From patchwork Fri Dec  7 18:39:20 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153185
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831214ljp;
 Fri, 7 Dec 2018 10:40:09 -0800 (PST)
X-Google-Smtp-Source: AFSGD/Ujop93XwnYwOErZcQ/8R+Y3tgOnMLAVw3hMgL+KS76wuNfJduHTBUqzU3cneVCunIhkp5p
X-Received: by 2002:a17:902:8c98:: with SMTP id
 t24mr3179908plo.130.1544208009783; 
 Fri, 07 Dec 2018 10:40:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208009; cv=none;
 d=google.com; s=arc-20160816;
 b=xcqntC87xt24ccPGP/h2eBOnR9YEg9smglKuCswsjDR7qvyD//MbZRYO9VDcrkM0Dg
 cUxUXUzZg5o4QJ9Mr2sWtshF0X2PoK/JZrpvN1e6B/GVfguL6uiZYtlU9qKVXDink8+D
 R6y9do5jkSXiTgICvYh4AiGItuwNuAz2c8kdNLgZPrg8Ta8I8E5D3kOgZkqsfYFFBQqR
 qKbGWLHiXCxnZFt2UhrHYFsdfmiXIL9ngCbM8FXN0vG9LAUPg9YAbucP5X7QyYV++Gzv
 YSRSSjxEOXr4RtF2nqqonIwY+/+NM3l6/CoJvRhuzRbkMGf4WO7eaY3RD/zPFD+QJ4OG
 lFhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=BEBLB8uYKbOWgzdWvMXszdfUveiUSpD5s9ZBtncU5hU=;
 b=ipZG+eL9lejmY8DUtWNZczp0lp7kiMYKTyq0s6iJyKc4q9tBhitiKLkT4xQ0XDAN8L
 zzlOcMqBTm2wFCU5FGZW/BTtTcLbvkiVob3QWsZo4kSljtgSxUqj50dMzXwQ89AIpla3
 TuIHFlcATMv2VzSYpnY2wVDFaqm2vAzkW3cTwreJsyVEQKxr+iXylb4gHdJKLFgfZnjA
 FmWyfuM6cxRBso58rBeBDENoTjSYG5rzvUIlT/Dg4WrdqlVMIudBpMTEr3z7GkiRg/8s
 +I2IBxzGmDzRl19b9Kvcb+k+BOjIaMlgbbkPe+d1GbP05fgwJTBMI9rAiI0AdGNErDTf
 Tesw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 w14si3422998plq.145.2018.12.07.10.40.09; 
 Fri, 07 Dec 2018 10:40:09 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726271AbeLGSkI (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:08 -0500
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:51956 "EHLO
 foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726252AbeLGSkH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:07 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 857DD15BE;
 Fri,  7 Dec 2018 10:40:07 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 6D10D3F5AF; Fri,  7 Dec 2018 10:40:04 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 02/13] arm64: add pointer authentication register bits
Date: Fri,  7 Dec 2018 18:39:20 +0000
Message-Id: <20181207183931.4285-3-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

The ARMv8.3 pointer authentication extension adds:

* New fields in ID_AA64ISAR1 to report the presence of pointer
  authentication functionality.

* New control bits in SCTLR_ELx to enable this functionality.

* New system registers to hold the keys necessary for this
  functionality.

* A new ESR_ELx.EC code used when the new instructions are affected by
  configurable traps

This patch adds the relevant definitions to <asm/sysreg.h> and
<asm/esr.h> for these, to be used by subsequent patches.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/include/asm/esr.h    |  3 ++-
 arch/arm64/include/asm/sysreg.h | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

-- 
2.11.0
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>

diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h
index 23602a0083ad..52233f00d53d 100644
--- a/arch/arm64/include/asm/esr.h
+++ b/arch/arm64/include/asm/esr.h
@@ -30,7 +30,8 @@
 #define ESR_ELx_EC_CP14_LS	(0x06)
 #define ESR_ELx_EC_FP_ASIMD	(0x07)
 #define ESR_ELx_EC_CP10_ID	(0x08)	/* EL2 only */
-/* Unallocated EC: 0x09 - 0x0B */
+#define ESR_ELx_EC_PAC		(0x09)	/* EL2 and above */
+/* Unallocated EC: 0x0A - 0x0B */
 #define ESR_ELx_EC_CP14_64	(0x0C)
 /* Unallocated EC: 0x0d */
 #define ESR_ELx_EC_ILL		(0x0E)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 842fb9572661..cb6d7a2a2316 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -183,6 +183,19 @@
 #define SYS_TTBR1_EL1			sys_reg(3, 0, 2, 0, 1)
 #define SYS_TCR_EL1			sys_reg(3, 0, 2, 0, 2)
 
+#define SYS_APIAKEYLO_EL1		sys_reg(3, 0, 2, 1, 0)
+#define SYS_APIAKEYHI_EL1		sys_reg(3, 0, 2, 1, 1)
+#define SYS_APIBKEYLO_EL1		sys_reg(3, 0, 2, 1, 2)
+#define SYS_APIBKEYHI_EL1		sys_reg(3, 0, 2, 1, 3)
+
+#define SYS_APDAKEYLO_EL1		sys_reg(3, 0, 2, 2, 0)
+#define SYS_APDAKEYHI_EL1		sys_reg(3, 0, 2, 2, 1)
+#define SYS_APDBKEYLO_EL1		sys_reg(3, 0, 2, 2, 2)
+#define SYS_APDBKEYHI_EL1		sys_reg(3, 0, 2, 2, 3)
+
+#define SYS_APGAKEYLO_EL1		sys_reg(3, 0, 2, 3, 0)
+#define SYS_APGAKEYHI_EL1		sys_reg(3, 0, 2, 3, 1)
+
 #define SYS_ICC_PMR_EL1			sys_reg(3, 0, 4, 6, 0)
 
 #define SYS_AFSR0_EL1			sys_reg(3, 0, 5, 1, 0)
@@ -432,9 +445,13 @@
 
 /* Common SCTLR_ELx flags. */
 #define SCTLR_ELx_DSSBS	(1UL << 44)
+#define SCTLR_ELx_ENIA	(1 << 31)
+#define SCTLR_ELx_ENIB	(1 << 30)
+#define SCTLR_ELx_ENDA	(1 << 27)
 #define SCTLR_ELx_EE    (1 << 25)
 #define SCTLR_ELx_IESB	(1 << 21)
 #define SCTLR_ELx_WXN	(1 << 19)
+#define SCTLR_ELx_ENDB	(1 << 13)
 #define SCTLR_ELx_I	(1 << 12)
 #define SCTLR_ELx_SA	(1 << 3)
 #define SCTLR_ELx_C	(1 << 2)
@@ -528,11 +545,24 @@
 #define ID_AA64ISAR0_AES_SHIFT		4
 
 /* id_aa64isar1 */
+#define ID_AA64ISAR1_GPI_SHIFT		28
+#define ID_AA64ISAR1_GPA_SHIFT		24
 #define ID_AA64ISAR1_LRCPC_SHIFT	20
 #define ID_AA64ISAR1_FCMA_SHIFT		16
 #define ID_AA64ISAR1_JSCVT_SHIFT	12
+#define ID_AA64ISAR1_API_SHIFT		8
+#define ID_AA64ISAR1_APA_SHIFT		4
 #define ID_AA64ISAR1_DPB_SHIFT		0
 
+#define ID_AA64ISAR1_APA_NI		0x0
+#define ID_AA64ISAR1_APA_ARCHITECTED	0x1
+#define ID_AA64ISAR1_API_NI		0x0
+#define ID_AA64ISAR1_API_IMP_DEF	0x1
+#define ID_AA64ISAR1_GPA_NI		0x0
+#define ID_AA64ISAR1_GPA_ARCHITECTED	0x1
+#define ID_AA64ISAR1_GPI_NI		0x0
+#define ID_AA64ISAR1_GPI_IMP_DEF	0x1
+
 /* id_aa64pfr0 */
 #define ID_AA64PFR0_CSV3_SHIFT		60
 #define ID_AA64PFR0_CSV2_SHIFT		56

From patchwork Fri Dec  7 18:39:21 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153186
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831323ljp;
 Fri, 7 Dec 2018 10:40:15 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UN1Ezfr+YUaSvqZAlRndDNX4on7bNS+NeytjKaSsb0dU/NaypvxOOe4ipHkmO/n3q3GLJ7
X-Received: by 2002:a65:4904:: with SMTP id p4mr2947919pgs.384.1544208014880; 
 Fri, 07 Dec 2018 10:40:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208014; cv=none;
 d=google.com; s=arc-20160816;
 b=cXsSaESMQlb692yoISkCMTAs627TfpplSvodyXIkdILGRkusnARS39qV9zEWj7+4TF
 iqvTx9ukl3IPdWkwW9jNvOW+PAF0aUVvK5+vYHKBuEBzTQ5z8xVaaMMVV5G5lkzTZ4uE
 pTROroDm7GK0Q6Zh5bdBDZ+rjx6uFx4gJzisTKPCaOKkYV3RuzXwtOjhvnHsACSJa1Hk
 ZxEYqmEorLyP/0uq7DUAy1Bf0nBCD299o4+KEoLLG1i9GA2Xd4yoAQ0MPPuh9ZMZH5Pq
 9V7hmlxJoldBv1u4qU4XuMlAz8uytCv3jwXSUhOGGsIKIEhLAx0zzh2ZbMNIOux2bA2S
 toxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=N7WVIGAmKd7yu0j3UiWpoA/Zmy71zbgz1UYg6bqdQH8=;
 b=KhxTgmjZctbxC2vV1MteSbzE3gQYXRTGiIqh3nnljXSoPPcHcPh6Mx2t7qAhk+sqk7
 xBfXderW/VNFg1ciq0JnHGV29a9pNCJiHQISoHD51G4bbiK6CVeTDxsotxLDYmuFKY+E
 rhGvSHydtDL12pcWnq58qQGj7DsIxaluPHZPTQeOfbyeJdDVI8a7t/uts0Z4kq+MB2TW
 QGK59h0VbUrTSoZfSl1LLbHOBcJ2bx8A5r5hvcv0wkUwOxGeZWGjhol8aZJIrijBQgpK
 ylpPPs3YF0kEQmUJUt2lwoiodDnYbWOlTtPnb9ka+nW1fO34czXcCeJHz/PAoH7c7HqR
 s5Tg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 k11si3428331pgf.213.2018.12.07.10.40.14; 
 Fri, 07 Dec 2018 10:40:14 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726296AbeLGSkM (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:12 -0500
Received: from foss.arm.com ([217.140.101.70]:51978 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726272AbeLGSkL (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:11 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 69403165C;
 Fri,  7 Dec 2018 10:40:11 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 5188B3F5AF; Fri,  7 Dec 2018 10:40:08 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 03/13] arm64/kvm: consistently handle host HCR_EL2 flags
Date: Fri,  7 Dec 2018 18:39:21 +0000
Message-Id: <20181207183931.4285-4-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

In KVM we define the configuration of HCR_EL2 for a VHE HOST in
HCR_HOST_VHE_FLAGS, but we don't have a similar definition for the
non-VHE host flags, and open-code HCR_RW. Further, in head.S we
open-code the flags for VHE and non-VHE configurations.

In future, we're going to want to configure more flags for the host, so
lets add a HCR_HOST_NVHE_FLAGS defintion, and consistently use both
HCR_HOST_VHE_FLAGS and HCR_HOST_NVHE_FLAGS in the kvm code and head.S.

We now use mov_q to generate the HCR_EL2 value, as we use when
configuring other registers in head.S.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: kvmarm@lists.cs.columbia.edu
---
 arch/arm64/include/asm/kvm_arm.h | 1 +
 arch/arm64/kernel/head.S         | 5 ++---
 arch/arm64/kvm/hyp/switch.c      | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

-- 
2.11.0
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index 6f602af5263c..c8825c5a8dd0 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -87,6 +87,7 @@
 			 HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \
 			 HCR_FMO | HCR_IMO)
 #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF)
+#define HCR_HOST_NVHE_FLAGS (HCR_RW)
 #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
 
 /* TCR_EL2 Registers bits */
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 4471f570a295..b207a2ce4bc6 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -496,10 +496,9 @@ ENTRY(el2_setup)
 #endif
 
 	/* Hyp configuration. */
-	mov	x0, #HCR_RW			// 64-bit EL1
+	mov_q	x0, HCR_HOST_NVHE_FLAGS
 	cbz	x2, set_hcr
-	orr	x0, x0, #HCR_TGE		// Enable Host Extensions
-	orr	x0, x0, #HCR_E2H
+	mov_q	x0, HCR_HOST_VHE_FLAGS
 set_hcr:
 	msr	hcr_el2, x0
 	isb
diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 7cc175c88a37..f6e02cc4d856 100644
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -157,7 +157,7 @@ static void __hyp_text __deactivate_traps_nvhe(void)
 	mdcr_el2 |= MDCR_EL2_E2PB_MASK << MDCR_EL2_E2PB_SHIFT;
 
 	write_sysreg(mdcr_el2, mdcr_el2);
-	write_sysreg(HCR_RW, hcr_el2);
+	write_sysreg(HCR_HOST_NVHE_FLAGS, hcr_el2);
 	write_sysreg(CPTR_EL2_DEFAULT, cptr_el2);
 }
 

From patchwork Fri Dec  7 18:39:22 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153187
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831394ljp;
 Fri, 7 Dec 2018 10:40:19 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UI8MdQcHdfdxqmeZa+y1oznMK68hUeWS/1Lug1BQMTjsdCbVtmd7sbUS+I1kR/Rm6rxQt8
X-Received: by 2002:a63:c0f:: with SMTP id b15mr2964677pgl.314.1544208019119; 
 Fri, 07 Dec 2018 10:40:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208019; cv=none;
 d=google.com; s=arc-20160816;
 b=Kn6+tqEsepMdyzhTxm28ew7XVoE2cjYRAfNwMsawXXsvrA1zIG7TLNhiSWoM2YlGDQ
 WPVuxOC+a1uOcELWAYZDRXd6Vo/o+NT58aTAG7Sc+KDdP7vzFk6IhqWy5gRN2LbCLTVZ
 TwmYhCHtC4V8PqqCRiUwy7Rt1mHYuF+UNzxhTkuvx0q6oSShTEIyjHpEsdyzQgqyafZh
 A299Rj2sI3sjSxcrKq21u7Sbvzgn62Lf3wjmvqeJRrmtAhYGlGseqi9sZIcp35JMaRV+
 XMoc9tTmlNEb33hvYxHvAMvP5ufr8Ub92qneMKvf6XrLSOq/XcBnlxvUUx+rZmKaotKT
 dshQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=+03JiTzlrxx34HHB/WfU7debtDBvntMt8iC9QKorIIw=;
 b=tck2zal3kX1sCsFsUg0jLUHGiJ0MdMknTl5TXqna6jcb2e/wqcgZUxUSkxdSQGdDS4
 UGia7SGtBrkru5JAQlcOdsus4AAO3D6nSDafOTmXIC6zpgy7UwIaalk/g+ekVefnmeMG
 3Yeu/xpVFZi7pPmMddCMBagj1MFADHYNrWznij2r/aTaaBejZhbqksp4CgxGcN0oJidf
 ubLfAMhwlSXZskgpM1Y9D/8iC1atKWc9nABG7xtzzunbCYwBnFNaHGtHY9qV6ZrNEKVm
 ZnEqfdmwI0tvrbzlNg3cmzijoGLdtYdLpbqJF8fBJVMAWjHITFY4HrSEALgE7j8Lu5Eu
 NrQg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id q8si3346693pgk.40.2018.12.07.10.40.18; 
 Fri, 07 Dec 2018 10:40:19 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726314AbeLGSkQ (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:16 -0500
Received: from foss.arm.com ([217.140.101.70]:51996 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726109AbeLGSkP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:15 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5A352EBD;
 Fri,  7 Dec 2018 10:40:15 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 41F9E3F5AF; Fri,  7 Dec 2018 10:40:12 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 04/13] arm64/kvm: hide ptrauth from guests
Date: Fri,  7 Dec 2018 18:39:22 +0000
Message-Id: <20181207183931.4285-5-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

In subsequent patches we're going to expose ptrauth to the host kernel
and userspace, but things are a bit trickier for guest kernels. For the
time being, let's hide ptrauth from KVM guests.

Regardless of how well-behaved the guest kernel is, guest userspace
could attempt to use ptrauth instructions, triggering a trap to EL2,
resulting in noise from kvm_handle_unknown_ec(). So let's write up a
handler for the PAC trap, which silently injects an UNDEF into the
guest, as if the feature were really missing.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: kvmarm@lists.cs.columbia.edu
---
 arch/arm64/kvm/handle_exit.c | 18 ++++++++++++++++++
 arch/arm64/kvm/sys_regs.c    |  8 ++++++++
 2 files changed, 26 insertions(+)

-- 
2.11.0
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>

diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c
index 35a81bebd02b..ab35929dcb3c 100644
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@@ -173,6 +173,23 @@ static int handle_sve(struct kvm_vcpu *vcpu, struct kvm_run *run)
 	return 1;
 }
 
+/*
+ * Guest usage of a ptrauth instruction (which the guest EL1 did not turn into
+ * a NOP).
+ */
+static int kvm_handle_ptrauth(struct kvm_vcpu *vcpu, struct kvm_run *run)
+{
+	/*
+	 * We don't currently support ptrauth in a guest, and we mask the ID
+	 * registers to prevent well-behaved guests from trying to make use of
+	 * it.
+	 *
+	 * Inject an UNDEF, as if the feature really isn't present.
+	 */
+	kvm_inject_undefined(vcpu);
+	return 1;
+}
+
 static exit_handle_fn arm_exit_handlers[] = {
 	[0 ... ESR_ELx_EC_MAX]	= kvm_handle_unknown_ec,
 	[ESR_ELx_EC_WFx]	= kvm_handle_wfx,
@@ -195,6 +212,7 @@ static exit_handle_fn arm_exit_handlers[] = {
 	[ESR_ELx_EC_BKPT32]	= kvm_handle_guest_debug,
 	[ESR_ELx_EC_BRK64]	= kvm_handle_guest_debug,
 	[ESR_ELx_EC_FP_ASIMD]	= handle_no_fpsimd,
+	[ESR_ELx_EC_PAC]	= kvm_handle_ptrauth,
 };
 
 static exit_handle_fn kvm_get_exit_handler(struct kvm_vcpu *vcpu)
diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
index 22fbbdbece3c..1ca592d38c3c 100644
--- a/arch/arm64/kvm/sys_regs.c
+++ b/arch/arm64/kvm/sys_regs.c
@@ -1040,6 +1040,14 @@ static u64 read_id_reg(struct sys_reg_desc const *r, bool raz)
 			kvm_debug("SVE unsupported for guests, suppressing\n");
 
 		val &= ~(0xfUL << ID_AA64PFR0_SVE_SHIFT);
+	} else if (id == SYS_ID_AA64ISAR1_EL1) {
+		const u64 ptrauth_mask = (0xfUL << ID_AA64ISAR1_APA_SHIFT) |
+					 (0xfUL << ID_AA64ISAR1_API_SHIFT) |
+					 (0xfUL << ID_AA64ISAR1_GPA_SHIFT) |
+					 (0xfUL << ID_AA64ISAR1_GPI_SHIFT);
+		if (val & ptrauth_mask)
+			kvm_debug("ptrauth unsupported for guests, suppressing\n");
+		val &= ~ptrauth_mask;
 	} else if (id == SYS_ID_AA64MMFR1_EL1) {
 		if (val & (0xfUL << ID_AA64MMFR1_LOR_SHIFT))
 			kvm_debug("LORegions unsupported for guests, suppressing\n");

From patchwork Fri Dec  7 18:39:23 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153188
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831468ljp;
 Fri, 7 Dec 2018 10:40:24 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VkkGwSwmgEGGBBIIpidlTQuCYXJQMKfXgW6e46qyaNjiktSyP03NesFd8KSGTLmwVRo4zm
X-Received: by 2002:a62:29c3:: with SMTP id
 p186mr3361227pfp.117.1544208024201; 
 Fri, 07 Dec 2018 10:40:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208024; cv=none;
 d=google.com; s=arc-20160816;
 b=X/VspfMmJmB4cweYFK295S8FGBwzZN6pmmc5PdmwaCmYXqpuA7H6Ga3v/ljywAcxtv
 7x0tYGrxAWxYcN72ZoafLdDAuAl/MrZZepoAhqzc4Pf8jibslEWxhKM37Xgxdrh9S/ag
 +uI8EmoWwm9bSnVrNyRYErNKrLmjlaFw30T6V9r3Ifti+QQ910frpp2Xniw1sWRRSoAv
 eqISK/iDUy3n0f8uuA4JYr+07lgvxGPnpFlCb6dka1Gp968Cyb31sjS1oeHkTwGO94t3
 vSk5RSDPV1P3Sdio0F+TWb2IHfGum3hovDUP01LafIbw/jPHT1LYZyHSyLKfs+yv3hSx
 EGMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=5w/sl/Rt/OtFe0TehiZwFIexvw0GuwIR1aoZZqswglg=;
 b=sGSIElDgdZTBO05vTU49FXExqpbUo7aEcqP6cYzmxtyAFBjYpD9AT8aDMV8R+g003V
 cyCJR4/YN9wayW5BbL00JBiFqoT7NsqoATvlp6NF/UGM4JVDrbGBx2aumXW+jJFgjWA5
 5WGW/00T2m8BVArIfRHjPpmDwmnhFpzfbsibNAtVB7Rxu3WO8axLE5B4ad49ENHMp587
 47ZcAJqimBrvuIuWKlSbFdHHQsdm2mhgFpfamL0beJhghIQvHD7sD3b/dyi3VecxPTYj
 EpztXfSX8AC+/CPDx1Wuk8haWBlEpNyAlxYlk8y+QtDuqrQJk8mBoKulgL0C7343KCgN
 sBlw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 x16si3150685pga.407.2018.12.07.10.40.23; 
 Fri, 07 Dec 2018 10:40:24 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726329AbeLGSkW (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:22 -0500
Received: from foss.arm.com ([217.140.101.70]:52018 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726149AbeLGSkU (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:20 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 13B8815AD;
 Fri,  7 Dec 2018 10:40:20 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 EE0B33F5AF; Fri,  7 Dec 2018 10:40:16 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 05/13] arm64: Don't trap host pointer auth use to EL2
Date: Fri,  7 Dec 2018 18:39:23 +0000
Message-Id: <20181207183931.4285-6-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

To allow EL0 (and/or EL1) to use pointer authentication functionality,
we must ensure that pointer authentication instructions and accesses to
pointer authentication keys are not trapped to EL2.

This patch ensures that HCR_EL2 is configured appropriately when the
kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK},
ensuring that EL1 can access keys and permit EL0 use of instructions.
For VHE kernels host EL0 (TGE && E2H) is unaffected by these settings,
and it doesn't matter how we configure HCR_EL2.{API,APK}, so we don't
bother setting them.

This does not enable support for KVM guests, since KVM manages HCR_EL2
itself when running VMs.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: kvmarm@lists.cs.columbia.edu
---
 arch/arm64/include/asm/kvm_arm.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

-- 
2.11.0
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index c8825c5a8dd0..f9123fe8fcf3 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -24,6 +24,8 @@
 
 /* Hyp Configuration Register (HCR) bits */
 #define HCR_FWB		(UL(1) << 46)
+#define HCR_API		(UL(1) << 41)
+#define HCR_APK		(UL(1) << 40)
 #define HCR_TEA		(UL(1) << 37)
 #define HCR_TERR	(UL(1) << 36)
 #define HCR_TLOR	(UL(1) << 35)
@@ -87,7 +89,7 @@
 			 HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | \
 			 HCR_FMO | HCR_IMO)
 #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF)
-#define HCR_HOST_NVHE_FLAGS (HCR_RW)
+#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK)
 #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
 
 /* TCR_EL2 Registers bits */

From patchwork Fri Dec  7 18:39:24 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153189
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831534ljp;
 Fri, 7 Dec 2018 10:40:27 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UqDoJDGGKRkwHrbd9J8TAULwbv1r//Tr1BlP4MCWPoUE0lPKEXTZ7/OWLKqX2mV4n5s8KG
X-Received: by 2002:a62:345:: with SMTP id 66mr3277798pfd.189.1544208027541; 
 Fri, 07 Dec 2018 10:40:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208027; cv=none;
 d=google.com; s=arc-20160816;
 b=l1PrkdcoikEm4bat1yvWfxzsbKTl+g3b2Eai0SDJfOcM5wTyzX3EOpO6aoN6/fb9zK
 SIWfkwp/FnLM3V5eEhf/lToJpq8trLhk86+To+j4ApRD5Hqu3dJxIhM/lFOOR4JwqDcw
 EyV5bvfg7vO5DCbTlJFihkeDAha9svYrM8MDbMjc1j5fUOoYW0bV3UxntO+cV2qO3JWp
 5PcV1wfOky5NCa3fk5NN7mmCR+HYWU+EulGlzR/0ARHZYFz1ty/Sf6X7n4L3uMYrz9HQ
 VPWDS4I+WUbidrndhUPEH0Y/hMflUrGyECaTwJolTiuzXAf5ydhhhjZeu7kSDpaE4Jb1
 kWdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=CrXtenP/K5eSfq3/HlQGgXM4usiQF1eTSJyQU0ucMcI=;
 b=OhRwfFM076xQck6Oq2j3TeKxgJnstOCks/eiJDEBF36v+YLl9zdNijIHn+Eo5cwt7p
 D3UX1b/9uAl6TpM7FmmSTNUikj2+MVyiP4QGdxW7itnYKZgkyAA/Ob+zvZFp+h+kMoYx
 s9jOkXKmatWVQHF9NoOB7Q6m6bSiPJW15fhYhnzbdb0N0of/pd/a8wA9/JMAaRLtGP9X
 HICiDMC8sZiEmfakOdBeeBDNExoCXZUn6mHXxnYJW1FX6LkttzsUx6VYqRDqGtyMTB3f
 SrBYj7xm0LQaMu1Jyq9Z4KZjoWidVsvqGGZSDLfwZrC0KgdO1VyTxkqxDKB1LTDIAhDR
 lxzw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id a18si3466559pgj.77.2018.12.07.10.40.27;
 Fri, 07 Dec 2018 10:40:27 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726347AbeLGSkZ (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:25 -0500
Received: from foss.arm.com ([217.140.101.70]:52046 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726149AbeLGSkY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:24 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 31FAB15BE;
 Fri,  7 Dec 2018 10:40:24 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 190A33F5AF; Fri,  7 Dec 2018 10:40:20 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 06/13] arm64/cpufeature: detect pointer authentication
Date: Fri,  7 Dec 2018 18:39:24 +0000
Message-Id: <20181207183931.4285-7-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

So that we can dynamically handle the presence of pointer authentication
functionality, wire up probing code in cpufeature.c.

>From ARMv8.3 onwards, ID_AA64ISAR1 is no longer entirely RES0, and now
has four fields describing the presence of pointer authentication
functionality:

* APA - address authentication present, using an architected algorithm
* API - address authentication present, using an IMP DEF algorithm
* GPA - generic authentication present, using an architected algorithm
* GPI - generic authentication present, using an IMP DEF algorithm

This patch checks for both address and generic authentication,
separately. It is assumed that if all CPUs support an IMP DEF algorithm,
the same algorithm is used across all CPUs.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/include/asm/cpucaps.h    |  8 +++-
 arch/arm64/include/asm/cpufeature.h | 12 +++++
 arch/arm64/kernel/cpufeature.c      | 90 +++++++++++++++++++++++++++++++++++++
 3 files changed, 109 insertions(+), 1 deletion(-)

-- 
2.11.0
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 6e2d254c09eb..62fc48604263 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -54,7 +54,13 @@
 #define ARM64_HAS_CRC32				33
 #define ARM64_SSBS				34
 #define ARM64_WORKAROUND_1188873		35
+#define ARM64_HAS_ADDRESS_AUTH_ARCH		36
+#define ARM64_HAS_ADDRESS_AUTH_IMP_DEF		37
+#define ARM64_HAS_ADDRESS_AUTH			38
+#define ARM64_HAS_GENERIC_AUTH_ARCH		39
+#define ARM64_HAS_GENERIC_AUTH_IMP_DEF		40
+#define ARM64_HAS_GENERIC_AUTH			41
 
-#define ARM64_NCAPS				36
+#define ARM64_NCAPS				42
 
 #endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index 7e2ec64aa414..1c8393ffabff 100644
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -514,6 +514,18 @@ static inline bool system_supports_cnp(void)
 		cpus_have_const_cap(ARM64_HAS_CNP);
 }
 
+static inline bool system_supports_address_auth(void)
+{
+	return IS_ENABLED(CONFIG_ARM64_PTR_AUTH) &&
+		cpus_have_const_cap(ARM64_HAS_ADDRESS_AUTH);
+}
+
+static inline bool system_supports_generic_auth(void)
+{
+	return IS_ENABLED(CONFIG_ARM64_PTR_AUTH) &&
+		cpus_have_const_cap(ARM64_HAS_GENERIC_AUTH);
+}
+
 #define ARM64_SSBD_UNKNOWN		-1
 #define ARM64_SSBD_FORCE_DISABLE	0
 #define ARM64_SSBD_KERNEL		1
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index aec5ecb85737..f8e3c3568a79 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -141,9 +141,17 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
 };
 
 static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
+	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
+		       FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPI_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
+		       FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPA_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
+		       FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_API_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
+		       FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_APA_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0),
 	ARM64_FTR_END,
 };
@@ -1145,6 +1153,36 @@ static void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused)
 }
 #endif /* CONFIG_ARM64_RAS_EXTN */
 
+#ifdef CONFIG_ARM64_PTR_AUTH
+static bool has_address_auth(const struct arm64_cpu_capabilities *entry,
+			     int __unused)
+{
+	u64 isar1 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR1_EL1);
+	bool api, apa;
+
+	apa = cpuid_feature_extract_unsigned_field(isar1,
+					ID_AA64ISAR1_APA_SHIFT) > 0;
+	api = cpuid_feature_extract_unsigned_field(isar1,
+					ID_AA64ISAR1_API_SHIFT) > 0;
+
+	return apa || api;
+}
+
+static bool has_generic_auth(const struct arm64_cpu_capabilities *entry,
+			     int __unused)
+{
+	u64 isar1 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR1_EL1);
+	bool gpi, gpa;
+
+	gpa = cpuid_feature_extract_unsigned_field(isar1,
+					ID_AA64ISAR1_GPA_SHIFT) > 0;
+	gpi = cpuid_feature_extract_unsigned_field(isar1,
+					ID_AA64ISAR1_GPI_SHIFT) > 0;
+
+	return gpa || gpi;
+}
+#endif /* CONFIG_ARM64_PTR_AUTH */
+
 static const struct arm64_cpu_capabilities arm64_features[] = {
 	{
 		.desc = "GIC system register CPU interface",
@@ -1368,6 +1406,58 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
 		.cpu_enable = cpu_enable_cnp,
 	},
 #endif
+#ifdef CONFIG_ARM64_PTR_AUTH
+	{
+		.desc = "Address authentication (architected algorithm)",
+		.capability = ARM64_HAS_ADDRESS_AUTH_ARCH,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.sys_reg = SYS_ID_AA64ISAR1_EL1,
+		.sign = FTR_UNSIGNED,
+		.field_pos = ID_AA64ISAR1_APA_SHIFT,
+		.min_field_value = ID_AA64ISAR1_APA_ARCHITECTED,
+		.matches = has_cpuid_feature,
+	},
+	{
+		.desc = "Address authentication (IMP DEF algorithm)",
+		.capability = ARM64_HAS_ADDRESS_AUTH_IMP_DEF,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.sys_reg = SYS_ID_AA64ISAR1_EL1,
+		.sign = FTR_UNSIGNED,
+		.field_pos = ID_AA64ISAR1_API_SHIFT,
+		.min_field_value = ID_AA64ISAR1_API_IMP_DEF,
+		.matches = has_cpuid_feature,
+	},
+	{
+		.capability = ARM64_HAS_ADDRESS_AUTH,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.matches = has_address_auth,
+	},
+	{
+		.desc = "Generic authentication (architected algorithm)",
+		.capability = ARM64_HAS_GENERIC_AUTH_ARCH,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.sys_reg = SYS_ID_AA64ISAR1_EL1,
+		.sign = FTR_UNSIGNED,
+		.field_pos = ID_AA64ISAR1_GPA_SHIFT,
+		.min_field_value = ID_AA64ISAR1_GPA_ARCHITECTED,
+		.matches = has_cpuid_feature,
+	},
+	{
+		.desc = "Generic authentication (IMP DEF algorithm)",
+		.capability = ARM64_HAS_GENERIC_AUTH_IMP_DEF,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.sys_reg = SYS_ID_AA64ISAR1_EL1,
+		.sign = FTR_UNSIGNED,
+		.field_pos = ID_AA64ISAR1_GPI_SHIFT,
+		.min_field_value = ID_AA64ISAR1_GPI_IMP_DEF,
+		.matches = has_cpuid_feature,
+	},
+	{
+		.capability = ARM64_HAS_GENERIC_AUTH,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.matches = has_generic_auth,
+	},
+#endif /* CONFIG_ARM64_PTR_AUTH */
 	{},
 };
 

From patchwork Fri Dec  7 18:39:25 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153190
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831590ljp;
 Fri, 7 Dec 2018 10:40:31 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UJshP00INuhROeuwlpaxKIeOnSxBP3xYsaTb9XEm1cgmZ0vAS/LDTsgxa/yuxxhjimYqfW
X-Received: by 2002:a62:1d8f:: with SMTP id d137mr3280408pfd.11.1544208030860; 
 Fri, 07 Dec 2018 10:40:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208030; cv=none;
 d=google.com; s=arc-20160816;
 b=tjifoM5KgdtFjeiPexHx7IE07L+cZFdplO8Ma3ZShFPUeuJdKchM98RNqIXfpKLxBY
 5IVIxx++AJGvXOhbwGeS9pCPRF7By97HyjzZWKnKUTaffXqFRO36TuNrOGxOCGCpznbo
 BdEYCmNBIeGaLsgbFnArI8/ijKgkY6wDIsZnXo7VCz+071HIEuPWNVrTlPEPLMoOCdcL
 PZ7miHD6yb3TcZgJIES3lfAAodyakhbPadzNHfzeyqcFJH5M9UukxDRIHcHQsb2XV6FF
 BOOdXjTdpwVzTZHpaizEfbUo5sN55T7/I4b+EbLRUYXPhISL5lgOBZNEkPpJzWdOQIhd
 8C/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=bUXBr830mTNTZqUGk4J/17D42LTWK3fsPvWOhpWzOAc=;
 b=kmmFiDqLK5Y3+YsPp1TiAbJXkHO3s9xpOzj5YtC7psQAq6h61iUMVhRuN6RKTXLvRb
 23qHw9uyFE4GENpDY6NI2BVdcpu049ox6Lf9PSw84TUMgkZMtnObeSOAUh6vKfNSoiJc
 1+HWcWtkFFMLsuQu8PWD+fF06WfMCrqYZ+fyXBAoz+tnTRf2MTECESz0OEDh6yZNRBgc
 skp9CQJLkk9PA6XILmbPLA8JcaUTFHP7ytcwrfp9l8EpqgmJ9JLXRBdNEjKPQ0YMHDFY
 ydOo18vBS+KIcrVYIxShLu+0nJhpTxM9s5cDErRXiItrqKJi6L9ff8Z+vobGan/JjQ10
 z2VA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id a18si3466559pgj.77.2018.12.07.10.40.30;
 Fri, 07 Dec 2018 10:40:30 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726362AbeLGSk3 (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:29 -0500
Received: from foss.arm.com ([217.140.101.70]:52072 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726348AbeLGSk2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:28 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 41BF31682;
 Fri,  7 Dec 2018 10:40:28 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 28B483F5AF; Fri,  7 Dec 2018 10:40:25 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 07/13] arm64: add basic pointer authentication support
Date: Fri,  7 Dec 2018 18:39:25 +0000
Message-Id: <20181207183931.4285-8-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

This patch adds basic support for pointer authentication, allowing
userspace to make use of APIAKey, APIBKey, APDAKey, APDBKey, and
APGAKey. The kernel maintains key values for each process (shared by all
threads within), which are initialised to random values at exec() time.

The ID_AA64ISAR1_EL1.{APA,API,GPA,GPI} fields are exposed to userspace,
to describe that pointer authentication instructions are available and
that the kernel is managing the keys. Two new hwcaps are added for the
same reason: PACA (for address authentication) and PACG (for generic
authentication).

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Tested-by: Adam Wallis <awallis@codeaurora.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/include/asm/pointer_auth.h | 75 +++++++++++++++++++++++++++++++++++
 arch/arm64/include/asm/thread_info.h  |  4 ++
 arch/arm64/include/uapi/asm/hwcap.h   |  2 +
 arch/arm64/kernel/cpufeature.c        | 13 ++++++
 arch/arm64/kernel/cpuinfo.c           |  2 +
 arch/arm64/kernel/process.c           |  4 ++
 6 files changed, 100 insertions(+)
 create mode 100644 arch/arm64/include/asm/pointer_auth.h

-- 
2.11.0
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
new file mode 100644
index 000000000000..fc7ffe8e326f
--- /dev/null
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: GPL-2.0
+#ifndef __ASM_POINTER_AUTH_H
+#define __ASM_POINTER_AUTH_H
+
+#include <linux/random.h>
+
+#include <asm/cpufeature.h>
+#include <asm/sysreg.h>
+
+#ifdef CONFIG_ARM64_PTR_AUTH
+/*
+ * Each key is a 128-bit quantity which is split across a pair of 64-bit
+ * registers (Lo and Hi).
+ */
+struct ptrauth_key {
+	unsigned long lo, hi;
+};
+
+/*
+ * We give each process its own keys, which are shared by all threads. The keys
+ * are inherited upon fork(), and reinitialised upon exec*().
+ */
+struct ptrauth_keys {
+	struct ptrauth_key apia;
+	struct ptrauth_key apib;
+	struct ptrauth_key apda;
+	struct ptrauth_key apdb;
+	struct ptrauth_key apga;
+};
+
+static inline void ptrauth_keys_init(struct ptrauth_keys *keys)
+{
+	if (system_supports_address_auth())
+		get_random_bytes(keys, sizeof(struct ptrauth_key) * 4);
+
+	if (system_supports_generic_auth())
+		get_random_bytes(&keys->apga, sizeof(struct ptrauth_key));
+}
+
+#define __ptrauth_key_install(k, v)				\
+do {								\
+	struct ptrauth_key __pki_v = (v);			\
+	write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1);	\
+	write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1);	\
+} while (0)
+
+static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
+{
+	if (system_supports_address_auth()) {
+		__ptrauth_key_install(APIA, keys->apia);
+		__ptrauth_key_install(APIB, keys->apib);
+		__ptrauth_key_install(APDA, keys->apda);
+		__ptrauth_key_install(APDB, keys->apdb);
+	}
+
+	if (system_supports_generic_auth())
+		__ptrauth_key_install(APGA, keys->apga);
+}
+
+#define ptrauth_thread_init_user(tsk)					\
+do {									\
+	struct task_struct *__ptiu_tsk = (tsk);				\
+	ptrauth_keys_init(&__ptiu_tsk->thread_info.keys_user);		\
+	ptrauth_keys_switch(&__ptiu_tsk->thread_info.keys_user);	\
+} while (0)
+
+#define ptrauth_thread_switch(tsk)	\
+	ptrauth_keys_switch(&(tsk)->thread_info.keys_user)
+
+#else /* CONFIG_ARM64_PTR_AUTH */
+#define ptrauth_thread_init_user(tsk)
+#define ptrauth_thread_switch(tsk)
+#endif /* CONFIG_ARM64_PTR_AUTH */
+
+#endif /* __ASM_POINTER_AUTH_H */
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index cb2c10a8f0a8..ea9272fb52d4 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -28,6 +28,7 @@
 struct task_struct;
 
 #include <asm/memory.h>
+#include <asm/pointer_auth.h>
 #include <asm/stack_pointer.h>
 #include <asm/types.h>
 
@@ -43,6 +44,9 @@ struct thread_info {
 	u64			ttbr0;		/* saved TTBR0_EL1 */
 #endif
 	int			preempt_count;	/* 0 => preemptable, <0 => bug */
+#ifdef CONFIG_ARM64_PTR_AUTH
+	struct ptrauth_keys	keys_user;
+#endif
 };
 
 #define thread_saved_pc(tsk)	\
diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h
index 2bcd6e4f3474..22efc70aa0a1 100644
--- a/arch/arm64/include/uapi/asm/hwcap.h
+++ b/arch/arm64/include/uapi/asm/hwcap.h
@@ -49,5 +49,7 @@
 #define HWCAP_ILRCPC		(1 << 26)
 #define HWCAP_FLAGM		(1 << 27)
 #define HWCAP_SSBS		(1 << 28)
+#define HWCAP_PACA		(1 << 29)
+#define HWCAP_PACG		(1 << 30)
 
 #endif /* _UAPI__ASM_HWCAP_H */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index f8e3c3568a79..6daa2f451eb9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1154,6 +1154,12 @@ static void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused)
 #endif /* CONFIG_ARM64_RAS_EXTN */
 
 #ifdef CONFIG_ARM64_PTR_AUTH
+static void cpu_enable_address_auth(struct arm64_cpu_capabilities const *cap)
+{
+	sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |
+				       SCTLR_ELx_ENDA | SCTLR_ELx_ENDB);
+}
+
 static bool has_address_auth(const struct arm64_cpu_capabilities *entry,
 			     int __unused)
 {
@@ -1431,6 +1437,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
 		.capability = ARM64_HAS_ADDRESS_AUTH,
 		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
 		.matches = has_address_auth,
+		.cpu_enable = cpu_enable_address_auth,
 	},
 	{
 		.desc = "Generic authentication (architected algorithm)",
@@ -1504,6 +1511,12 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
 	HWCAP_CAP(SYS_ID_AA64PFR0_EL1, ID_AA64PFR0_SVE_SHIFT, FTR_UNSIGNED, ID_AA64PFR0_SVE, CAP_HWCAP, HWCAP_SVE),
 #endif
 	HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_SSBS_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_SSBS_PSTATE_INSNS, CAP_HWCAP, HWCAP_SSBS),
+#ifdef CONFIG_ARM64_PTR_AUTH
+	{ .desc = "HWCAP_PACA", .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_address_auth,
+		.hwcap_type = CAP_HWCAP, .hwcap = HWCAP_PACA },
+	{ .desc = "HWCAP_PACG", .type = ARM64_CPUCAP_SYSTEM_FEATURE, .matches = has_generic_auth,
+		.hwcap_type = CAP_HWCAP, .hwcap = HWCAP_PACG },
+#endif
 	{},
 };
 
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index bcc2831399cb..e7c7cad8dd85 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -82,6 +82,8 @@ static const char *const hwcap_str[] = {
 	"ilrcpc",
 	"flagm",
 	"ssbs",
+	"paca",
+	"pacg",
 	NULL
 };
 
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index d9a4c2d6dd8b..17a6b4dd6e46 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -57,6 +57,7 @@
 #include <asm/fpsimd.h>
 #include <asm/mmu_context.h>
 #include <asm/processor.h>
+#include <asm/pointer_auth.h>
 #include <asm/stacktrace.h>
 
 #ifdef CONFIG_STACKPROTECTOR
@@ -429,6 +430,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
 	contextidr_thread_switch(next);
 	entry_task_switch(next);
 	uao_thread_switch(next);
+	ptrauth_thread_switch(next);
 
 	/*
 	 * Complete any pending TLB or cache maintenance on this CPU in case
@@ -496,4 +498,6 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
 void arch_setup_new_exec(void)
 {
 	current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
+
+	ptrauth_thread_init_user(current);
 }

From patchwork Fri Dec  7 18:39:26 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153191
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831661ljp;
 Fri, 7 Dec 2018 10:40:35 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XHKDKfCVt6Zuber3w0+cQk29g0izlwfJaJ6DytMbjXlnTxWypIM09I0jf0jc0UPANE/Mow
X-Received: by 2002:a63:344e:: with SMTP id b75mr2820051pga.184.1544208035001; 
 Fri, 07 Dec 2018 10:40:35 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208034; cv=none;
 d=google.com; s=arc-20160816;
 b=DEKREu9jC7NrooTQ2jh6P4aOobAFhx+Avgqp7dSFu7b0cIeDKIHN7MDs4ag3yN7X9F
 tBXxBKY14j5jBt4GGRouM8gcJoK9a1KA3uktShZGg2+poP+oFGWfwv6JanBNj+m9ngS8
 yQwfJZdjpN+XfAF1WGpXd4MOkF6Lu6ZzRYqkJhzDcH/RqaK0hXsLnsZwgjMpmC/1EJri
 sGTuzCE/nSBJHXZlHeTIQTdX6pAZHejcACymzxprASqF4h5qRRkNgvsRYQ/lBOrDLzxg
 rh2l6WQBDiTj7UUs8My4AVwwWIZRQrYG91UnoL4bZwFdYz5LLBqYbnzgJ264SL4+KyT8
 ENEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=zDwu+8Od4yzeB5ANAXyRiKj8seCt5sHtr0ow52SSr7w=;
 b=J1CcN96K5mb9Jj7QZ/qmLkvmNign0j0PbmJQSfoUk293pcOL6KNHbep9t54x9oqGH6
 YVYHGW5nKuiOzS4ZzymblITlitpUBh1hfIKxfSYmv7fVLuT8EvuWMyiSCodychJ0FCTH
 Nn3IHkUA82PoKr5BaIPjulLDzIz9VmeVteE9U/P8iBo1wlHjHjslL18JkoJE5LC3duXd
 lSDQfeTUCGyEeGrxOLv4GIpcoVyRrZ+IA7VB2mUH3nczJuBykVngCDpAUsYVWMNa6zRL
 ljtSaPi7BmCm0bC7122Q8HnxthL/qnmMQADFFVo611/3Sud2nNwcXim3NZcg0zgqvK4i
 smTw==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id a18si3466559pgj.77.2018.12.07.10.40.34;
 Fri, 07 Dec 2018 10:40:34 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726373AbeLGSkd (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:33 -0500
Received: from foss.arm.com ([217.140.101.70]:52098 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726077AbeLGSkc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:32 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 34D6B15AD;
 Fri,  7 Dec 2018 10:40:32 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 1CEC43F5AF; Fri,  7 Dec 2018 10:40:28 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 08/13] arm64: expose user PAC bit positions via ptrace
Date: Fri,  7 Dec 2018 18:39:26 +0000
Message-Id: <20181207183931.4285-9-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

When pointer authentication is in use, data/instruction pointers have a
number of PAC bits inserted into them. The number and position of these
bits depends on the configured TCR_ELx.TxSZ and whether tagging is
enabled. ARMv8.3 allows tagging to differ for instruction and data
pointers.

For userspace debuggers to unwind the stack and/or to follow pointer
chains, they need to be able to remove the PAC bits before attempting to
use a pointer.

This patch adds a new structure with masks describing the location of
the PAC bits in userspace instruction and data pointers (i.e. those
addressable via TTBR0), which userspace can query via PTRACE_GETREGSET.
By clearing these bits from pointers (and replacing them with the value
of bit 55), userspace can acquire the PAC-less versions.

This new regset is exposed when the kernel is built with (user) pointer
authentication support, and the address authentication feature is
enabled. Otherwise, the regset is hidden.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/include/asm/pointer_auth.h |  8 ++++++++
 arch/arm64/include/uapi/asm/ptrace.h  |  7 +++++++
 arch/arm64/kernel/ptrace.c            | 38 +++++++++++++++++++++++++++++++++++
 include/uapi/linux/elf.h              |  1 +
 4 files changed, 54 insertions(+)

-- 
2.11.0
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index fc7ffe8e326f..5721228836c1 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -2,9 +2,11 @@
 #ifndef __ASM_POINTER_AUTH_H
 #define __ASM_POINTER_AUTH_H
 
+#include <linux/bitops.h>
 #include <linux/random.h>
 
 #include <asm/cpufeature.h>
+#include <asm/memory.h>
 #include <asm/sysreg.h>
 
 #ifdef CONFIG_ARM64_PTR_AUTH
@@ -57,6 +59,12 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
 		__ptrauth_key_install(APGA, keys->apga);
 }
 
+/*
+ * The EL0 pointer bits used by a pointer authentication code.
+ * This is dependent on TBI0 being enabled, or bits 63:56 would also apply.
+ */
+#define ptrauth_pac_mask() 	GENMASK(54, VA_BITS)
+
 #define ptrauth_thread_init_user(tsk)					\
 do {									\
 	struct task_struct *__ptiu_tsk = (tsk);				\
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index a36227fdb084..c2f249bcd829 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -229,6 +229,13 @@ struct user_sve_header {
 		  SVE_PT_SVE_OFFSET + SVE_PT_SVE_SIZE(vq, flags)	\
 		: SVE_PT_FPSIMD_OFFSET + SVE_PT_FPSIMD_SIZE(vq, flags))
 
+/* pointer authentication masks (NT_ARM_PAC_MASK) */
+
+struct user_pac_mask {
+	__u64		data_mask;
+	__u64		insn_mask;
+};
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* _UAPI__ASM_PTRACE_H */
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 1710a2d01669..6c1f63cb6c4e 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -46,6 +46,7 @@
 #include <asm/debug-monitors.h>
 #include <asm/fpsimd.h>
 #include <asm/pgtable.h>
+#include <asm/pointer_auth.h>
 #include <asm/stacktrace.h>
 #include <asm/syscall.h>
 #include <asm/traps.h>
@@ -956,6 +957,30 @@ static int sve_set(struct task_struct *target,
 
 #endif /* CONFIG_ARM64_SVE */
 
+#ifdef CONFIG_ARM64_PTR_AUTH
+static int pac_mask_get(struct task_struct *target,
+			const struct user_regset *regset,
+			unsigned int pos, unsigned int count,
+			void *kbuf, void __user *ubuf)
+{
+	/*
+	 * The PAC bits can differ across data and instruction pointers
+	 * depending on TCR_EL1.TBID*, which we may make use of in future, so
+	 * we expose separate masks.
+	 */
+	unsigned long mask = ptrauth_pac_mask();
+	struct user_pac_mask uregs = {
+		.data_mask = mask,
+		.insn_mask = mask,
+	};
+
+	if (!system_supports_address_auth())
+		return -EINVAL;
+
+	return user_regset_copyout(&pos, &count, &kbuf, &ubuf, &uregs, 0, -1);
+}
+#endif /* CONFIG_ARM64_PTR_AUTH */
+
 enum aarch64_regset {
 	REGSET_GPR,
 	REGSET_FPR,
@@ -968,6 +993,9 @@ enum aarch64_regset {
 #ifdef CONFIG_ARM64_SVE
 	REGSET_SVE,
 #endif
+#ifdef CONFIG_ARM64_PTR_AUTH
+	REGSET_PAC_MASK,
+#endif
 };
 
 static const struct user_regset aarch64_regsets[] = {
@@ -1037,6 +1065,16 @@ static const struct user_regset aarch64_regsets[] = {
 		.get_size = sve_get_size,
 	},
 #endif
+#ifdef CONFIG_ARM64_PTR_AUTH
+	[REGSET_PAC_MASK] = {
+		.core_note_type = NT_ARM_PAC_MASK,
+		.n = sizeof(struct user_pac_mask) / sizeof(u64),
+		.size = sizeof(u64),
+		.align = sizeof(u64),
+		.get = pac_mask_get,
+		/* this cannot be set dynamically */
+	},
+#endif
 };
 
 static const struct user_regset_view user_aarch64_view = {
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
index c5358e0ae7c5..3f23273d690c 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -420,6 +420,7 @@ typedef struct elf64_shdr {
 #define NT_ARM_HW_WATCH	0x403		/* ARM hardware watchpoint registers */
 #define NT_ARM_SYSTEM_CALL	0x404	/* ARM system call number */
 #define NT_ARM_SVE	0x405		/* ARM Scalable Vector Extension registers */
+#define NT_ARM_PAC_MASK		0x406	/* ARM pointer authentication code masks */
 #define NT_ARC_V2	0x600		/* ARCv2 accumulator/extra registers */
 #define NT_VMCOREDD	0x700		/* Vmcore Device Dump Note */
 #define NT_MIPS_DSP	0x800		/* MIPS DSP ASE registers */

From patchwork Fri Dec  7 18:39:27 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153192
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831733ljp;
 Fri, 7 Dec 2018 10:40:40 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UHtxvs+WiFhT0YPw+SGC2EVvC46mCRt9XGUO+5Yq9QbrHBJvNRpk/YsVEAugdkmvlMiSdK
X-Received: by 2002:a17:902:14b:: with SMTP id
 69mr3241312plb.52.1544208040129; 
 Fri, 07 Dec 2018 10:40:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208040; cv=none;
 d=google.com; s=arc-20160816;
 b=N4+Ojk+Ij8s+mV7kVSY5oBeyqpO/VctqWW5qhrTzNxZSYX4Q+1altIUETU3xvNvtYa
 xcYsoaYxI6AtGY4n73uv8k1E70eLhiOmpd4GKaLmSA98XRSfHdfx/uDWJFdv0x4Gic5Y
 zTheaAOCppY6L18FuaQsYN99UWotGZ16FZARhsmA3CJslEP+ZX3iEcLeKtpXQNo6+ehs
 tSd53Q5JulnYXqyj1Ov//9i2p4iYqXXR2e9rhhVAMZ98mKVX6Hyt+xVEqunFljAwXtG6
 ZcOvM7+4eadOD4r/bFEVFnwjCk8PQejgpUI3pu1pRRR3mrhw1XIc1I3i0edC6AkP0YgR
 TJBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=nbfuvLKSG7ktUMulhpijSbEvFR/rXox1O0mw1IqmIKs=;
 b=G+nEMHAai+KglA3C/PEaEiOlxGV8crOLIfWfMZd6x3/ghIXSfPdaW5AbhRe195CO5r
 ga0itgXe7iTJBh1F0Jh0krCiE5iMKTw21CX/fqDystBXd8Wn68NDRl7Yje7m44Zsg0a1
 YU3sL9DOqnalagY5kIuzsH7F+C7AFeGCui0rYSFY+2eoJYyuyICsshMMG+iy7LjqRBGT
 yNOo8EUbRL/bbhnsjohRvn6NRuFuTfhnhmUYz2xJDk99HFx4OLPJ8SXT1LXAhrDGjd0D
 sg9Fzk6HqaoNcpi2YWmf2zFH9TK8zTyHdSjQ8fpqw+u3zHdOOmL60Eh1Ca+cCzvkRZax
 uKQA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 t186si3826626pfd.68.2018.12.07.10.40.39; 
 Fri, 07 Dec 2018 10:40:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726393AbeLGSki (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:38 -0500
Received: from foss.arm.com ([217.140.101.70]:52128 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726077AbeLGSkg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:36 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 22BD8EBD;
 Fri,  7 Dec 2018 10:40:36 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 0989E3F5AF; Fri,  7 Dec 2018 10:40:32 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 09/13] arm64: perf: strip PAC when unwinding userspace
Date: Fri,  7 Dec 2018 18:39:27 +0000
Message-Id: <20181207183931.4285-10-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

When the kernel is unwinding userspace callchains, we can't expect that
the userspace consumer of these callchains has the data necessary to
strip the PAC from the stored LR.

This patch has the kernel strip the PAC from user stackframes when the
in-kernel unwinder is used. This only affects the LR value, and not the
FP.

This only affects the in-kernel unwinder. When userspace performs
unwinding, it is up to userspace to strip PACs as necessary (which can
be determined from DWARF information).

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/include/asm/pointer_auth.h | 7 +++++++
 arch/arm64/kernel/perf_callchain.c    | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

-- 
2.11.0

diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index 5721228836c1..89190d93c850 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -65,6 +65,12 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
  */
 #define ptrauth_pac_mask() 	GENMASK(54, VA_BITS)
 
+/* Only valid for EL0 TTBR0 instruction pointers */
+static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
+{
+	return ptr & ~ptrauth_pac_mask();
+}
+
 #define ptrauth_thread_init_user(tsk)					\
 do {									\
 	struct task_struct *__ptiu_tsk = (tsk);				\
@@ -76,6 +82,7 @@ do {									\
 	ptrauth_keys_switch(&(tsk)->thread_info.keys_user)
 
 #else /* CONFIG_ARM64_PTR_AUTH */
+#define ptrauth_strip_insn_pac(lr)	(lr)
 #define ptrauth_thread_init_user(tsk)
 #define ptrauth_thread_switch(tsk)
 #endif /* CONFIG_ARM64_PTR_AUTH */
diff --git a/arch/arm64/kernel/perf_callchain.c b/arch/arm64/kernel/perf_callchain.c
index bcafd7dcfe8b..94754f07f67a 100644
--- a/arch/arm64/kernel/perf_callchain.c
+++ b/arch/arm64/kernel/perf_callchain.c
@@ -18,6 +18,7 @@
 #include <linux/perf_event.h>
 #include <linux/uaccess.h>
 
+#include <asm/pointer_auth.h>
 #include <asm/stacktrace.h>
 
 struct frame_tail {
@@ -35,6 +36,7 @@ user_backtrace(struct frame_tail __user *tail,
 {
 	struct frame_tail buftail;
 	unsigned long err;
+	unsigned long lr;
 
 	/* Also check accessibility of one struct frame_tail beyond */
 	if (!access_ok(VERIFY_READ, tail, sizeof(buftail)))
@@ -47,7 +49,9 @@ user_backtrace(struct frame_tail __user *tail,
 	if (err)
 		return NULL;
 
-	perf_callchain_store(entry, buftail.lr);
+	lr = ptrauth_strip_insn_pac(buftail.lr);
+
+	perf_callchain_store(entry, lr);
 
 	/*
 	 * Frame pointers should strictly progress back up the stack

From patchwork Fri Dec  7 18:39:30 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153194
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp832071ljp;
 Fri, 7 Dec 2018 10:41:02 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VC126xJPKm+xdDEpL4snmCTPxM6STQcmdQ8WPDGK3sD8Ej4sZKdEGyLqAHerbZ9id/vKm1
X-Received: by 2002:a65:4381:: with SMTP id m1mr2869523pgp.358.1544208062301; 
 Fri, 07 Dec 2018 10:41:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208062; cv=none;
 d=google.com; s=arc-20160816;
 b=fkjotTfhdU5hTiy5SupaCPYMAiJVvkZ4ez79NkTXuDAILEnMB9BnNICBYyNNLsDlV+
 05cxQnukZXdXGs9ObmcWvryBjC1cCPZoljqh8uJcLND5dXKfF79fHfXJyk3sKSXJmvlT
 IXFq0KYgFsFsTwWfvcO3gj+qbSoKiY7ECp9a+brMqbZeLQmkvzBJnwTyCxuoZ/gupGXM
 M2SZ4OGstb9XPLGrNUyLcEVjZM5Vv9IKs7alcZqC5ttDMRx9t02njW6EfQGTmxIrgY7V
 8CGytHN6iftvJQIcInChpXYVfrwp/Guzc5/ayDAcf9g0iZi3tkmOBNwJCZ6bqxbROBY6
 JHsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=Do4zxYn4nFjoZMaBwZMIHnDgcVlYecw66q2BMdfTWRs=;
 b=xqvjL0BFs/CTvOuSJ32a+CZ+Cf+eWHwGWc3GkJ27kQ1vpMGtnPI+LVMLnt39rA0R3A
 bhtRjmT/ijGl6a+4BdufyxXfvdFwIVuAIgWcrGkpgaz6Pa3UOCIQmrS1jRCAI0L5Sm7K
 5RT9NuugKjfi11izocGoA/wwPKoh2kof5MannfBJEb8yyPjmajrO4H8DdqShSBEaMLAy
 4vQwqqVVz8zAt/wlJVNsrYfm8RC2S8YtFFvaA4bDvxOAPC61XBhxsHPCWj8n+oToUO/N
 Pg1ewSEBr/AK3KrosbicHooMO1LFbD+EwUZ2GzxySxnqqUawabsei32hL+ER94zIGdOJ
 RbwA==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id q8si3351104plr.382.2018.12.07.10.41.02;
 Fri, 07 Dec 2018 10:41:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726437AbeLGSkt (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:49 -0500
Received: from foss.arm.com ([217.140.101.70]:52196 "EHLO foss.arm.com"
 rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726326AbeLGSks (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:48 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E082C15BE;
 Fri,  7 Dec 2018 10:40:47 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 C6D1B3F5AF; Fri,  7 Dec 2018 10:40:44 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 12/13] arm64: enable pointer authentication
Date: Fri,  7 Dec 2018 18:39:30 +0000
Message-Id: <20181207183931.4285-13-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

Now that all the necessary bits are in place for userspace, add the
necessary Kconfig logic to allow this to be enabled.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 arch/arm64/Kconfig | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

-- 
2.11.0

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index ea2ab0330e3a..5279a8646fc6 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1188,6 +1188,29 @@ config ARM64_CNP
 
 endmenu
 
+menu "ARMv8.3 architectural features"
+
+config ARM64_PTR_AUTH
+	bool "Enable support for pointer authentication"
+	default y
+	help
+	  Pointer authentication (part of the ARMv8.3 Extensions) provides
+	  instructions for signing and authenticating pointers against secret
+	  keys, which can be used to mitigate Return Oriented Programming (ROP)
+	  and other attacks.
+
+	  This option enables these instructions at EL0 (i.e. for userspace).
+
+	  Choosing this option will cause the kernel to initialise secret keys
+	  for each process at exec() time, with these keys being
+	  context-switched along with the process.
+
+	  The feature is detected at runtime. If the feature is not present in
+	  hardware it will not be advertised to userspace nor will it be
+	  enabled.
+
+endmenu
+
 config ARM64_SVE
 	bool "ARM Scalable Vector Extension support"
 	default y

From patchwork Fri Dec  7 18:39:31 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kristina Martsenko <kristina.martsenko@arm.com>
X-Patchwork-Id: 153193
Delivered-To: patch@linaro.org
Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp831992ljp;
 Fri, 7 Dec 2018 10:40:57 -0800 (PST)
X-Google-Smtp-Source: AFSGD/Xs+83oj8dST1rJ9WVLR2evuN9O9Gr3QfwCutcwDe31rcetUuSVd0IIUA1tTh1aMEpUBVs+
X-Received: by 2002:a17:902:a601:: with SMTP id
 u1mr3166169plq.77.1544208057217; 
 Fri, 07 Dec 2018 10:40:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544208057; cv=none;
 d=google.com; s=arc-20160816;
 b=gVxXOkQttxITAvpmRIV1KUlgI5kTzVGuRXTYairt28U879wsjPSASScX/HpVfxnACT
 7TwknRBV7KOtASu9gIQLvBqJEDPgkowdB7oywhz2J1BQcu5/NLRuv4oSyp15O187t//a
 gMdocRMGvKbOUmBSaxHVai8YnrXomN/USWB+w0IEs1dkP4NIui1f0eSgoGyMUSaidaTA
 eEU5GI95IkUjykKWbR92dXJBDs16hjVRKCQsD0by4VUBqDBKc1Gob5aqzFX8jAA/M0bP
 8WYfINUIu2PyEUj6Llzsp1DR945WD4XQuQEGjmFeruUyuHSVxEkoSFapppVZ7RYDbr50
 CIoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from;
 bh=Vmu5+kHQqNB+EV25tOr/ckrOjqUTGCKxTJ5IA06Vffs=;
 b=x0E8X+E7zJfZVUMZnTVdyO7kbq7j9QSWt/uBoLOIb2ktwyCEys733uhAqH10bpJKkE
 4UltRkDboHRCx8RRxye92Cu9MXcHSB+KiCTkFE7uL8qEqIWI8f1QCoyYELZh8D2s6ADa
 7+bYD2NqOza54gUiHHbgzJxftzAT4XlZrSTuQNr9xwqzGeoZVyhDRerADxBpTuojsvUK
 ev2gnfFNJqFz7eqiB3NYjuTNzijnVzSmzX582TlcEhjg/3oGeBFVc1kP6bZLH1M7uIAq
 VinVv6b1NNveQJ/JhYuPllzvfhBGRlveGeGkRWeOVHAN09GiKjgNuvsb2Oxa+nKT6vpl
 j53A==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id q8si3351104plr.382.2018.12.07.10.40.56;
 Fri, 07 Dec 2018 10:40:57 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726465AbeLGSkz (ORCPT <rfc822;igor.opaniuk@linaro.org>
 + 31 others); Fri, 7 Dec 2018 13:40:55 -0500
Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:52214 "EHLO
 foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
 id S1726410AbeLGSkx (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
 Fri, 7 Dec 2018 13:40:53 -0500
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249])
 by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 05B11165C;
 Fri,  7 Dec 2018 10:40:52 -0800 (PST)
Received: from moonbear.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com
 [10.72.51.249])
 by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id
 E22BD3F5AF; Fri,  7 Dec 2018 10:40:48 -0800 (PST)
From: Kristina Martsenko <kristina.martsenko@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: Adam Wallis <awallis@codeaurora.org>,
 Amit Kachhap <amit.kachhap@arm.com>, Andrew Jones <drjones@redhat.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Cyrill Gorcunov <gorcunov@gmail.com>, Dave P Martin <dave.martin@arm.com>,
 Jacob Bramley <jacob.bramley@arm.com>, Kees Cook <keescook@chromium.org>,
 Marc Zyngier <marc.zyngier@arm.com>, Mark Rutland <mark.rutland@arm.com>,
 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Will Deacon <will.deacon@arm.com>,
 kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: [PATCH v6 13/13] arm64: docs: document pointer authentication
Date: Fri,  7 Dec 2018 18:39:31 +0000
Message-Id: <20181207183931.4285-14-kristina.martsenko@arm.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20181207183931.4285-1-kristina.martsenko@arm.com>
References: <20181207183931.4285-1-kristina.martsenko@arm.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mark Rutland <mark.rutland@arm.com>

Now that we've added code to support pointer authentication, add some
documentation so that people can figure out if/how to use it.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
Reviewed-by: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
Cc: Andrew Jones <drjones@redhat.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
---
 Documentation/arm64/booting.txt                |  8 +++
 Documentation/arm64/cpu-feature-registers.txt  |  8 +++
 Documentation/arm64/elf_hwcaps.txt             | 12 ++++
 Documentation/arm64/pointer-authentication.txt | 93 ++++++++++++++++++++++++++
 4 files changed, 121 insertions(+)
 create mode 100644 Documentation/arm64/pointer-authentication.txt

-- 
2.11.0

diff --git a/Documentation/arm64/booting.txt b/Documentation/arm64/booting.txt
index 8d0df62c3fe0..8df9f4658d6f 100644
--- a/Documentation/arm64/booting.txt
+++ b/Documentation/arm64/booting.txt
@@ -205,6 +205,14 @@ Before jumping into the kernel, the following conditions must be met:
     ICC_SRE_EL2.SRE (bit 0) must be initialised to 0b0.
   - The DT or ACPI tables must describe a GICv2 interrupt controller.
 
+  For CPUs with pointer authentication functionality:
+  - If EL3 is present:
+    SCR_EL3.APK (bit 16) must be initialised to 0b1
+    SCR_EL3.API (bit 17) must be initialised to 0b1
+  - If the kernel is entered at EL1:
+    HCR_EL2.APK (bit 40) must be initialised to 0b1
+    HCR_EL2.API (bit 41) must be initialised to 0b1
+
 The requirements described above for CPU mode, caches, MMUs, architected
 timers, coherency and system registers apply to all CPUs.  All CPUs must
 enter the kernel in the same exception level.
diff --git a/Documentation/arm64/cpu-feature-registers.txt b/Documentation/arm64/cpu-feature-registers.txt
index 7964f03846b1..d4b4dd1fe786 100644
--- a/Documentation/arm64/cpu-feature-registers.txt
+++ b/Documentation/arm64/cpu-feature-registers.txt
@@ -184,12 +184,20 @@ infrastructure:
      x--------------------------------------------------x
      | Name                         |  bits   | visible |
      |--------------------------------------------------|
+     | GPI                          | [31-28] |    y    |
+     |--------------------------------------------------|
+     | GPA                          | [27-24] |    y    |
+     |--------------------------------------------------|
      | LRCPC                        | [23-20] |    y    |
      |--------------------------------------------------|
      | FCMA                         | [19-16] |    y    |
      |--------------------------------------------------|
      | JSCVT                        | [15-12] |    y    |
      |--------------------------------------------------|
+     | API                          | [11-8]  |    y    |
+     |--------------------------------------------------|
+     | APA                          | [7-4]   |    y    |
+     |--------------------------------------------------|
      | DPB                          | [3-0]   |    y    |
      x--------------------------------------------------x
 
diff --git a/Documentation/arm64/elf_hwcaps.txt b/Documentation/arm64/elf_hwcaps.txt
index ea819ae024dd..13d6691b37be 100644
--- a/Documentation/arm64/elf_hwcaps.txt
+++ b/Documentation/arm64/elf_hwcaps.txt
@@ -182,3 +182,15 @@ HWCAP_FLAGM
 HWCAP_SSBS
 
     Functionality implied by ID_AA64PFR1_EL1.SSBS == 0b0010.
+
+HWCAP_PACA
+
+    Functionality implied by ID_AA64ISAR1_EL1.APA == 0b0001 or
+    ID_AA64ISAR1_EL1.API == 0b0001, as described by
+    Documentation/arm64/pointer-authentication.txt.
+
+HWCAP_PACG
+
+    Functionality implied by ID_AA64ISAR1_EL1.GPA == 0b0001 or
+    ID_AA64ISAR1_EL1.GPI == 0b0001, as described by
+    Documentation/arm64/pointer-authentication.txt.
diff --git a/Documentation/arm64/pointer-authentication.txt b/Documentation/arm64/pointer-authentication.txt
new file mode 100644
index 000000000000..5baca42ba146
--- /dev/null
+++ b/Documentation/arm64/pointer-authentication.txt
@@ -0,0 +1,93 @@
+Pointer authentication in AArch64 Linux
+=======================================
+
+Author: Mark Rutland <mark.rutland@arm.com>
+Date: 2017-07-19
+
+This document briefly describes the provision of pointer authentication
+functionality in AArch64 Linux.
+
+
+Architecture overview
+---------------------
+
+The ARMv8.3 Pointer Authentication extension adds primitives that can be
+used to mitigate certain classes of attack where an attacker can corrupt
+the contents of some memory (e.g. the stack).
+
+The extension uses a Pointer Authentication Code (PAC) to determine
+whether pointers have been modified unexpectedly. A PAC is derived from
+a pointer, another value (such as the stack pointer), and a secret key
+held in system registers.
+
+The extension adds instructions to insert a valid PAC into a pointer,
+and to verify/remove the PAC from a pointer. The PAC occupies a number
+of high-order bits of the pointer, which varies dependent on the
+configured virtual address size and whether pointer tagging is in use.
+
+A subset of these instructions have been allocated from the HINT
+encoding space. In the absence of the extension (or when disabled),
+these instructions behave as NOPs. Applications and libraries using
+these instructions operate correctly regardless of the presence of the
+extension.
+
+The extension provides five separate keys to generate PACs - two for
+instruction addresses (APIAKey, APIBKey), two for data addresses
+(APDAKey, APDBKey), and one for generic authentication (APGAKey).
+
+
+Basic support
+-------------
+
+When CONFIG_ARM64_PTR_AUTH is selected, and relevant HW support is
+present, the kernel will assign random key values to each process at
+exec*() time. The keys are shared by all threads within the process, and
+are preserved across fork().
+
+Presence of address authentication functionality is advertised via
+HWCAP_PACA, and generic authentication functionality via HWCAP_PACG.
+
+The number of bits that the PAC occupies in a pointer is 55 minus the
+virtual address size configured by the kernel. For example, with a
+virtual address size of 48, the PAC is 7 bits wide.
+
+Recent versions of GCC can compile code with APIAKey-based return
+address protection when passed the -msign-return-address option. This
+uses instructions in the HINT space (unless -march=armv8.3-a or higher
+is also passed), and such code can run on systems without the pointer
+authentication extension.
+
+In addition to exec(), keys can also be reinitialized to random values
+using the PR_PAC_RESET_KEYS prctl. A bitmask of PR_PAC_APIAKEY,
+PR_PAC_APIBKEY, PR_PAC_APDAKEY, PR_PAC_APDBKEY and PR_PAC_APGAKEY
+specifies which keys are to be reinitialized; specifying 0 means "all
+keys".
+
+
+Debugging
+---------
+
+When CONFIG_ARM64_PTR_AUTH is selected, and HW support for address
+authentication is present, the kernel will expose the position of TTBR0
+PAC bits in the NT_ARM_PAC_MASK regset (struct user_pac_mask), which
+userspace can acquire via PTRACE_GETREGSET.
+
+The regset is exposed only when HWCAP_PACA is set. Separate masks are
+exposed for data pointers and instruction pointers, as the set of PAC
+bits can vary between the two. Note that the masks apply to TTBR0
+addresses, and are not valid to apply to TTBR1 addresses (e.g. kernel
+pointers).
+
+Additionally, when CONFIG_CHECKPOINT_RESTORE is also set, the kernel
+will expose the NT_ARM_PACA_KEYS and NT_ARM_PACG_KEYS regsets (struct
+user_pac_address_keys and struct user_pac_generic_keys). These can be
+used to get and set the keys for a thread.
+
+
+Virtualization
+--------------
+
+Pointer authentication is not currently supported in KVM guests. KVM
+will mask the feature bits from ID_AA64ISAR1_EL1, and attempted use of
+the feature will result in an UNDEFINED exception being injected into
+the guest.