From patchwork Thu May 3 13:20:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134893 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920078lji; Thu, 3 May 2018 06:20:48 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqIp1idfB0iztrifQ9fMEu9jCycT0v2IU0tZhR/ln3xlT3jPRyOyYOplWobbW/uFRsda38O X-Received: by 2002:a17:902:42e:: with SMTP id 43-v6mr2165534ple.365.1525353648101; Thu, 03 May 2018 06:20:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353648; cv=none; d=google.com; s=arc-20160816; b=Ulw1ZfiMHyNvAud67pUs6AYqXqeYWGJrWS1RiPwAOiYpUyD/yior8YqroMOJV3xj1h ZJXfMByPEcgaI35/ag6umvNonYrsSR77Jta2Sf+hJwvzjtXNJET2rmf5FLMVTZnajRCr i58sTbbxgdVrK2a2g2HI00qScTrjFHhLCD9B9sOdWOc6T6/x0v+zwgg8bFAHjBqiIWXv TAF9zWPUmPftm84lk0/eU2F89uFx/kHhWUAnijU4HxSZVWQOJlTnUBEDqcKdFMrf9t9g v3SQzJjaC7IMGDgFrBZBbEAr2CQqGsMhP4b8wNjUyLobngCYxT6kqKdFzz2H8HGZPaZI j+KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=LMD5f0EwKBjsG6J9F8f4uIaYPevd2L8RCUaeSal7aGQ=; b=Eq3505+6v7tuHEAHaWOq6l7MuH/PqbVySDj7AmLvqSLQtJsnGXTcY/BTanFBvwi3oX iTt+W5vxJ3jJJ1svZYV9jrlBdhzoxDHt3eBOfH+L64wh8YnkJeOlwOm35QeLdtYU5AFE geRgk9HGdGlrKZM85/wwCNYRCY+rBjCeQnp4UFswD7hhVbhVYHZuR8YtvvdHwiutNB2l P8WipFW4bEnA4K1ZeLl7OJn0jZ3lzFy4WxcRxQglI7eV+885aIizyQbKu+1wI1YkgfbG 2pu9IV48/b0hwPIMtgVq/VnBxmzQ0JYi8uEoASqa2tOsxQLAnBqKZRBCcZuSLn/e9ISG 6Bsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i12-v6si11317190pgr.256.2018.05.03.06.20.47; Thu, 03 May 2018 06:20:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751401AbeECNUp (ORCPT + 29 others); Thu, 3 May 2018 09:20:45 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41574 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbeECNUl (ORCPT ); Thu, 3 May 2018 09:20:41 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 915B91596; Thu, 3 May 2018 06:20:41 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 804A93F487; Thu, 3 May 2018 06:20:39 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 01/10] arm64: add pointer authentication register bits Date: Thu, 3 May 2018 14:20:22 +0100 Message-Id: <20180503132031.25705-2-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The ARMv8.3 pointer authentication extension adds: * New fields in ID_AA64ISAR1 to report the presence of pointer authentication functionality. * New control bits in SCTLR_ELx to enable this functionality. * New system registers to hold the keys necessary for this functionality. * A new ESR_ELx.EC code used when the new instructions are affected by configurable traps This patch adds the relevant definitions to and for these, to be used by subsequent patches. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Marc Zyngier Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/esr.h | 3 ++- arch/arm64/include/asm/sysreg.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ce70c3ffb993..022785162281 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -30,7 +30,8 @@ #define ESR_ELx_EC_CP14_LS (0x06) #define ESR_ELx_EC_FP_ASIMD (0x07) #define ESR_ELx_EC_CP10_ID (0x08) -/* Unallocated EC: 0x09 - 0x0B */ +#define ESR_ELx_EC_PAC (0x09) +/* Unallocated EC: 0x0A - 0x0B */ #define ESR_ELx_EC_CP14_64 (0x0C) /* Unallocated EC: 0x0d */ #define ESR_ELx_EC_ILL (0x0E) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 6171178075dc..426f0eb90101 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -171,6 +171,19 @@ #define SYS_TTBR1_EL1 sys_reg(3, 0, 2, 0, 1) #define SYS_TCR_EL1 sys_reg(3, 0, 2, 0, 2) +#define SYS_APIAKEYLO_EL1 sys_reg(3, 0, 2, 1, 0) +#define SYS_APIAKEYHI_EL1 sys_reg(3, 0, 2, 1, 1) +#define SYS_APIBKEYLO_EL1 sys_reg(3, 0, 2, 1, 2) +#define SYS_APIBKEYHI_EL1 sys_reg(3, 0, 2, 1, 3) + +#define SYS_APDAKEYLO_EL1 sys_reg(3, 0, 2, 2, 0) +#define SYS_APDAKEYHI_EL1 sys_reg(3, 0, 2, 2, 1) +#define SYS_APDBKEYLO_EL1 sys_reg(3, 0, 2, 2, 2) +#define SYS_APDBKEYHI_EL1 sys_reg(3, 0, 2, 2, 3) + +#define SYS_APGAKEYLO_EL1 sys_reg(3, 0, 2, 3, 0) +#define SYS_APGAKEYHI_EL1 sys_reg(3, 0, 2, 3, 1) + #define SYS_ICC_PMR_EL1 sys_reg(3, 0, 4, 6, 0) #define SYS_AFSR0_EL1 sys_reg(3, 0, 5, 1, 0) @@ -417,9 +430,13 @@ #define SYS_ICH_LR15_EL2 __SYS__LR8_EL2(7) /* Common SCTLR_ELx flags. */ +#define SCTLR_ELx_ENIA (1 << 31) +#define SCTLR_ELx_ENIB (1 << 30) +#define SCTLR_ELx_ENDA (1 << 27) #define SCTLR_ELx_EE (1 << 25) #define SCTLR_ELx_IESB (1 << 21) #define SCTLR_ELx_WXN (1 << 19) +#define SCTLR_ELx_ENDB (1 << 13) #define SCTLR_ELx_I (1 << 12) #define SCTLR_ELx_SA (1 << 3) #define SCTLR_ELx_C (1 << 2) @@ -510,11 +527,24 @@ #define ID_AA64ISAR0_AES_SHIFT 4 /* id_aa64isar1 */ +#define ID_AA64ISAR1_GPI_SHIFT 28 +#define ID_AA64ISAR1_GPA_SHIFT 24 #define ID_AA64ISAR1_LRCPC_SHIFT 20 #define ID_AA64ISAR1_FCMA_SHIFT 16 #define ID_AA64ISAR1_JSCVT_SHIFT 12 +#define ID_AA64ISAR1_API_SHIFT 8 +#define ID_AA64ISAR1_APA_SHIFT 4 #define ID_AA64ISAR1_DPB_SHIFT 0 +#define ID_AA64ISAR1_APA_NI 0x0 +#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_API_NI 0x0 +#define ID_AA64ISAR1_API_IMP_DEF 0x1 +#define ID_AA64ISAR1_GPA_NI 0x0 +#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 +#define ID_AA64ISAR1_GPI_NI 0x0 +#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 + /* id_aa64pfr0 */ #define ID_AA64PFR0_CSV3_SHIFT 60 #define ID_AA64PFR0_CSV2_SHIFT 56 From patchwork Thu May 3 13:20:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134902 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1921873lji; Thu, 3 May 2018 06:22:38 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqC2L5Ca7uG8y6qLWYst5za/m7X/gPeqgRmP3e2GdxcmD6AJl5IyO+fVRYfwnRbH+6qgl0U X-Received: by 2002:a17:902:82ca:: with SMTP id u10-v6mr24035660plz.160.1525353757936; Thu, 03 May 2018 06:22:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353757; cv=none; d=google.com; s=arc-20160816; b=GZJRO6tgIN3kDVeTrEhy0Ds/ARqieRGXDALYxwvymmwc1+mUxumugqFEuJ67OZ+iu5 Mc1uY+M0ybbzD2JS0KUbJ6bEI/rnspg7p1uLYxuuGinX18llEs+vVX5xUnHkiupXHeZZ vsIa+XFaVl7uwngd5L/mY8rt3d5pUBgiyIVWCuGJiizP4GluXIUFTX4tVT81UkXUE35u ZcQqhYpeHNW8wOSxlsTSkoLxFALo32w1T7bfCuzWfS058HqzcFQ80iB3SEuqNFdPXCzk q1bDglJ0QwmWqNOUHRmKxPoni4EWR0cHLtqqhGIEPbg5irhltOGnYADYFpfMkzek3neM TGDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=fnRFK/eKEMQ6c7v0GVXigRUR3xvSd2yAHLw+JZlabtM=; b=AUzuTpPLYrxqK5thbaSpnL6rHSPUCTpmM1ZnFE7W3XcTD3OgA8igSoqC/B0hB10lGp 6W3BLjlvnvV3KGDjlA6uK9KRGdeP6ScaWSrFnn7V4fF+r7dEigdSd7Y12y5DKhBWFLoL VeWfB36POA591TDN0NRWfzNxCeQLu87hbnZUnerg4a79/anV3PgH77mVs8E/NK4DssUV qf4+fq5rC4PHcQGDtvlJ9HVR5tzEyTTz/Mx3eenmHqV3hMfvhjYg+QMfeqnQ4ZE/juLW JKD4pTDWOVsua3XatIGKmpplC46Uz/C7IziWDixgD/N53SZF84LsW7DOT8OV7fIWvggz 1axw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s11-v6si11278100pgn.403.2018.05.03.06.22.37; Thu, 03 May 2018 06:22:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751726AbeECNWf (ORCPT + 29 others); Thu, 3 May 2018 09:22:35 -0400 Received: from foss.arm.com ([217.140.101.70]:41588 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751064AbeECNUo (ORCPT ); Thu, 3 May 2018 09:20:44 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 67DEB15B2; Thu, 3 May 2018 06:20:44 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 574443F487; Thu, 3 May 2018 06:20:42 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 02/10] arm64/kvm: consistently handle host HCR_EL2 flags Date: Thu, 3 May 2018 14:20:23 +0100 Message-Id: <20180503132031.25705-3-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In KVM we define the configuration of HCR_EL2 for a VHE HOST in HCR_HOST_VHE_FLAGS, but we don't have a similar definition for the non-VHE host flags, and open-code HCR_RW. Further, in head.S we open-code the flags for VHE and non-VHE configurations. In future, we're going to want to configure more flags for the host, so lets add a HCR_HOST_NVHE_FLAGS defintion, and consistently use both HCR_HOST_VHE_FLAGS and HCR_HOST_NVHE_FLAGS in the kvm code and head.S. We now use mov_q to generate the HCR_EL2 value, as we use when configuring other registers in head.S. Signed-off-by: Mark Rutland Reviewed-by: Christoffer Dall Cc: Catalin Marinas Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 1 + arch/arm64/kernel/head.S | 5 ++--- arch/arm64/kvm/hyp/switch.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 6dd285e979c9..89b3dda7e3cb 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -86,6 +86,7 @@ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ HCR_FMO | HCR_IMO) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) +#define HCR_HOST_NVHE_FLAGS (HCR_RW) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) /* TCR_EL2 Registers bits */ diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index b0853069702f..651a06b1980f 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -494,10 +494,9 @@ ENTRY(el2_setup) #endif /* Hyp configuration. */ - mov x0, #HCR_RW // 64-bit EL1 + mov_q x0, HCR_HOST_NVHE_FLAGS cbz x2, set_hcr - orr x0, x0, #HCR_TGE // Enable Host Extensions - orr x0, x0, #HCR_E2H + mov_q x0, HCR_HOST_VHE_FLAGS set_hcr: msr hcr_el2, x0 isb diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c index d9645236e474..cdae330e15e9 100644 --- a/arch/arm64/kvm/hyp/switch.c +++ b/arch/arm64/kvm/hyp/switch.c @@ -143,7 +143,7 @@ static void __hyp_text __deactivate_traps_nvhe(void) mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT; write_sysreg(mdcr_el2, mdcr_el2); - write_sysreg(HCR_RW, hcr_el2); + write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2); write_sysreg(CPTR_EL2_DEFAULT, cptr_el2); } From patchwork Thu May 3 13:20:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134894 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920140lji; Thu, 3 May 2018 06:20:52 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoRUq+W8H/eqaVPdvle2YUrM+oD59gaq438xEsQeTI++2sfsH/fiYy8xrozhk2OOT6+QU4Y X-Received: by 2002:a17:902:8e8b:: with SMTP id bg11-v6mr20787773plb.95.1525353652581; Thu, 03 May 2018 06:20:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353652; cv=none; d=google.com; s=arc-20160816; b=Bdwa+j+ISu7w0eloKYW0JM2q1P1VMb3Znif9/YH41Si2XAuoU1MfRe0qfgTtay0h3V M74ziTC4bQjX4UKgPgAPIvNUQc7N2EMcm3uvoU1h7MptR/yGu8XfE+XvTwB17lUOP2gb BT2Xz+tc9CwFijrsUbgwQwX6taoxVuqwsARWd7s9xmiry+0W/p8a0qX8CEvSkfwamYWJ 2lfek5nuPsgqBA8OyBF2mJIZmg9k1weDmNcTw18XLmp+bI3P43lb73N3V/ipxDrLJ6ij p6NXJtT6DsbeH17uPclYHfSHtNIigFu0/dlVa24NsKmTVBz9PBIPVMFt1SxHAxX3bbh3 BZkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Lv5HJWC5t9ju06g1hqftYmvrOAa26eRDTMn0b9sqL+U=; b=hMYLTg/X0tgShURZzRaRrzz+zPyXEe9ZDPkJei5LvWBM1ltGQCXrdeR+yDctvC1G1E sxYX4Sseo71v6q5CZLHYwkNYQzMkp3+utG/823nt2e3V+JndEQFsKS8ZuN27GfnmKpeU ThDSZMhWt/8sAyPf76/XEIhXVl6XnGVCVlcaTqFhk8cpy3XHswCL2AhVwRB1qukB22QD xCvMofhbpiRfNbeKPgHEhG02EoXHchNTONnL9Z42IX868ngU6SaT3VOkzVIMZUyNhWfK iW7AQ5j2ESuCbocyqQrzRFDaq6rBjdw3grdYMAx1A/X5QIVIe07xGdWlwpNSzccrDayJ 5QCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i12-v6si11317190pgr.256.2018.05.03.06.20.52; Thu, 03 May 2018 06:20:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751443AbeECNUu (ORCPT + 29 others); Thu, 3 May 2018 09:20:50 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41596 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbeECNUr (ORCPT ); Thu, 3 May 2018 09:20:47 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 377A81650; Thu, 3 May 2018 06:20:47 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 266BE3F487; Thu, 3 May 2018 06:20:45 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 03/10] arm64/kvm: hide ptrauth from guests Date: Thu, 3 May 2018 14:20:24 +0100 Message-Id: <20180503132031.25705-4-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In subsequent patches we're going to expose ptrauth to the host kernel and userspace, but things are a bit trickier for guest kernels. For the time being, let's hide ptrauth from KVM guests. Regardless of how well-behaved the guest kernel is, guest userspace could attempt to use ptrauth instructions, triggering a trap to EL2, resulting in noise from kvm_handle_unknown_ec(). So let's write up a handler for the PAC trap, which silently injects an UNDEF into the guest, as if the feature were really missing. Signed-off-by: Mark Rutland Reviewed-by: Andrew Jones Reviewed-by: Christoffer Dall Cc: Marc Zyngier Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/kvm/handle_exit.c | 18 ++++++++++++++++++ arch/arm64/kvm/sys_regs.c | 8 ++++++++ 2 files changed, 26 insertions(+) -- 2.11.0 diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c index e5e741bfffe1..5114ad691eae 100644 --- a/arch/arm64/kvm/handle_exit.c +++ b/arch/arm64/kvm/handle_exit.c @@ -173,6 +173,23 @@ static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run) return 1; } +/* + * Guest usage of a ptrauth instruction (which the guest EL1 did not turn into + * a NOP), or guest EL1 access to a ptrauth register. + */ +static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu, struct kvm_run *run) +{ + /* + * We don't currently suport ptrauth in a guest, and we mask the ID + * registers to prevent well-behaved guests from trying to make use of + * it. + * + * Inject an UNDEF, as if the feature really isn't present. + */ + kvm_inject_undefined(vcpu); + return 1; +} + static exit_handle_fn arm_exit_handlers[] = { [0 ... ESR_ELx_EC_MAX] = kvm_handle_unknown_ec, [ESR_ELx_EC_WFx] = kvm_handle_wfx, @@ -195,6 +212,7 @@ static exit_handle_fn arm_exit_handlers[] = { [ESR_ELx_EC_BKPT32] = kvm_handle_guest_debug, [ESR_ELx_EC_BRK64] = kvm_handle_guest_debug, [ESR_ELx_EC_FP_ASIMD] = handle_no_fpsimd, + [ESR_ELx_EC_PAC] = kvm_handle_ptrauth, }; static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 806b0b126a64..8b0dfc00bf5e 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1000,6 +1000,14 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz) task_pid_nr(current)); val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT); + } else if (id == SYS_ID_AA64ISAR1_EL1) { + const u64 ptrauth_mask = (0xfUL << ID_AA64ISAR1_APA_SHIFT) | + (0xfUL << ID_AA64ISAR1_API_SHIFT) | + (0xfUL << ID_AA64ISAR1_GPA_SHIFT) | + (0xfUL << ID_AA64ISAR1_GPI_SHIFT); + if (val & ptrauth_mask) + kvm_debug("ptrauth unsupported for guests, suppressing\n"); + val &= ~ptrauth_mask; } else if (id == SYS_ID_AA64MMFR1_EL1) { if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT)) pr_err_once("kvm [%i]: LORegions unsupported for guests, suppressing\n", From patchwork Thu May 3 13:20:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134901 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1921459lji; Thu, 3 May 2018 06:22:13 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpJVYZXb6YrkOo/Bp16bsCv8lCU+ENchXUH11GGDJ2NFdL7gd8NsYdjg2lWBNoukM3ORvmq X-Received: by 2002:a17:902:5502:: with SMTP id f2-v6mr23921120pli.108.1525353733445; Thu, 03 May 2018 06:22:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353733; cv=none; d=google.com; s=arc-20160816; b=YI04SuKKrBsPXL3NZyqiUZxNcq1+8Ns6+d3+1/MT5zETCU0PAW5R/1vv0MutwOcsRm PipYsPzZ2pIPNwpQ7H+HYGJXs00T8pBEmSu+s4xs5Q88kj3SWavK5IM62IoLwPdblDdA bPjdbMzkcFbpL5aIMHQsg5F7dRWNfZsdvhWcgY4WRleRPH9iUlhFyTqV1OjsfZqWDuyG JNyoGjyYPvH14WydxXcHwV5J2SoPxJVaBGUsa8n0MYEulO0qPxwilgL+2LsU7JVPWu2/ hM5blgkZBupgN93UZFg59U9jLbnVj9PP3yVSHcbQQSg3WeRwEoQc5jTVO3qZgepdXtvK 5BIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=KTRIMMpA1HriBhZ8sAEbOPNjjHXf22iLZfXNUFQHGNQ=; b=QAaQeJZ/f1+3Adg/pji0nnPx0EHxW3QSCTA5dz3S9b8fmuVlf2lAOrh7pWB2fEeC3j HQgJ0kZaX6ibOm9x+iDadm26KlW9DfjOxHIYE9GFq16C8+LbiWeWmIytk+aFWdITF4yT W2uH21RBZNSO6JOvD9BXqhSiG8OhrO1S3aRP9lhLKb4kEHceSUUjb2PLe2qJbPbKSbUR eFD0kILRzVx2aUO68/6WtFitBV/RIWSxGfhri3QKxSisjx++woo15RHtEcUIZ0EuEiP9 o+EuA7q/oOXT5sQZoMlrNqJ7GhJt+orC8Z3C0d7J64TUsELXkj4MDeAWJ5OzleN2pQKn iKbQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s11-v6si11278100pgn.403.2018.05.03.06.22.13; Thu, 03 May 2018 06:22:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751713AbeECNWL (ORCPT + 29 others); Thu, 3 May 2018 09:22:11 -0400 Received: from foss.arm.com ([217.140.101.70]:41608 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751412AbeECNUu (ORCPT ); Thu, 3 May 2018 09:20:50 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0DFA51682; Thu, 3 May 2018 06:20:50 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F18D03F487; Thu, 3 May 2018 06:20:47 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 04/10] arm64: Don't trap host pointer auth use to EL2 Date: Thu, 3 May 2018 14:20:25 +0100 Message-Id: <20180503132031.25705-5-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To allow EL0 (and/or EL1) to use pointer authentication functionality, we must ensure that pointer authentication instructions and accesses to pointer authentication keys are not trapped to EL2. This patch ensures that HCR_EL2 is configured appropriately when the kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK}, ensuring that EL1 can access keys and permit EL0 use of instructions. For VHE kernels host EL0 (TGE && E2H) is unaffected by these settings, and it doesn't matter how we configure HCR_EL2.{API,APK}, so we don't bother setting them. This does not enable support for KVM guests, since KVM manages HCR_EL2 itself when running VMs. Signed-off-by: Mark Rutland Acked-by: Christoffer Dall Cc: Catalin Marinas Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 89b3dda7e3cb..4d57e1e58323 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -23,6 +23,8 @@ #include /* Hyp Configuration Register (HCR) bits */ +#define HCR_API (UL(1) << 41) +#define HCR_APK (UL(1) << 40) #define HCR_TEA (UL(1) << 37) #define HCR_TERR (UL(1) << 36) #define HCR_TLOR (UL(1) << 35) @@ -86,7 +88,7 @@ HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \ HCR_FMO | HCR_IMO) #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF) -#define HCR_HOST_NVHE_FLAGS (HCR_RW) +#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) /* TCR_EL2 Registers bits */ From patchwork Thu May 3 13:20:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134895 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920290lji; Thu, 3 May 2018 06:21:01 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrTswobIGZD5iksrnyCGCEV7Ut1HGtm8UL0079ZOERci/ZfygCWrkB7j9na3HhcxHavA2aW X-Received: by 2002:a17:902:6ac6:: with SMTP id i6-v6mr15607115plt.31.1525353661099; Thu, 03 May 2018 06:21:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353661; cv=none; d=google.com; s=arc-20160816; b=iAiwJvEsqsOMFz9sLgYkwiybUF/ajW7lTTDes0or/Ldl8z7eHsHKGUXv+EHLlpBQQZ QIFuvRry2Ygzj7M8MSqduRaWgMXsgWJmhzrfEOc+r8C96EQOxOW3JGD+uvSJ0hIFPl7h 7jBiB4PsQgF2qJwcnw9Y2dcfrvNvia5p0X0JE/zPxNBfGC5iC4xSPTua4K3Q1AU2K3Dk Qyfw818vf0nLii6X082PXFKgcps83MKMFlmMzocDap9mCNsxryADJnUTRqshxHPs05KF HbNvNRgJV1c3BcyL6wvU32RKE9i1e5AITgN6waB89e/UXzL2/CCdhaXS/yUbeyTyzY/S 7wig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=XRqeiWN62iYC/SKfswSUlXoSTH6ynOz0k/prXfeTS9Y=; b=dNqqut34AkmjgadRx+M/ZilkIQOsMIib94xYo798zrbBWQw5EYYy0f4NuEKRPXp0+H 5KlkyapqbXX4RaWmz/sdGrr5ugrlDoWTPM6bY1mxCGtJaQOIgd+cLKBKhRWzOwQny6tB A3CyWk4I+zyrDPTY+UUzzA4zi20M5rZTKzGi8LpZvNrVQ1xgrn+i21cY9iahR3OQV29w +RT421LGZRjWMW4m2TECKkazH62uHOZSIFQnpoU59QmFCzcJODtsaABBH3HX6YrUd5Q1 vmmn1lkN2eoYwJQt/9sWlTd2gUitfwPaGIKptP/6oDBXxdd8fWs6GKlG//ETwJh12CYb ziIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r1-v6si13900037plb.430.2018.05.03.06.21.00; Thu, 03 May 2018 06:21:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751480AbeECNU6 (ORCPT + 29 others); Thu, 3 May 2018 09:20:58 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41622 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbeECNUx (ORCPT ); Thu, 3 May 2018 09:20:53 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D221F1684; Thu, 3 May 2018 06:20:52 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C1E633F487; Thu, 3 May 2018 06:20:50 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 05/10] arm64/cpufeature: detect pointer authentication Date: Thu, 3 May 2018 14:20:26 +0100 Message-Id: <20180503132031.25705-6-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org So that we can dynamically handle the presence of pointer authentication functionality, wire up probing code in cpufeature.c. >From ARMv8.3 onwards, ID_AA64ISAR1 is no longer entirely RES0, and now has four fields describing the presence of pointer authentication functionality: * APA - address authentication present, using an architected algorithm * API - address authentication present, using an IMP DEF algorithm * GPA - generic authentication present, using an architected algorithm * GPI - generic authentication present, using an IMP DEF algorithm For the moment we only care about address authentication, so we only need to check APA and API. It is assumed that if all CPUs support an IMP DEF algorithm, the same algorithm is used across all CPUs. Note that when we implement KVM support, we will also need to ensure that CPUs have uniform support for GPA and GPI. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/cpucaps.h | 5 ++++- arch/arm64/kernel/cpufeature.c | 47 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index bc51b72fafd4..9dcb4d1b14f5 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -48,7 +48,10 @@ #define ARM64_HAS_CACHE_IDC 27 #define ARM64_HAS_CACHE_DIC 28 #define ARM64_HW_DBM 29 +#define ARM64_HAS_ADDRESS_AUTH_ARCH 30 +#define ARM64_HAS_ADDRESS_AUTH_IMP_DEF 31 +#define ARM64_HAS_ADDRESS_AUTH 32 -#define ARM64_NCAPS 30 +#define ARM64_NCAPS 33 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 536d572e5596..01b1a7e7d70f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -142,6 +142,10 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_API_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_APA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -1025,6 +1029,22 @@ static void cpu_copy_el2regs(const struct arm64_cpu_capabilities *__unused) } #endif +#ifdef CONFIG_ARM64_PTR_AUTH +static bool has_address_auth(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + u64 isar1 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR1_EL1); + bool api, apa; + + apa = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_APA_SHIFT) > 0; + api = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_API_SHIFT) > 0; + + return apa || api; +} +#endif /* CONFIG_ARM64_PTR_AUTH */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1201,6 +1221,33 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_hw_dbm, }, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + { + .desc = "Address authentication (architected algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_ARCH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_APA_SHIFT, + .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, + .matches = has_cpuid_feature, + }, + { + .desc = "Address authentication (IMP DEF algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_IMP_DEF, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_API_SHIFT, + .min_field_value = ID_AA64ISAR1_API_IMP_DEF, + .matches = has_cpuid_feature, + }, + { + .capability = ARM64_HAS_ADDRESS_AUTH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_address_auth, + }, +#endif /* CONFIG_ARM64_PTR_AUTH */ {}, }; From patchwork Thu May 3 13:20:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134896 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920323lji; Thu, 3 May 2018 06:21:03 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrLZSSN1eZ6ZnahRD+Eypz+gYSMauWzzv6H9XwSfnGn2UkgORRnXTpKhZlmS5mMXm7flL1y X-Received: by 2002:a17:902:ab83:: with SMTP id f3-v6mr23585360plr.344.1525353663134; Thu, 03 May 2018 06:21:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353663; cv=none; d=google.com; s=arc-20160816; b=t/lj0to/cV+c0nbYulyZ670xqmslHJ6yXKpDYZbVQAE9df0m22bMm7phB7W9wRhOza xAInWGAibiyR8cz+VQ2EUNjjH/8O74Tp6t3HH0eUnKcmWp1xFF57ejS/I5Irwt4uybIy gvx9zGitIaw0UQo/0DabMyXa6BX3lmcrAyf+Yu+sfLoakTPGvSpukD9hDG+cbtvPmYKZ MgRSZ712PQgDIWL54+4TdXQsprpQpNSJYGeOuOc3Gmpxz8RXZffPXY6T+GGq+g0WbRz2 mKmFzEMB6DW39ciFmCKqaNgIfyjFkVYUgnrJLPL0UJ+EANwJn66XyCoSlefv/2oBxOZ0 cAtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=a7n2kWUpKiZckoMVH/K7C7srFq28Tg7MczIhTFCBmtM=; b=ICJNr730p3TSu0c6TTG3sMawnPSvzBKGTOpx6AwV5TeyQcKxKkOYpTEVq1Hj9gEYEh pvymAxhyGWfMPfvOCeitFrzjc/b3UzIO9Xe6n8CyXs/zopctcMG/MKM3GNb4nWjMcP4d QlgWpRD9l40ICoekeky+eUqtB/m2dNAKErgb3iVDpI9Q1kS12z+XNCpeS0BD3r1RFLi8 BGMSwoSO/XPZRc6+bEpCBxVaUUSOXvGgGjJgNjm6JS12leFeARIbRFB5uT69zrtGqoHB XJ9mblcx9iwyb85H4SgT97gHfmh+53C8iYJ80WbKKi2XYKEhWa8J2vrEQwSK/TLU6P7C uHOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r1-v6si13900037plb.430.2018.05.03.06.21.02; Thu, 03 May 2018 06:21:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751507AbeECNVA (ORCPT + 29 others); Thu, 3 May 2018 09:21:00 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41632 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750970AbeECNUz (ORCPT ); Thu, 3 May 2018 09:20:55 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 94BFD1688; Thu, 3 May 2018 06:20:55 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 842DF3F487; Thu, 3 May 2018 06:20:53 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 06/10] arm64: add basic pointer authentication support Date: Thu, 3 May 2018 14:20:27 +0100 Message-Id: <20180503132031.25705-7-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds basic support for pointer authentication, allowing userspace to make use of APIAKey. The kernel maintains an APIAKey value for each process (shared by all threads within), which is initialised to a random value at exec() time. To describe that address authentication instructions are available, the ID_AA64ISAR0.{APA,API} fields are exposed to userspace. A new hwcap, APIA, is added to describe that the kernel manages APIAKey. Instructions using other keys (APIBKey, APDAKey, APDBKey) are disabled, and will behave as NOPs. These may be made use of in future patches. No support is added for the generic key (APGAKey), though this cannot be trapped or made to behave as a NOP. Its presence is not advertised with a hwcap. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/mmu.h | 5 +++ arch/arm64/include/asm/mmu_context.h | 11 ++++- arch/arm64/include/asm/pointer_auth.h | 75 +++++++++++++++++++++++++++++++++++ arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 9 +++++ arch/arm64/kernel/cpuinfo.c | 1 + 6 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 arch/arm64/include/asm/pointer_auth.h -- 2.11.0 Tested-by: Adam Wallis diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h index dd320df0d026..f6480ea7b0d5 100644 --- a/arch/arm64/include/asm/mmu.h +++ b/arch/arm64/include/asm/mmu.h @@ -25,10 +25,15 @@ #ifndef __ASSEMBLY__ +#include + typedef struct { atomic64_t id; void *vdso; unsigned long flags; +#ifdef CONFIG_ARM64_PTR_AUTH + struct ptrauth_keys ptrauth_keys; +#endif } mm_context_t; /* diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 39ec0b8a689e..83eadbc6b946 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -168,7 +168,14 @@ static inline void cpu_replace_ttbr1(pgd_t *pgdp) #define destroy_context(mm) do { } while(0) void check_and_switch_context(struct mm_struct *mm, unsigned int cpu); -#define init_new_context(tsk,mm) ({ atomic64_set(&(mm)->context.id, 0); 0; }) +static inline int init_new_context(struct task_struct *tsk, + struct mm_struct *mm) +{ + atomic64_set(&mm->context.id, 0); + mm_ctx_ptrauth_init(&mm->context); + + return 0; +} #ifdef CONFIG_ARM64_SW_TTBR0_PAN static inline void update_saved_ttbr0(struct task_struct *tsk, @@ -216,6 +223,8 @@ static inline void __switch_mm(struct mm_struct *next) return; } + mm_ctx_ptrauth_switch(&next->context); + check_and_switch_context(next, cpu); } diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h new file mode 100644 index 000000000000..034877ee28bc --- /dev/null +++ b/arch/arm64/include/asm/pointer_auth.h @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: GPL-2.0 +#ifndef __ASM_POINTER_AUTH_H +#define __ASM_POINTER_AUTH_H + +#include + +#include +#include + +#ifdef CONFIG_ARM64_PTR_AUTH +/* + * Each key is a 128-bit quantity which is split accross a pair of 64-bit + * registers (Lo and Hi). + */ +struct ptrauth_key { + unsigned long lo, hi; +}; + +/* + * We give each process its own instruction A key (APIAKey), which is shared by + * all threads. This is inherited upon fork(), and reinitialised upon exec*(). + * All other keys are currently unused, with APIBKey, APDAKey, and APBAKey + * instructions behaving as NOPs. + */ +struct ptrauth_keys { + struct ptrauth_key apia; +}; + +static inline void ptrauth_keys_init(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + get_random_bytes(keys, sizeof(*keys)); +} + +#define __ptrauth_key_install(k, v) \ +do { \ + write_sysreg_s(v.lo, SYS_ ## k ## KEYLO_EL1); \ + write_sysreg_s(v.hi, SYS_ ## k ## KEYHI_EL1); \ +} while (0) + +static inline void ptrauth_keys_switch(struct ptrauth_keys *keys) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + __ptrauth_key_install(APIA, keys->apia); +} + +static inline void ptrauth_keys_dup(struct ptrauth_keys *old, + struct ptrauth_keys *new) +{ + if (!cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH)) + return; + + *new = *old; +} + +#define mm_ctx_ptrauth_init(ctx) \ + ptrauth_keys_init(&(ctx)->ptrauth_keys) + +#define mm_ctx_ptrauth_switch(ctx) \ + ptrauth_keys_switch(&(ctx)->ptrauth_keys) + +#define mm_ctx_ptrauth_dup(oldctx, newctx) \ + ptrauth_keys_dup(&(oldctx)->ptrauth_keys, &(newctx)->ptrauth_keys) + +#else +#define mm_ctx_ptrauth_init(ctx) +#define mm_ctx_ptrauth_switch(ctx) +#define mm_ctx_ptrauth_dup(oldctx, newctx) +#endif + +#endif /* __ASM_POINTER_AUTH_H */ diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 17c65c8f33cb..01f02ac500ae 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -48,5 +48,6 @@ #define HWCAP_USCAT (1 << 25) #define HWCAP_ILRCPC (1 << 26) #define HWCAP_FLAGM (1 << 27) +#define HWCAP_APIA (1 << 28) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 01b1a7e7d70f..f418d4cb6691 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1030,6 +1030,11 @@ static void cpu_copy_el2regs(const struct arm64_cpu_capabilities *__unused) #endif #ifdef CONFIG_ARM64_PTR_AUTH +static void cpu_enable_address_auth(struct arm64_cpu_capabilities const *cap) +{ + config_sctlr_el1(0, SCTLR_ELx_ENIA); +} + static bool has_address_auth(const struct arm64_cpu_capabilities *entry, int __unused) { @@ -1246,6 +1251,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .capability = ARM64_HAS_ADDRESS_AUTH, .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_address_auth, + .cpu_enable = cpu_enable_address_auth, }, #endif /* CONFIG_ARM64_PTR_AUTH */ {}, @@ -1293,6 +1299,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { #ifdef CONFIG_ARM64_SVE HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE), #endif +#ifdef CONFIG_ARM64_PNTR_AUTH + HWCAP_CAP(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT, FTR_UNSIGNED, 1, CAP_HWCAP, HWCAP_APIA), +#endif {}, }; diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index e9ab7b3ed317..608411e3aaff 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -81,6 +81,7 @@ static const char *const hwcap_str[] = { "uscat", "ilrcpc", "flagm", + "apia", NULL }; From patchwork Thu May 3 13:20:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134900 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1921124lji; Thu, 3 May 2018 06:21:53 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqCROQzbqilfap2Vg5XTj0iINRTfc4jLnAmTSoJHcNF9AIv5sqEhWrlnRfS0opIbJOPNjpU X-Received: by 2002:a17:902:1665:: with SMTP id g92-v6mr24259917plg.195.1525353713363; Thu, 03 May 2018 06:21:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353713; cv=none; d=google.com; s=arc-20160816; b=h2Zflq65+VmQOFJLlbP7dBXf5DvF/HyGd/PwcTSOOBRcwiOqAJCiBb0kjcHZ833TXv o1vdSpmXo+UaNKuySaxkJ2s/n8CpQBgExdlF8r+bY8eMFBlTDDwAFzaTAIZf5NRhwsAG rpGs+iPObU9KZ6PC5dT0uvFLBxiTMh0yF0sisIvDsCbxgdex4lmsWDUyu9c3CLLunokS kzOcf2beXoShxnPA69RkRjBxphsqybOIAVgmPvakVkzQibAxweOmxNpyUOjYph7b6AYd 4/Z0ytZvHWkeqgPWOb4X5ZsezxLhMlioEfUTxkrgXnJr4hv30UU4eFCk2nGD5qQu9vik kocA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=T1lucSh1e2zaegQY3r/myMlnw1T+V+VahNDwy915TM0=; b=Jjzi5M5MqhjMJ8gBRD6ohGMtueJeiojANJqmfxU1YhT8FnDZG+HELyVlibsBCByQ4Y PKJfMKps7tI5DSuC8UonLt45qaRQ+lns4G3Z38z4/VR0UBCJcMDsVjYP+oSq91TD+dxg fi4T0oUqFeFKC1wgsDaXuWILsgnqHTJsfuVuLjh6NQjtum0rulPXqkZB1nFKhF0E3BkJ i9q765jcPnPxlMvZ9EY4oH8ES9OjPdWMi/jVCXHdafwnmJUwU9BxqfvNv6bbo7quyoMv ktAXUgydhTLmNJif36e8VFQllQNdJcZdx611BMbAlZCSyBFyccYI7Ven+EwkmU8G8m/u MueQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7-v6si13639393plk.397.2018.05.03.06.21.53; Thu, 03 May 2018 06:21:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751676AbeECNVv (ORCPT + 29 others); Thu, 3 May 2018 09:21:51 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41646 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750922AbeECNU6 (ORCPT ); Thu, 3 May 2018 09:20:58 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 57B49169F; Thu, 3 May 2018 06:20:58 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 479D43F487; Thu, 3 May 2018 06:20:56 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 07/10] arm64: expose user PAC bit positions via ptrace Date: Thu, 3 May 2018 14:20:28 +0100 Message-Id: <20180503132031.25705-8-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When pointer authentication is in use, data/instruction pointers have a number of PAC bits inserted into them. The number and position of these bits depends on the configured TCR_ELx.TxSZ and whether tagging is enabled. ARMv8.3 allows tagging to differ for instruction and data pointers. For userspace debuggers to unwind the stack and/or to follow pointer chains, they need to be able to remove the PAC bits before attempting to use a pointer. This patch adds a new structure with masks describing the location of the PAC bits in userspace instruction and data pointers (i.e. those addressable via TTBR0), which userspace can query via PTRACE_GETREGSET. By clearing these bits from pointers (and replacing them with the value of bit 55), userspace can acquire the PAC-less versions. This new regset is exposed when the kernel is built with (user) pointer authentication support, and the feature is enabled. Otherwise, it is hidden. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- arch/arm64/include/asm/pointer_auth.h | 8 ++++++++ arch/arm64/include/uapi/asm/ptrace.h | 7 +++++++ arch/arm64/kernel/ptrace.c | 38 +++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 4 files changed, 54 insertions(+) -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 034877ee28bc..0263b87f95f7 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -2,9 +2,11 @@ #ifndef __ASM_POINTER_AUTH_H #define __ASM_POINTER_AUTH_H +#include #include #include +#include #include #ifdef CONFIG_ARM64_PTR_AUTH @@ -57,6 +59,12 @@ static inline void ptrauth_keys_dup(struct ptrauth_keys *old, *new = *old; } +/* + * The EL0 pointer bits used by a pointer authentication code. + * This is dependent on TBI0 being enabled, or bits 63:56 would also apply. + */ +#define ptrauth_pac_mask() GENMASK(54, VA_BITS) + #define mm_ctx_ptrauth_init(ctx) \ ptrauth_keys_init(&(ctx)->ptrauth_keys) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 98c4ce55d9c3..4994d718771a 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -228,6 +228,13 @@ struct user_sve_header { SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags) \ : SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags)) +/* pointer authentication masks (NT_ARM_PAC_MASK) */ + +struct user_pac_mask { + __u64 data_mask; + __u64 insn_mask; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 71d99af24ef2..f395649f755e 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -951,6 +952,30 @@ static int sve_set(struct task_struct *target, #endif /* CONFIG_ARM64_SVE */ +#ifdef CONFIG_ARM64_PTR_AUTH +static int pac_mask_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) +{ + /* + * The PAC bits can differ across data and instruction pointers + * depending on TCR_EL1.TBID*, which we may make use of in future, so + * we expose separate masks. + */ + unsigned long mask = ptrauth_pac_mask(); + struct user_pac_mask uregs = { + .data_mask = mask, + .insn_mask = mask, + }; + + if (!cpus_have_cap(ARM64_HAS_ADDRESS_AUTH)) + return -EINVAL; + + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &uregs, 0, -1); +} +#endif /* CONFIG_ARM64_PTR_AUTH */ + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -963,6 +988,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_SVE REGSET_SVE, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + REGSET_PAC_MASK, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1032,6 +1060,16 @@ static const struct user_regset aarch64_regsets[] = { .get_size = sve_get_size, }, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + [REGSET_PAC_MASK] = { + .core_note_type = NT_ARM_PAC_MASK, + .n = sizeof(struct user_pac_mask) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .get = pac_mask_get, + /* this cannot be set dynamically */ + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index e2535d6dcec7..070c28121979 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -420,6 +420,7 @@ typedef struct elf64_shdr { #define NT_ARM_HW_WATCH 0x403 /* ARM hardware watchpoint registers */ #define NT_ARM_SYSTEM_CALL 0x404 /* ARM system call number */ #define NT_ARM_SVE 0x405 /* ARM Scalable Vector Extension registers */ +#define NT_ARM_PAC_MASK 0x406 /* ARM pointer authentication code masks */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ /* Note header in a PT_NOTE section */ From patchwork Thu May 3 13:20:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134897 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920443lji; Thu, 3 May 2018 06:21:11 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpzJSJP1k43DVk/NcupDu8C24LeOoGgWy3g13QP4nfz3TtRevfXX+41f+jY5CpR/cxV+muW X-Received: by 2002:a63:ad49:: with SMTP id y9-v6mr4153906pgo.179.1525353670983; Thu, 03 May 2018 06:21:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353670; cv=none; d=google.com; s=arc-20160816; b=Kt3oPTQ44BbOJm/qo+HdmNA0l/Au3YEMcvjN11rfKX6ndWxyQNFScwy8c0dGZTX677 G7c3JV4oInFE8qXDi2ch1nD2JmfobfTkyOLJ5t6NB7A6yuSO7vVP1nj0UW9aa4arboGM u0pOFwQPEJBABlD8trvlOT++tPBY1cDcoYLJNEwqlYvYM5sQVUn11fQsEDuC2sbfyFzm cS1ZKWqkZl5oWD0eiD15DME6VxZLJMXeZksTfHvWXRimwd50NHbyZz135Nm127JUD63v rpbjMSfRkjTtQwZVydREWX+zRYwZV5T5caVWagDtHLlNghmysI0Ku7RkhjZg94w38hEj LAfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=2RQVwgLNfTO5515sE9tXUvFUS8r9YW6rbs+zjIVbzZA=; b=VbpkS46pBogLPh18rIjm4I6GiiT3FfQi8/JsM79FTNaxcXEhjrE3RPesWO/s47qyX1 1W0/qik+d3i6MEalzF03/8fT75QkR3j+KSqbUYiPKvmgJIQkBhHXnUihf/Fz7qO8zwFH +cWF9jxValKyyqy8rz7ZWeWY2nOLOAGLKVA5LPLchyOUrknxkgyw2AG+D5Cek/QJkMNx pr8U4mcqEY5bG5cAIHUAelu4XCb11CmsAhl6FiUs2HXNhgS88W8xLxK42XQwRQnuUXXP qKwZLMcP7Pzh7WHBUrg45Ulskw3Y/t1E+z/sBiYYgHn8ya7vlq7EX3lUY1+iytkC3KfV oubw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b23-v6si11733231pgw.529.2018.05.03.06.21.10; Thu, 03 May 2018 06:21:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751538AbeECNVH (ORCPT + 29 others); Thu, 3 May 2018 09:21:07 -0400 Received: from foss.arm.com ([217.140.101.70]:41664 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750970AbeECNVB (ORCPT ); Thu, 3 May 2018 09:21:01 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 36DF81596; Thu, 3 May 2018 06:21:01 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 266393F487; Thu, 3 May 2018 06:20:59 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 08/10] arm64: perf: strip PAC when unwinding userspace Date: Thu, 3 May 2018 14:20:29 +0100 Message-Id: <20180503132031.25705-9-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When the kernel is unwinding userspace callchains, we can't expect that the userspace consumer of these callchains has the data necessary to strip the PAC from the stored LR. This patch has the kernel strip the PAC from user stackframes when the in-kernel unwinder is used. This only affects the LR value, and not the FP. This only affects the in-kernel unwinder. When userspace performs unwinding, it is up to userspace to strip PACs as necessary (which can be determined from DWARF information). Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- arch/arm64/include/asm/pointer_auth.h | 7 +++++++ arch/arm64/kernel/perf_callchain.c | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index 0263b87f95f7..284db173ae5d 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -65,6 +65,12 @@ static inline void ptrauth_keys_dup(struct ptrauth_keys *old, */ #define ptrauth_pac_mask() GENMASK(54, VA_BITS) +/* Only valid for EL0 TTBR0 instruction pointers */ +static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) +{ + return ptr & ~ptrauth_pac_mask(); +} + #define mm_ctx_ptrauth_init(ctx) \ ptrauth_keys_init(&(ctx)->ptrauth_keys) @@ -75,6 +81,7 @@ static inline void ptrauth_keys_dup(struct ptrauth_keys *old, ptrauth_keys_dup(&(oldctx)->ptrauth_keys, &(newctx)->ptrauth_keys) #else +#define ptrauth_strip_insn_pac(lr) (lr) #define mm_ctx_ptrauth_init(ctx) #define mm_ctx_ptrauth_switch(ctx) #define mm_ctx_ptrauth_dup(oldctx, newctx) diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c index bcafd7dcfe8b..928204f6ab08 100644 --- a/arch/arm64/kernel/perf_callchain.c +++ b/arch/arm64/kernel/perf_callchain.c @@ -35,6 +35,7 @@ user_backtrace(struct frame_tail __user *tail, { struct frame_tail buftail; unsigned long err; + unsigned long lr; /* Also check accessibility of one struct frame_tail beyond */ if (!access_ok(VERIFY_READ, tail, sizeof(buftail))) @@ -47,7 +48,9 @@ user_backtrace(struct frame_tail __user *tail, if (err) return NULL; - perf_callchain_store(entry, buftail.lr); + lr = ptrauth_strip_insn_pac(buftail.lr); + + perf_callchain_store(entry, lr); /* * Frame pointers should strictly progress back up the stack From patchwork Thu May 3 13:20:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134899 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920811lji; Thu, 3 May 2018 06:21:34 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoUHBzrWSzRGHcDYE11NrF2M1OJG/naPJPcpQr9pFJhnEgQaU/k/USWIRHRqYsOwwEEsZ60 X-Received: by 2002:a17:902:b497:: with SMTP id y23-v6mr16452580plr.309.1525353693824; Thu, 03 May 2018 06:21:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353693; cv=none; d=google.com; s=arc-20160816; b=PH7WxUc4FjDLxvz7rMair838SdeUw7gFWtyob2WGDk8Y7xdv5NUGyfRK11rsELp28X z6HNeRNLpscqEIqHD7fp8wrQAsShXxW+LTTUjPOXgn9DfxVvEbvpF+kyV0HK5PmwZ0Zz BlLCzQKqQjedWiBozM9WwAeg9/m5c8++wvjW6g0u3AzxUbs7rCygcdcctdPLLI37jDUZ Bn59KQ0pZckkLTuIkeJOC30WeAzCn3LG+kLcdDVCw1Qzp4S5mrRwp3JPILnuVkf0keI6 ny7Dixvp5DVs1LQzJPuo45nNzVqnfZwl06twb2gTQ/Clix15YY5OHIj5CDfnZj63tPbJ h5ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=4LVUTzyQ2OJXCHpF83tP6m/H15e7vVAfSJud/Ls2QQI=; b=J3APCgpZvTwxFdLkkbaL8z9+QoDEYtwVbuyMwP30Ql7OavZJC9g7wHQKgVIZBak9eH +6tlReDDmR7XU29Ri61pQKKr99lys2zSDFRlomH7ZKkV7U1YbVjhgcHmU68N+yuvt14/ W1CJ+TKlNggCyQEHSPCsZO7OZ74OqXw9gW4m5G2uWb3m6KTZXpsT4HTag98G+mfWLttT eEEjNri3ms7NoICMvFBqdes2ElFbPcimH9ZV0u0r/H/yvxf7rs0i248HHvjI50zmzDqI g8IlyqJkVUnj4XGX0kbs6UM6tApwjji0UYD2CUFgBz7nrrL3PuD5BqFB2GNY/V/FhtoV JYOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7-v6si13639393plk.397.2018.05.03.06.21.33; Thu, 03 May 2018 06:21:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751616AbeECNVb (ORCPT + 29 others); Thu, 3 May 2018 09:21:31 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:41686 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751121AbeECNVE (ORCPT ); Thu, 3 May 2018 09:21:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E2D2115B2; Thu, 3 May 2018 06:21:03 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D241B3F487; Thu, 3 May 2018 06:21:01 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 09/10] arm64: enable pointer authentication Date: Thu, 3 May 2018 14:20:30 +0100 Message-Id: <20180503132031.25705-10-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Now that all the necessary bits are in place for userspace, add the necessary Kconfig logic to allow this to be enabled. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Will Deacon --- arch/arm64/Kconfig | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) -- 2.11.0 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index eb2cf4938f6d..d6ce16b1ee47 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1127,6 +1127,29 @@ config ARM64_RAS_EXTN endmenu +menu "ARMv8.3 architectural features" + +config ARM64_PTR_AUTH + bool "Enable support for pointer authentication" + default y + help + Pointer authentication (part of the ARMv8.3 Extensions) provides + instructions for signing and authenticating pointers against secret + keys, which can be used to mitigate Return Oriented Programming (ROP) + and other attacks. + + This option enables these instructions at EL0 (i.e. for userspace). + + Choosing this option will cause the kernel to initialise secret keys + for each process at exec() time, with these keys being + context-switched along with the process. + + The feature is detected at runtime. If the feature is not present in + hardware it will not be advertised to userspace nor will it be + enabled. + +endmenu + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Thu May 3 13:20:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 134898 Delivered-To: patch@linaro.org Received: by 10.46.151.6 with SMTP id r6csp1920501lji; Thu, 3 May 2018 06:21:14 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqfRb0laF6NlUHha7vFolQEfgNAjzqj3mYkwbH6XCLmShkrjVLu8eZ/dwOm9oGtVDYbsha8 X-Received: by 2002:a63:a84f:: with SMTP id i15-v6mr19514225pgp.367.1525353674223; Thu, 03 May 2018 06:21:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525353674; cv=none; d=google.com; s=arc-20160816; b=mT28lDVmm8YzA65OSbqV2uovi8/i3XyGY/Xbu5wsOYqG5nfZd6NQ3pdjedefDknsbe qiYcPL9hC03Auf6suuzbE00zEUv1mBmfsrBzATvab9WytvHRqXIgNK5uuVcvzfntotvw UPoGGd480aNiYufjYQ8NL/uQX7P972DVT97SVmrNFvvFKAZvobL+hD00IQ3HI5eiM6V0 QXoNGGtWt+tcM9ncpYp9yhgAwCIx8nvNNGM6LR4Pem8s2ycMa5Pem2K3EvpIp6NO2s+V 8zULuw+rpgatUtF4O1+fmtuIXvYNda+6lxkJDVAcu+132FVFPGiLAqv/FtJE3c0GJfXQ RaTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Su4TgIpDOWBPtee8Tc5v3AkKwJ6Ffacp4Hb8MCJZMo8=; b=LAVvqONHaS8+GP4uRNhkJIXk+cM4InQ0eLmlTtpCa25jmQE3T2pIgBnJJb/1Ys/RkE OfvBIGe7MK7jUKD3MOZ2nLf40B8ycdWFAny2ulWcPySODWGT2w/oDaHH+uB0BS6iMDo+ 9cOevRnHC7JQlj8926LAfCLGg9Q7QruT/BifNvkam3WWy8qwQLU/MjpjWExQ1I0K/ayL WXfn3x/HvsF6DMVGBqUuLmyRvOyni9V4bsxRkhzMI4BIGWaE7f3lFvUHT5N/IcPFZMwr YPl2uEkRh1qD/K+qF8UddS1gwWrhnAXsoj3fLfKPvruDgqkQSMcj/Zi7dpCDf3S5htVM S6yg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b23-v6si11733231pgw.529.2018.05.03.06.21.13; Thu, 03 May 2018 06:21:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751567AbeECNVM (ORCPT + 29 others); Thu, 3 May 2018 09:21:12 -0400 Received: from foss.arm.com ([217.140.101.70]:41704 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751525AbeECNVH (ORCPT ); Thu, 3 May 2018 09:21:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A5FC11650; Thu, 3 May 2018 06:21:06 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 95B543F487; Thu, 3 May 2018 06:21:04 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu, catalin.marinas@arm.com, christoffer.dall@arm.com, drjones@redhat.com, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, awallis@codeaurora.org Subject: [PATCHv4 10/10] arm64: docs: document pointer authentication Date: Thu, 3 May 2018 14:20:31 +0100 Message-Id: <20180503132031.25705-11-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180503132031.25705-1-mark.rutland@arm.com> References: <20180503132031.25705-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Now that we've added code to support pointer authentication, add some documentation so that people can figure out if/how to use it. Signed-off-by: Mark Rutland Cc: Andrew Jones Cc: Catalin Marinas Cc: Ramana Radhakrishnan Cc: Will Deacon --- Documentation/arm64/booting.txt | 8 +++ Documentation/arm64/elf_hwcaps.txt | 6 ++ Documentation/arm64/pointer-authentication.txt | 84 ++++++++++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 Documentation/arm64/pointer-authentication.txt -- 2.11.0 diff --git a/Documentation/arm64/booting.txt b/Documentation/arm64/booting.txt index 8d0df62c3fe0..8df9f4658d6f 100644 --- a/Documentation/arm64/booting.txt +++ b/Documentation/arm64/booting.txt @@ -205,6 +205,14 @@ Before jumping into the kernel, the following conditions must be met: ICC_SRE_EL2.SRE (bit 0) must be initialised to 0b0. - The DT or ACPI tables must describe a GICv2 interrupt controller. + For CPUs with pointer authentication functionality: + - If EL3 is present: + SCR_EL3.APK (bit 16) must be initialised to 0b1 + SCR_EL3.API (bit 17) must be initialised to 0b1 + - If the kernel is entered at EL1: + HCR_EL2.APK (bit 40) must be initialised to 0b1 + HCR_EL2.API (bit 41) must be initialised to 0b1 + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt index d6aff2c5e9e2..ebc8b15b45fc 100644 --- a/Documentation/arm64/elf_hwcaps.txt +++ b/Documentation/arm64/elf_hwcaps.txt @@ -178,3 +178,9 @@ HWCAP_ILRCPC HWCAP_FLAGM Functionality implied by ID_AA64ISAR0_EL1.TS == 0b0001. + +HWCAP_APIA + + EL0 AddPac and Auth functionality using APIAKey_EL1 is enabled, as + described by Documentation/arm64/pointer-authentication.txt. + diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt new file mode 100644 index 000000000000..8a9cb5713770 --- /dev/null +++ b/Documentation/arm64/pointer-authentication.txt @@ -0,0 +1,84 @@ +Pointer authentication in AArch64 Linux +======================================= + +Author: Mark Rutland +Date: 2017-07-19 + +This document briefly describes the provision of pointer authentication +functionality in AArch64 Linux. + + +Architecture overview +--------------------- + +The ARMv8.3 Pointer Authentication extension adds primitives that can be +used to mitigate certain classes of attack where an attacker can corrupt +the contents of some memory (e.g. the stack). + +The extension uses a Pointer Authentication Code (PAC) to determine +whether pointers have been modified unexpectedly. A PAC is derived from +a pointer, another value (such as the stack pointer), and a secret key +held in system registers. + +The extension adds instructions to insert a valid PAC into a pointer, +and to verify/remove the PAC from a pointer. The PAC occupies a number +of high-order bits of the pointer, which varies dependent on the +configured virtual address size and whether pointer tagging is in use. + +A subset of these instructions have been allocated from the HINT +encoding space. In the absence of the extension (or when disabled), +these instructions behave as NOPs. Applications and libraries using +these instructions operate correctly regardless of the presence of the +extension. + + +Basic support +------------- + +When CONFIG_ARM64_PTR_AUTH is selected, and relevant HW support is +present, the kernel will assign a random APIAKey value to each process +at exec*() time. This key is shared by all threads within the process, +and the key is preserved across fork(). Presence of functionality using +APIAKey is advertised via HWCAP_APIA. + +Recent versions of GCC can compile code with APIAKey-based return +address protection when passed the -msign-return-address option. This +uses instructions in the HINT space, and such code can run on systems +without the pointer authentication extension. + +The remaining instruction and data keys (APIBKey, APDAKey, APDBKey) are +reserved for future use, and instructions using these keys must not be +used by software until a purpose and scope for their use has been +decided. To enable future software using these keys to function on +contemporary kernels, where possible, instructions using these keys are +made to behave as NOPs. + +The generic key (APGAKey) is currently unsupported. Instructions using +the generic key must not be used by software. + + +Debugging +--------- + +When CONFIG_ARM64_PTR_AUTH is selected, and relevant HW support is +present, the kernel will expose the position of TTBR0 PAC bits in the +NT_ARM_PAC_MASK regset (struct user_pac_mask), which userspace can +acqure via PTRACE_GETREGSET. + +Separate masks are exposed for data pointers and instruction pointers, +as the set of PAC bits can vary between the two. Debuggers should not +expect that HWCAP_APIA implies the presence (or non-presence) of this +regset -- in future the kernel may support the use of APIBKey, APDAKey, +and/or APBAKey, even in the absence of APIAKey. + +Note that the masks apply to TTBR0 addresses, and are not valid to apply +to TTBR1 addresses (e.g. kernel pointers). + + +Virtualization +-------------- + +Pointer authentication is not currently supported in KVM guests. KVM +will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of +the feature will result in an UNDEFINED exception being injected into +the guest.