT) X-Received: by 10.99.155.10 with SMTP id r10mr576850pgd.123.1500480207283; Wed, 19 Jul 2017 09:03:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480207; cv=none; d=google.com; s=arc-20160816; b=NuNyV+Cq/WTArrrIZvkMJC3No/5ggGaUEsMugX7CAjyPHRM2VVim2btAOKDeL5Fg8j eJ97D2FEa00OpyC/kfBfVWN6nQL4zIwk2jHe8PavSapQzdUdNpYIxohfetV0PWLAT3vx PJMq4yU9oBVJbc40sn35OkIrbBh08dNmRK1A3s9TmsZucTY7wqXWyfPYAKur6/Od64HM gbUkEGYL5kt/ZpHfAxym4zNk2kDGU+2mt2k/Az7FEith6vwrotTDoJQUOcnA2uANGdZc dFppbZy6G35VLg1WhDQiDDUdwmUWaDcoVcDQ/XiTKTy69srj9udIPkRRToYlBpwoErxK thAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=JKhKcn0x9WFpKlBlnKQimIHRZJoGmv28Tr1+c36VK3k=; b=BQBbgxK6piQvCtZJVyA2NtWCR/NOWpvoqMWgIAVccHg0yWSsmnb/kXcksnAF021nt8 A7+lSYxRu8pq1qgDBauPkHywzE0v637h83asQZlZCKv0oDgFUJFzztyXKtUQ8Atto+3f fphtD1tQXc5aT+sy6jGY9V3nqMdrP0MNwmajNyows6kv9OjEPw4DTj4lobWaZNqyj/Aj THkqtYGx8YO6ROrmYSieEqTniuMyyQXJLuxzW+CCpyRrfbnVqmC4hbvA3Q3SMA6+xPgE ujx54kzCQrx8yLqWZ55Dz2IOTUMDt6NX08KrzDja4lrbE/UDYq7x3asKMd27lLYivmNe 3NAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k1si281258pgk.19.2017.07.19.09.03.26; Wed, 19 Jul 2017 09:03:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755550AbdGSQDX (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:23 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42396 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932685AbdGSQDU (ORCPT ); Wed, 19 Jul 2017 12:03:20 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 14B5B164F; Wed, 19 Jul 2017 09:03:20 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B053B3F577; Wed, 19 Jul 2017 09:03:17 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 10/11] arm64/kvm: context-switch ptrauth registers Date: Wed, 19 Jul 2017 17:01:31 +0100 Message-Id: <1500480092-28480-11-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When pointer authentication is supported, a guest may wish to use it. This patch adds the necessary KVM infrastructure for this to work, with a semi-lazy context switch of the pointer auth state. When we schedule a vcpu, we disable guest usage of pointer authentication instructions and accesses to the keys. While these are disabled, we avoid context-switching the keys. When we trap the guest trying to use pointer authentication functionality, we change to eagerly context-switching the keys, and enable the feature. The next time the vcpu is scheduled out/in, we start again. This is sufficient for systems with uniform pointer authentication support. For systems with mismatched support, it will be necessary to hide the feature from the guest's view of the ID registers. Signed-off-by: Mark Rutland Cc: Christoffer Dall Cc: Marc Zyngier Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_host.h | 23 +++++++++- arch/arm64/include/asm/kvm_hyp.h | 7 +++ arch/arm64/kvm/handle_exit.c | 21 +++++++++ arch/arm64/kvm/hyp/Makefile | 1 + arch/arm64/kvm/hyp/ptrauth-sr.c | 91 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kvm/hyp/switch.c | 4 ++ arch/arm64/kvm/sys_regs.c | 32 ++++++++++++++ 7 files changed, 178 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/kvm/hyp/ptrauth-sr.c -- 1.9.1 diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 0d7c3dd..f97defa 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -135,6 +135,18 @@ enum vcpu_sysreg { PMSWINC_EL0, /* Software Increment Register */ PMUSERENR_EL0, /* User Enable Register */ + /* Pointer Authentication Registers */ + APIAKEYLO_EL1, + APIAKEYHI_EL1, + APIBKEYLO_EL1, + APIBKEYHI_EL1, + APDAKEYLO_EL1, + APDAKEYHI_EL1, + APDBKEYLO_EL1, + APDBKEYHI_EL1, + APGAKEYLO_EL1, + APGAKEYHI_EL1, + /* 32bit specific registers. Keep them at the end of the range */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -368,10 +380,19 @@ static inline void __cpu_init_hyp_mode(phys_addr_t pgd_ptr, __kvm_call_hyp((void *)pgd_ptr, hyp_stack_ptr, vector_ptr); } +void kvm_arm_vcpu_ptrauth_enable(struct kvm_vcpu *vcpu); +void kvm_arm_vcpu_ptrauth_disable(struct kvm_vcpu *vcpu); +void kvm_arm_vcpu_ptrauth_trap(struct kvm_vcpu *vcpu); + static inline void kvm_arch_hardware_unsetup(void) {} static inline void kvm_arch_sync_events(struct kvm *kvm) {} static inline void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu) {} -static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) {} + +static inline void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu) +{ + kvm_arm_vcpu_ptrauth_disable(vcpu); +} + static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {} void kvm_arm_init_debug(void); diff --git a/arch/arm64/include/asm/kvm_hyp.h b/arch/arm64/include/asm/kvm_hyp.h index 4572a9b..3093f35 100644 --- a/arch/arm64/include/asm/kvm_hyp.h +++ b/arch/arm64/include/asm/kvm_hyp.h @@ -152,6 +152,13 @@ void __debug_restore_state(struct kvm_vcpu *vcpu, void __fpsimd_restore_state(struct user_fpsimd_state *fp_regs); bool __fpsimd_enabled(void); +void __ptrauth_switch_to_guest(struct kvm_vcpu *vcpu, + struct kvm_cpu_context *host_ctxt, + struct kvm_cpu_context *guest_ctxt); +void __ptrauth_switch_to_host(struct kvm_vcpu *vcpu, + struct kvm_cpu_context *host_ctxt, + struct kvm_cpu_context *guest_ctxt); + u64 __guest_enter(struct kvm_vcpu *vcpu, struct kvm_cpu_context *host_ctxt); void __noreturn __hyp_do_panic(unsigned long, ...); diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c index 17d8a16..9fc561f 100644 --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -136,6 +136,26 @@ static int kvm_handle_guest_debug(struct kvm_vcpu *vcpu, struct kvm_run *run) return ret; } +/* + * Handle the guest trying to use a ptrauth instruction, or trying to access a + * ptrauth register. + */ +void kvm_arm_vcpu_ptrauth_trap(struct kvm_vcpu *vcpu) +{ + if (cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH) && + cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH)) { + kvm_arm_vcpu_ptrauth_enable(vcpu); + } else { + kvm_inject_undefined(vcpu); + } +} + +static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu, struct kvm_run *run) +{ + kvm_arm_vcpu_ptrauth_trap(vcpu); + return 1; +} + static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run) { u32 hsr = kvm_vcpu_get_hsr(vcpu); @@ -168,6 +188,7 @@ static int kvm_handle_unknown_ec(struct kvm_vcpu *vcpu, struct kvm_run *run) [ESR_ELx_EC_BKPT32] = kvm_handle_guest_debug, [ESR_ELx_EC_BRK64] = kvm_handle_guest_debug, [ESR_ELx_EC_FP_ASIMD] = handle_no_fpsimd, + [ESR_ELx_EC_PAC] = kvm_handle_ptrauth, }; static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu) diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile index 14c4e3b..91f2100 100644 --- a/arch/arm64/kvm/hyp/Makefile +++ b/arch/arm64/kvm/hyp/Makefile @@ -18,6 +18,7 @@ obj-$(CONFIG_KVM_ARM_HOST) += fpsimd.o obj-$(CONFIG_KVM_ARM_HOST) += tlb.o obj-$(CONFIG_KVM_ARM_HOST) += hyp-entry.o obj-$(CONFIG_KVM_ARM_HOST) += s2-setup.o +obj-$(CONFIG_KVM_ARM_HOST) += ptrauth-sr.o # KVM code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may diff --git a/arch/arm64/kvm/hyp/ptrauth-sr.c b/arch/arm64/kvm/hyp/ptrauth-sr.c new file mode 100644 index 0000000..2784fb3 --- /dev/null +++ b/arch/arm64/kvm/hyp/ptrauth-sr.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2017 ARM Ltd + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include + +#include +#include +#include +#include + +static bool __hyp_text __ptrauth_is_enabled(struct kvm_vcpu *vcpu) +{ + return vcpu->arch.hcr_el2 & (HCR_API | HCR_APK); +} + +#define __ptrauth_save_key(regs, key) \ +({ \ + regs[key ## KEYLO_EL1] = read_sysreg_s(SYS_ ## key ## KEYLO_EL1); \ + regs[key ## KEYHI_EL1] = read_sysreg_s(SYS_ ## key ## KEYHI_EL1); \ +}) + +static void __hyp_text __ptrauth_save_state(struct kvm_cpu_context *ctxt) +{ + if (cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) { + __ptrauth_save_key(ctxt->sys_regs, APIA); + __ptrauth_save_key(ctxt->sys_regs, APIB); + __ptrauth_save_key(ctxt->sys_regs, APDA); + __ptrauth_save_key(ctxt->sys_regs, APDB); + } + + if (cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH)) { + __ptrauth_save_key(ctxt->sys_regs, APGA); + } +} + +#define __ptrauth_restore_key(regs, key) \ +({ \ + write_sysreg_s(regs[key ## KEYLO_EL1], SYS_ ## key ## KEYLO_EL1); \ + write_sysreg_s(regs[key ## KEYHI_EL1], SYS_ ## key ## KEYHI_EL1); \ +}) + +static void __hyp_text __ptrauth_restore_state(struct kvm_cpu_context *ctxt) +{ + + if (cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) { + __ptrauth_restore_key(ctxt->sys_regs, APIA); + __ptrauth_restore_key(ctxt->sys_regs, APIB); + __ptrauth_restore_key(ctxt->sys_regs, APDA); + __ptrauth_restore_key(ctxt->sys_regs, APDB); + } + + if (cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH)) { + __ptrauth_restore_key(ctxt->sys_regs, APGA); + } +} + +void __hyp_text __ptrauth_switch_to_guest(struct kvm_vcpu *vcpu, + struct kvm_cpu_context *host_ctxt, + struct kvm_cpu_context *guest_ctxt) +{ + if (!__ptrauth_is_enabled(vcpu)) + return; + + __ptrauth_save_state(host_ctxt); + __ptrauth_restore_state(guest_ctxt); +} + +void __hyp_text __ptrauth_switch_to_host(struct kvm_vcpu *vcpu, + struct kvm_cpu_context *host_ctxt, + struct kvm_cpu_context *guest_ctxt) +{ + if (!__ptrauth_is_enabled(vcpu)) + return; + + __ptrauth_save_state(guest_ctxt); + __ptrauth_restore_state(host_ctxt); +} diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c index 6108813..df609d9 100644 --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -309,6 +309,8 @@ int __hyp_text __kvm_vcpu_run(struct kvm_vcpu *vcpu) __sysreg_restore_guest_state(guest_ctxt); __debug_restore_state(vcpu, kern_hyp_va(vcpu->arch.debug_ptr), guest_ctxt); + __ptrauth_switch_to_guest(vcpu, host_ctxt, guest_ctxt); + /* Jump in the fire! */ again: exit_code = __guest_enter(vcpu, host_ctxt); @@ -367,6 +369,8 @@ int __hyp_text __kvm_vcpu_run(struct kvm_vcpu *vcpu) fp_enabled = __fpsimd_enabled(); + __ptrauth_switch_to_host(vcpu, host_ctxt, guest_ctxt); + __sysreg_save_guest_state(guest_ctxt); __sysreg32_save_state(vcpu); __timer_save_state(vcpu); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 7786288..0f7d9ae 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -837,6 +837,32 @@ static bool access_pmuserenr(struct kvm_vcpu *vcpu, struct sys_reg_params *p, { SYS_DESC(SYS_PMEVTYPERn_EL0(n)), \ access_pmu_evtyper, reset_unknown, (PMEVTYPER0_EL0 + n), } + +void kvm_arm_vcpu_ptrauth_enable(struct kvm_vcpu *vcpu) +{ + vcpu->arch.hcr_el2 |= (HCR_API | HCR_APK); +} + +void kvm_arm_vcpu_ptrauth_disable(struct kvm_vcpu *vcpu) +{ + vcpu->arch.hcr_el2 &= ~(HCR_API | HCR_APK); +} + +static bool trap_ptrauth(struct kvm_vcpu *vcpu, + struct sys_reg_params *p, + const struct sys_reg_desc *rd) +{ + kvm_arm_vcpu_ptrauth_trap(vcpu); + return false; +} + +#define __PTRAUTH_KEY(k) \ + { SYS_DESC(SYS_## k), trap_ptrauth, reset_unknown, k } + +#define PTRAUTH_KEY(k) \ + __PTRAUTH_KEY(k ## KEYLO_EL1), \ + __PTRAUTH_KEY(k ## KEYHI_EL1) + static bool access_cntp_tval(struct kvm_vcpu *vcpu, struct sys_reg_params *p, const struct sys_reg_desc *r) @@ -950,6 +976,12 @@ static bool access_cntp_cval(struct kvm_vcpu *vcpu, { SYS_DESC(SYS_TTBR1_EL1), access_vm_reg, reset_unknown, TTBR1_EL1 }, { SYS_DESC(SYS_TCR_EL1), access_vm_reg, reset_val, TCR_EL1, 0 }, + PTRAUTH_KEY(APIA), + PTRAUTH_KEY(APIB), + PTRAUTH_KEY(APDA), + PTRAUTH_KEY(APDB), + PTRAUTH_KEY(APGA), + { SYS_DESC(SYS_AFSR0_EL1), access_vm_reg, reset_unknown, AFSR0_EL1 }, { SYS_DESC(SYS_AFSR1_EL1), access_vm_reg, reset_unknown, AFSR1_EL1 }, { SYS_DESC(SYS_ESR_EL1), access_vm_reg, reset_unknown, ESR_EL1 }, From patchwork Wed Jul 19 16:01:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108307 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1012244obm; Wed, 19 Jul 2017 09:03:30 -0700 (PDT) X-Received: by 10.98.205.69 with SMTP id o66mr561274pfg.173.1500480210629; Wed, 19 Jul 2017 09:03:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480210; cv=none; d=google.com; s=arc-20160816; b=wb9vHrwXwf20xtswyAj93quZwnedSlvynm/K0mPDJXcxPSERksyglCt0nCNnj3+6Ey /YQ7wgqNlms4yCis0M37F/MnbYc9+67jTIDXxhnheygeIq0RJ1cBNP7AnYszPEKZVbDS TUDZ41w2J6iYFiRizSqMzw8olLSCFi3D3ePY0Q5TS+En8DlbJ0t3aiwLUFEOtVC78sMU I4SuvQrz5S/UveYpCRvmUbyDZdSqFEokunxcAoWjuswLKe6rxq8zyA4uHK49YlCG8Rxc +SxJAK2iJjb8xaxYd8Wj5WmXyOr5vUT6KgF5dvq/Y4XdPSgcfvalWQlEn5afjsnaOr95 heZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=q/XwlFjBoavp6idauAIDb8eWE4wneAtkCXMh92/vVSg=; b=YK0BkdxhXT95fVcLi6iHr+jwPmVDWnSi8NvQicnP/yw3cqNOAW6om8ECfQ3OHOeyg2 M13yA2GlUqMwyiJdCFz8G22W+nXulFm8HCTiPRG2/GByivLVeB3FcpbiznOPfk+M6etO 9aFi8M0XmQP337itpcri4nh1XeCbGjzNnSCl81yEWcwTiLdxQHzUBKCKhyN+yBvtKAHe cb4LFsLmjWbIULx/M53cnVbvbcPNZf3aDGayJp3Wt6QgZaUiwUdCWIhYhyDe3q+zYccA LHWibQTaU/ICUgZgDiqY5nAAiq2NGcsln7bggXLczShuWgJ5XL09X8lORws5spOlHlnd Izxw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si78402pln.563.2017.07.19.09.03.30; Wed, 19 Jul 2017 09:03:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755578AbdGSQD1 (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:27 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42410 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755538AbdGSQDX (ORCPT ); Wed, 19 Jul 2017 12:03:23 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2511915BF; Wed, 19 Jul 2017 09:03:23 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C1FCB3F577; Wed, 19 Jul 2017 09:03:20 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 11/11] arm64: docs: document pointer authentication Date: Wed, 19 Jul 2017 17:01:32 +0100 Message-Id: <1500480092-28480-12-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Now that we've added code to support pointer authentication, add some documentation so that people can figure out if/how to use it. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Jiong Wang Cc: Will Deacon Cc: Yao Qi --- Documentation/arm64/booting.txt | 8 +++ Documentation/arm64/elf_hwcaps.txt | 5 ++ Documentation/arm64/pointer-authentication.txt | 85 ++++++++++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 Documentation/arm64/pointer-authentication.txt -- 1.9.1 diff --git a/Documentation/arm64/booting.txt b/Documentation/arm64/booting.txt index 8d0df62..8df9f46 100644 --- a/Documentation/arm64/booting.txt +++ b/Documentation/arm64/booting.txt @@ -205,6 +205,14 @@ Before jumping into the kernel, the following conditions must be met: ICC_SRE_EL2.SRE (bit 0) must be initialised to 0b0. - The DT or ACPI tables must describe a GICv2 interrupt controller. + For CPUs with pointer authentication functionality: + - If EL3 is present: + SCR_EL3.APK (bit 16) must be initialised to 0b1 + SCR_EL3.API (bit 17) must be initialised to 0b1 + - If the kernel is entered at EL1: + HCR_EL2.APK (bit 40) must be initialised to 0b1 + HCR_EL2.API (bit 41) must be initialised to 0b1 + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt index 7bc2921..91c4441 100644 --- a/Documentation/arm64/elf_hwcaps.txt +++ b/Documentation/arm64/elf_hwcaps.txt @@ -131,3 +131,8 @@ HWCAP_LRCPC Functionality implied by ID_AA64ISAR1_EL1.LRCPC == 0b0001. +HWCAP_APIA + + EL0 AddPac and Auth functionality using APIAKey_EL1 is enabled, as + described by Documentation/arm64/pointer-authentication.txt. + diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt new file mode 100644 index 0000000..e9b5c6b --- /dev/null +++ b/Documentation/arm64/pointer-authentication.txt @@ -0,0 +1,85 @@ +Pointer authentication in AArch64 Linux +======================================= + +Author: Mark Rutland +Date: 2017-07-19 + +This document briefly describes the provision of pointer authentication +functionality in AArch64 Linux. + + +Architecture overview +--------------------- + +The ARMv8.3 Pointer Authentication extension adds primitives that can be +used to mitigate certain classes of attack where an attacker can corrupt +the contents of some memory (e.g. the stack). + +The extension uses a Pointer Authentication Code (PAC) to determine +whether pointers have been modified unexpectedly. A PAC is derived from +a pointer, another value (such as the stack pointer), and a secret key +held in system registers. + +The extension adds instructions to insert a valid PAC into a pointer, +and to verify/remove the PAC from a pointer. The PAC occupies a number +of high-order bits of the pointer, which varies dependent on the +configured virtual address size and whether pointer tagging is in use. + +A subset of these instructions have been allocated from the HINT +encoding space. In the absence of the extension (or when disabled), +these instructions behave as NOPs. Applications and libraries using +these instructions operate correctly regardless of the presence of the +extension. + + +Basic support +------------- + +When CONFIG_ARM64_POINTER_AUTHENTICATION is selected, and relevant HW +support is present, the kernel will assign a random APIAKey value to +each process at exec*() time. This key is shared by all threads within +the process, and the key is preserved across fork(). Presence of +functionality using APIAKey is advertised via HWCAP_APIA. + +Recent versions of GCC can compile code with APIAKey-based return +address protection when passed the -msign-return-address option. This +uses instructions in the HINT space, and such code can run on systems +without the pointer authentication extension. + +The remaining instruction and data keys (APIBKey, APDAKey, APDBKey) are +reserved for future use, and instructions using these keys must not be +used by software until a purpose and scope for their use has been +decided. To enable future software using these keys to function on +contemporary kernels, where possible, instructions using these keys are +made to behave as NOPs. + +The generic key (APGAKey) is currently unsupported. Instructions using +the generic key must not be used by software. + + +Debugging +--------- + +When CONFIG_ARM64_POINTER_AUTHENTICATION is selected, and relevant HW +support is present, the kernel will expose the position of TTBR0 PAC +bits in the NT_ARM_PAC_MASK regset (struct user_pac_mask), which +userspace can acqure via PTRACE_GETREGSET. + +Separate masks are exposed for data pointers and instruction pointers, +as the set of PAC bits can vary between the two. Debuggers should not +expect that HWCAP_APIA implies the presence (or non-presence) of this +regset -- in future the kernel may support the use of APIBKey, APDAKey, +and/or APBAKey, even in the absence of APIAKey. + +Note that the masks apply to TTBR0 addresses, and are not valid to apply +to TTBR1 addresses (e.g. kernel pointers). + + +Virtualization +-------------- + +When CONFIG_ARM64_POINTER_AUTHENTICATION is selected, and uniform HW +support is present, KVM will context switch all keys used by vCPUs. +Otherwise, the feature is disabled. When disabled, accesses to keys, or +use of instructions enabled within the guest will trap to EL2, and an +UNDEFINED exception will be injected into the guest.