GONG, Ruiqi (1): arm64: add cmdline to control ptrauth feature at boot
Srinivas Ramana (1): arm64: Defer enabling pointer authentication on boot core
arch/arm64/include/asm/pointer_auth.h | 10 +++++ arch/arm64/include/asm/stackprotector.h | 1 + arch/arm64/kernel/cpufeature.c | 54 ++++++++++++++++++++----- arch/arm64/kernel/head.S | 4 -- 4 files changed, 55 insertions(+), 14 deletions(-)
From: Srinivas Ramana sramana@codeaurora.org
mainline inclusion from mainline-v5.12-rc1 commit 7f6240858cf3abb75237c9ba63ec70d232573ae8 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QNYP
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id...
----------------------------------------
Defer enabling pointer authentication on boot core until after its required to be enabled by cpufeature framework. This will help in controlling the feature dynamically with a boot parameter.
Signed-off-by: Ajay Patil pajay@qti.qualcomm.com Signed-off-by: Prasad Sodagudi psodagud@codeaurora.org Signed-off-by: Srinivas Ramana sramana@codeaurora.org Signed-off-by: Marc Zyngier maz@kernel.org Link: https://lore.kernel.org/r/1610152163-16554-2-git-send-email-sramana@codeauro... Reviewed-by: Catalin Marinas catalin.marinas@arm.com Acked-by: David Brazdil dbrazdil@google.com Link: https://lore.kernel.org/r/20210208095732.3267263-22-maz@kernel.org Signed-off-by: Will Deacon will@kernel.org Signed-off-by: GONG, Ruiqi gongruiqi1@huawei.com --- arch/arm64/include/asm/pointer_auth.h | 10 ++++++++++ arch/arm64/include/asm/stackprotector.h | 1 + arch/arm64/kernel/head.S | 4 ---- 3 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h index c6b4f0603024..b112a11e9302 100644 --- a/arch/arm64/include/asm/pointer_auth.h +++ b/arch/arm64/include/asm/pointer_auth.h @@ -76,6 +76,15 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) return ptrauth_clear_pac(ptr); }
+static __always_inline void ptrauth_enable(void) +{ + if (!system_supports_address_auth()) + return; + sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB | + SCTLR_ELx_ENDA | SCTLR_ELx_ENDB)); + isb(); +} + #define ptrauth_thread_init_user(tsk) \ ptrauth_keys_init_user(&(tsk)->thread.keys_user) #define ptrauth_thread_init_kernel(tsk) \ @@ -84,6 +93,7 @@ static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr) ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)
#else /* CONFIG_ARM64_PTR_AUTH */ +#define ptrauth_enable() #define ptrauth_prctl_reset_keys(tsk, arg) (-EINVAL) #define ptrauth_strip_insn_pac(lr) (lr) #define ptrauth_thread_init_user(tsk) diff --git a/arch/arm64/include/asm/stackprotector.h b/arch/arm64/include/asm/stackprotector.h index 7263e0bac680..33f1bb453150 100644 --- a/arch/arm64/include/asm/stackprotector.h +++ b/arch/arm64/include/asm/stackprotector.h @@ -41,6 +41,7 @@ static __always_inline void boot_init_stack_canary(void) #endif ptrauth_thread_init_kernel(current); ptrauth_thread_switch_kernel(current); + ptrauth_enable(); }
#endif /* _ASM_STACKPROTECTOR_H */ diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 6e3f04b12bcb..2bcefd7e5347 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -420,10 +420,6 @@ SYM_FUNC_START_LOCAL(__primary_switched) adr_l x5, init_task msr sp_el0, x5 // Save thread_info
-#ifdef CONFIG_ARM64_PTR_AUTH - __ptrauth_keys_init_cpu x5, x6, x7, x8 -#endif - adr_l x8, vectors // load VBAR_EL1 with virtual msr vbar_el1, x8 // vector table address isb
Offering: HULK hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QNYP
----------------------------------------
Add a `arm64.nopauth=` cmdline to control kernel's perception to CPU's hardware capability of pointer authentication at early boot stage, which provides a method to turn off the PAuth feature without affecting kABI.
The new cmdline parameter shares the same name with the one introduced by the commit ("arm64: cpufeatures: Allow disabling of Pointer Auth from the command-line") in 5.12 kernel, which is implemented in a different mechanism (check the link below).
Link: https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210208095732.3... Signed-off-by: GONG, Ruiqi gongruiqi1@huawei.com --- arch/arm64/kernel/cpufeature.c | 54 +++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 90700ce19e66..2313398c510c 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1685,10 +1685,27 @@ static void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused) #endif /* CONFIG_ARM64_RAS_EXTN */
#ifdef CONFIG_ARM64_PTR_AUTH +/* + * PAuth is enabled by default, and should be explicitly shut down by + * `arm64.nopauth` if needed. + */ +static int arm64_nopauth __ro_after_init; + +static int __init parse_arm64_nopauth(char *str) +{ + arm64_nopauth = 1; + + return 0; +} +early_param("arm64.nopauth", parse_arm64_nopauth); + static bool has_address_auth_cpucap(const struct arm64_cpu_capabilities *entry, int scope) { int boot_val, sec_val;
+ if (arm64_nopauth) + return false; + /* We don't expect to be called with SCOPE_SYSTEM */ WARN_ON(scope == SCOPE_SYSTEM); /* @@ -1718,6 +1735,12 @@ static bool has_address_auth_metacap(const struct arm64_cpu_capabilities *entry, has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_IMP_DEF], scope); }
+static bool has_ptr_auth_cpucap(const struct arm64_cpu_capabilities *entry, + int scope) +{ + return !arm64_nopauth && has_cpuid_feature(entry, scope); +} + static bool has_generic_auth(const struct arm64_cpu_capabilities *entry, int __unused) { @@ -2169,7 +2192,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .sign = FTR_UNSIGNED, .field_pos = ID_AA64ISAR1_GPA_SHIFT, .min_field_value = ID_AA64ISAR1_GPA_ARCHITECTED, - .matches = has_cpuid_feature, + .matches = has_ptr_auth_cpucap, }, { .desc = "Generic authentication (IMP DEF algorithm)", @@ -2179,7 +2202,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .sign = FTR_UNSIGNED, .field_pos = ID_AA64ISAR1_GPI_SHIFT, .min_field_value = ID_AA64ISAR1_GPI_IMP_DEF, - .matches = has_cpuid_feature, + .matches = has_ptr_auth_cpucap, }, { .capability = ARM64_HAS_GENERIC_AUTH, @@ -2305,6 +2328,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .sign = s, \ .min_field_value = min_value,
+#define HWCAP_CPUID_MATCH_SELF_DEFINED(match, reg, field, s, min_value) \ + .matches = match, \ + .sys_reg = reg, \ + .field_pos = field, \ + .sign = s, \ + .min_field_value = min_value, + #define __HWCAP_CAP(name, cap_type, cap) \ .desc = name, \ .type = ARM64_CPUCAP_SYSTEM_FEATURE, \ @@ -2333,24 +2363,28 @@ static const struct arm64_cpu_capabilities arm64_features[] = { #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { - HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT, - FTR_UNSIGNED, ID_AA64ISAR1_APA_ARCHITECTED) + HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap, + SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT, + FTR_UNSIGNED, ID_AA64ISAR1_APA_ARCHITECTED) }, { - HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_SHIFT, - FTR_UNSIGNED, ID_AA64ISAR1_API_IMP_DEF) + HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap, + SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_SHIFT, + FTR_UNSIGNED, ID_AA64ISAR1_API_IMP_DEF) }, {}, };
static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { { - HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPA_SHIFT, - FTR_UNSIGNED, ID_AA64ISAR1_GPA_ARCHITECTED) + HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap, + SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPA_SHIFT, + FTR_UNSIGNED, ID_AA64ISAR1_GPA_ARCHITECTED) }, { - HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPI_SHIFT, - FTR_UNSIGNED, ID_AA64ISAR1_GPI_IMP_DEF) + HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap, + SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPI_SHIFT, + FTR_UNSIGNED, ID_AA64ISAR1_GPI_IMP_DEF) }, {}, };
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,转换为PR失败! 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A... 失败原因:调用gitee api创建PR失败, 失败原因如下: 源分支 patch-1691734322 不存在 建议解决方法:请稍等,机器人会在下一次任务重新执行
FeedBack: The patch(es) which you have sent to kernel@openeuler.org has been converted to PR failed! Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A... Failed Reason: create PR failed when call gitee's api, failed reason is as follows: 源分支 patch-1691734322 不存在 Suggest Solution: please wait, the bot will retry in the next interval
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/1723 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/1723 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/A...
-
GONG, Ruiqi -
patchwork bot