From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06550C433E2 for ; Wed, 2 Sep 2020 14:02:23 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C48802078E for ; Wed, 2 Sep 2020 14:02:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="WqNMaZpc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C48802078E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=rtL4R8719VV+kcVkKPXl0obyGeZCB9BDf2g27oaV5oQ=; b=WqNMaZpcQOcTNgvmCVMeV8HIq Q1zJEX/HMq+8P0XNYKvntA+YXyEIcB4dB1rNz3JvUb39D6Sqfnq5PuN6xpaG5jlX9RSC/eRa07ei9 qza59MQDZYw98ueriI2LEBZxuhzS8FJhu9qLD1zY/TYTU5erA1ojKMjFg3SUkEr1VKfUlPb4A7DP9 LS6/Tc1SGWZA3nCT4A/nq+cl37czNaK6iUjx9GWEIzCtNPighNpwSzVG4DnAK5D7/eT+oonp6EuWv 7ZyF5vIHGukFW3IF1nX2LttAOzBHc/E8CBZD+gZNPGZJ55UZ0PZEggVZo6MBTuY53P533JXIHz22v 5tIwAnUcA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDTJX-0004xF-AW; Wed, 02 Sep 2020 14:00:39 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDTJU-0004wu-IO for linux-arm-kernel@lists.infradead.org; Wed, 02 Sep 2020 14:00:37 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B28BF101E; Wed, 2 Sep 2020 07:00:35 -0700 (PDT) Received: from [10.37.8.67] (unknown [10.37.8.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 323693F71F; Wed, 2 Sep 2020 07:00:29 -0700 (PDT) Subject: Re: [PATCH v5 4/6] arm64: cpufeature: Modify address authentication cpufeature to exact To: amit.kachhap@arm.com, linux-arm-kernel@lists.infradead.org References: <1597734671-23407-1-git-send-email-amit.kachhap@arm.com> <1597734671-23407-5-git-send-email-amit.kachhap@arm.com> From: Suzuki K Poulose Message-ID: Date: Wed, 2 Sep 2020 15:05:46 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1597734671-23407-5-git-send-email-amit.kachhap@arm.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200902_100036_715824_524599E9 X-CRM114-Status: GOOD ( 35.51 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, keescook@chromium.org, catalin.marinas@arm.com, broonie@kernel.org, james.morse@arm.com, Vincenzo.Frascino@arm.com, will@kernel.org, dave.martin@arm.com Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Amit, On 08/18/2020 08:11 AM, Amit Daniel Kachhap wrote: > The current address authentication cpufeature levels are set as LOWER_SAFE > which is not compatible with the different configurations added for Armv8.3 > ptrauth enhancements as the different levels have different behaviour and > there is no tunable to enable the lower safe versions. This is rectified > by setting those cpufeature type as EXACT. > > The current cpufeature framework also does not interfere in the booting of > non-exact secondary cpus but rather marks them as tainted. As a workaround > this is fixed by replacing the generic match handler with a new handler > specific to ptrauth. > > After this change, if there is any variation in ptrauth configurations in > secondary cpus from boot cpu then those mismatched cpus are parked in an > infinite loop. > > Following ptrauth crash log is oberserved in Arm fastmodel with mismatched > cpus without this fix, > > CPU features: SANITY CHECK: Unexpected variation in SYS_ID_AA64ISAR1_EL1. Boot CPU: 0x11111110211402, CPU4: 0x11111110211102 > CPU features: Unsupported CPU feature variation detected. > GICv3: CPU4: found redistributor 100 region 0:0x000000002f180000 > CPU4: Booted secondary processor 0x0000000100 [0x410fd0f0] > Unable to handle kernel paging request at virtual address bfff800010dadf3c > Mem abort info: > ESR = 0x86000004 > EC = 0x21: IABT (current EL), IL = 32 bits > SET = 0, FnV = 0 > EA = 0, S1PTW = 0 > [bfff800010dadf3c] address between user and kernel address ranges > Internal error: Oops: 86000004 [#1] PREEMPT SMP > Modules linked in: > CPU: 4 PID: 29 Comm: migration/4 Tainted: G S 5.8.0-rc4-00005-ge658591d66d1-dirty #158 > Hardware name: Foundation-v8A (DT) > pstate: 60000089 (nZCv daIf -PAN -UAO BTYPE=--) > pc : 0xbfff800010dadf3c > lr : __schedule+0x2b4/0x5a8 > sp : ffff800012043d70 > x29: ffff800012043d70 x28: 0080000000000000 > x27: ffff800011cbe000 x26: ffff00087ad37580 > x25: ffff00087ad37000 x24: ffff800010de7d50 > x23: ffff800011674018 x22: 0784800010dae2a8 > x21: ffff00087ad37000 x20: ffff00087acb8000 > x19: ffff00087f742100 x18: 0000000000000030 > x17: 0000000000000000 x16: 0000000000000000 > x15: ffff800011ac1000 x14: 00000000000001bd > x13: 0000000000000000 x12: 0000000000000000 > x11: 0000000000000000 x10: 71519a147ddfeb82 > x9 : 825d5ec0fb246314 x8 : ffff00087ad37dd8 > x7 : 0000000000000000 x6 : 00000000fffedb0e > x5 : 00000000ffffffff x4 : 0000000000000000 > x3 : 0000000000000028 x2 : ffff80086e11e000 > x1 : ffff00087ad37000 x0 : ffff00087acdc600 > Call trace: > 0xbfff800010dadf3c > schedule+0x78/0x110 > schedule_preempt_disabled+0x24/0x40 > __kthread_parkme+0x68/0xd0 > kthread+0x138/0x160 > ret_from_fork+0x10/0x34 > Code: bad PC value > > Signed-off-by: Amit Daniel Kachhap > [Suzuki: Introduce new matching function for address authentication] > Suggested-by: Suzuki K Poulose > --- > Changes since v4: > * Added crash log in case of mismatched cpus. This was requested by > Will earlier [1]. > * Used sanitised register instead of cached static variables. This was > suggested by Dave [2]. > > [1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2020-June/579526.html > [2]: http://lists.infradead.org/pipermail/linux-arm-kernel/2020-July/589712.html > > arch/arm64/kernel/cpufeature.c | 43 +++++++++++++++++++++++++++------- > 1 file changed, 34 insertions(+), 9 deletions(-) > > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c > index 9fae0efc80c1..2e11be019475 100644 > --- a/arch/arm64/kernel/cpufeature.c > +++ b/arch/arm64/kernel/cpufeature.c > @@ -210,9 +210,9 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { > ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), > - FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_API_SHIFT, 4, 0), > + FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_API_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), > - FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_APA_SHIFT, 4, 0), > + FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_APA_SHIFT, 4, 0), > ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0), > ARM64_FTR_END, > }; > @@ -1605,11 +1605,36 @@ static void cpu_clear_disr(const struct arm64_cpu_capabilities *__unused) > #endif /* CONFIG_ARM64_RAS_EXTN */ > > #ifdef CONFIG_ARM64_PTR_AUTH > -static bool has_address_auth(const struct arm64_cpu_capabilities *entry, > - int __unused) > +static bool has_address_auth_cpucap(const struct arm64_cpu_capabilities *entry, int scope) > { > - return __system_matches_cap(ARM64_HAS_ADDRESS_AUTH_ARCH) || > - __system_matches_cap(ARM64_HAS_ADDRESS_AUTH_IMP_DEF); > + int boot_val, sec_val; > + > + /* We don't expect to be called with SCOPE_SYSTEM */ > + WARN_ON(scope == SCOPE_SYSTEM); > + /* > + * The ptr-auth feature levels are not intercompatible with lower > + * levels. Hence we must match ptr-auth feature level of the secondary > + * CPUs with that of the boot CPU. The level of boot cpu is fetched > + * from the sanitised register whereas direct register read is done for > + * the secondary CPUs. You may want to extend the comment to say: The sanitised feature state is guaranteed to match that of the boot CPU as a mismatched secondary CPU is parked before it gets a chance to update the state, with the capability. > + */ > + boot_val = cpuid_feature_extract_field(read_sanitised_ftr_reg(entry->sys_reg), > + entry->field_pos, entry->sign); > + if (scope & SCOPE_BOOT_CPU) { > + return boot_val >= entry->min_field_value; > + } else if (scope & SCOPE_LOCAL_CPU) { > + sec_val = cpuid_feature_extract_field(__read_sysreg_by_encoding(entry->sys_reg), > + > + return (sec_val >= entry->min_field_value) && (sec_val == boot_val); > + } > + return false; > +} > + > +static bool has_address_auth_metacap(const struct arm64_cpu_capabilities *entry, > + int scope) > +{ > + return has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_ARCH], scope) || > + has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_IMP_DEF], scope); > } > > static bool has_generic_auth(const struct arm64_cpu_capabilities *entry, > @@ -1958,7 +1983,7 @@ static const struct arm64_cpu_capabilities arm64_features[] = { > .sign = FTR_UNSIGNED, > .field_pos = ID_AA64ISAR1_APA_SHIFT, > .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, > - .matches = has_cpuid_feature, > + .matches = has_address_auth_cpucap, > }, > { > .desc = "Address authentication (IMP DEF algorithm)", > @@ -1968,12 +1993,12 @@ static const struct arm64_cpu_capabilities arm64_features[] = { > .sign = FTR_UNSIGNED, > .field_pos = ID_AA64ISAR1_API_SHIFT, > .min_field_value = ID_AA64ISAR1_API_IMP_DEF, > - .matches = has_cpuid_feature, > + .matches = has_address_auth_cpucap, > }, > { > .capability = ARM64_HAS_ADDRESS_AUTH, > .type = ARM64_CPUCAP_BOOT_CPU_FEATURE, > - .matches = has_address_auth, > + .matches = has_address_auth_metacap, > }, > { With that: Reviewed-by: Suzuki K Poulose _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel