From: Mark Rutland <mark.rutland@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: arnd@arndb.de, catalin.marinas@arm.com, cdall@linaro.org,
kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org,
marc.zyngier@arm.com, mark.rutland@arm.com,
suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com,
kernel-hardening@lists.openwall.com,
linux-kernel@vger.kernel.org, awallis@codeaurora.org
Subject: [PATCHv2 05/12] arm64: Don't trap host pointer auth use to EL2
Date: Mon, 27 Nov 2017 16:37:59 +0000 [thread overview]
Message-ID: <20171127163806.31435-6-mark.rutland@arm.com> (raw)
In-Reply-To: <20171127163806.31435-1-mark.rutland@arm.com>
To allow EL0 (and/or EL1) to use pointer authentication functionality,
we must ensure that pointer authentication instructions and accesses to
pointer authentication keys are not trapped to EL2 (where we will not be
able to handle them).
This patch ensures that HCR_EL2 is configured appropriately when the
kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK},
ensuring that EL1 can access keys and permit EL0 use of instructions.
For VHE kernels, EL2 access is controlled by EL3, and we need not set
anything.
This does not enable support for KVM guests, since KVM manages HCR_EL2
itself.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Christoffer Dall <cdall@linaro.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: kvmarm@lists.cs.columbia.edu
---
arch/arm64/include/asm/kvm_arm.h | 2 ++
arch/arm64/kernel/head.S | 19 +++++++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
index 7f069ff37f06..62854d5d1d3b 100644
--- a/arch/arm64/include/asm/kvm_arm.h
+++ b/arch/arm64/include/asm/kvm_arm.h
@@ -23,6 +23,8 @@
#include <asm/types.h>
/* Hyp Configuration Register (HCR) bits */
+#define HCR_API (UL(1) << 41)
+#define HCR_APK (UL(1) << 40)
#define HCR_E2H (UL(1) << 34)
#define HCR_ID (UL(1) << 33)
#define HCR_CD (UL(1) << 32)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 67e86a0f57ac..06a96e9af26b 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -415,10 +415,25 @@ CPU_LE( bic x0, x0, #(1 << 25) ) // Clear the EE bit for EL2
/* Hyp configuration. */
mov x0, #HCR_RW // 64-bit EL1
- cbz x2, set_hcr
+ cbz x2, 1f
orr x0, x0, #HCR_TGE // Enable Host Extensions
orr x0, x0, #HCR_E2H
-set_hcr:
+1:
+#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION
+ /*
+ * Disable pointer authentication traps to EL2. The HCR_EL2.{APK,API}
+ * bits exist iff at least one authentication mechanism is implemented.
+ */
+ mrs x1, id_aa64isar1_el1
+ mov_q x3, ((0xf << ID_AA64ISAR1_GPI_SHIFT) | \
+ (0xf << ID_AA64ISAR1_GPA_SHIFT) | \
+ (0xf << ID_AA64ISAR1_API_SHIFT) | \
+ (0xf << ID_AA64ISAR1_APA_SHIFT))
+ and x1, x1, x3
+ cbz x1, 1f
+ orr x0, x0, #(HCR_APK | HCR_API)
+1:
+#endif
msr hcr_el2, x0
isb
--
2.11.0
next prev parent reply other threads:[~2017-11-27 16:39 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 16:37 [PATCHv2 00/12] ARMv8.3 pointer authentication userspace support Mark Rutland
2017-11-27 16:37 ` [PATCHv2 01/12] asm-generic: mm_hooks: allow hooks to be overridden individually Mark Rutland
2017-11-27 16:37 ` [PATCHv2 02/12] arm64: add pointer authentication register bits Mark Rutland
2017-11-27 16:37 ` [PATCHv2 03/12] arm64/cpufeature: add ARMv8.3 id_aa64isar1 bits Mark Rutland
2017-11-27 16:37 ` [PATCHv2 04/12] arm64/cpufeature: detect pointer authentication Mark Rutland
2017-11-27 16:37 ` Mark Rutland [this message]
2018-02-06 12:39 ` [PATCHv2 05/12] arm64: Don't trap host pointer auth use to EL2 Christoffer Dall
2018-02-12 16:00 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 06/12] arm64: add basic pointer authentication support Mark Rutland
2018-05-22 19:06 ` Adam Wallis
2017-11-27 16:38 ` [PATCHv2 07/12] arm64: expose user PAC bit positions via ptrace Mark Rutland
2017-11-27 16:38 ` [PATCHv2 08/12] arm64: perf: strip PAC when unwinding userspace Mark Rutland
2017-11-27 16:38 ` [PATCHv2 09/12] arm64/kvm: preserve host HCR_EL2 value Mark Rutland
2018-02-06 12:39 ` Christoffer Dall
2018-04-09 14:57 ` Mark Rutland
2018-04-09 19:03 ` Christoffer Dall
2017-11-27 16:38 ` [PATCHv2 10/12] arm64/kvm: context-switch ptrauth registers Mark Rutland
2018-02-06 12:38 ` Christoffer Dall
2018-03-09 14:28 ` Mark Rutland
2018-04-09 12:58 ` Christoffer Dall
2018-04-09 14:37 ` Mark Rutland
2017-11-27 16:38 ` [PATCHv2 11/12] arm64: enable pointer authentication Mark Rutland
2017-11-27 16:38 ` [PATCHv2 12/12] arm64: docs: document " Mark Rutland
2017-11-28 15:07 ` Andrew Jones
2017-12-04 12:39 ` Mark Rutland
2017-12-04 12:49 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171127163806.31435-6-mark.rutland@arm.com \
--to=mark.rutland@arm.com \
--cc=arnd@arndb.de \
--cc=awallis@codeaurora.org \
--cc=catalin.marinas@arm.com \
--cc=cdall@linaro.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=will.deacon@arm.com \
--cc=yao.qi@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).