[PATCH 0/3] arm64: Make NOP handling a whitelist

[PATCH 0/3] arm64: Make NOP handling a whitelist

[Mark Brown]

Currently we default to assuming any unrecognized instruction in the
hint space can be safely handled as a NOP.  This is not robust and any
code that really wants a NOP should be using the explicitly defined NOP
so let's instead invert this and whitelist those instructions which it
is safe to handle as NOPs.

Mark Brown (3):
  arm64: insn: Don't assume unrecognized HINTs are NOPs
  arm64: insn: Add constants for PAC and BTI instruction decode
  arm64: insn: Report PAC and BTI instructions as NOPs

 arch/arm64/include/asm/insn.h | 22 ++++++++++++++++++++--
 arch/arm64/kernel/insn.c      | 32 ++++++++++++++++++++++++--------
 2 files changed, 44 insertions(+), 10 deletions(-)


base-commit: f8788d86ab28f61f7b46eb6be375f8a726783636
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[PATCH 1/3] arm64: insn: Don't assume unrecognized HINTs are NOPs

[Mark Brown]

Currently the kernel assumes that any HINT which it does not explicitly
recognise is a NOP.  This is not robust as new instructions may be added
which need special handling, including recent extensions like PAC, and
in any case software should only be using explicit NOP instructions for
deliberate NOPs.

This has the effect of rendering PAC and BTI instructions unprobeable
which means that probes can't be inserted on the first instruction of
functions built with those features.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/insn.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
index 4a9e773a177f..535a3a7a053e 100644
--- a/arch/arm64/kernel/insn.c
+++ b/arch/arm64/kernel/insn.c
@@ -58,14 +58,10 @@ bool __kprobes aarch64_insn_is_nop(u32 insn)
 		return false;
 
 	switch (insn & 0xFE0) {
-	case AARCH64_INSN_HINT_YIELD:
-	case AARCH64_INSN_HINT_WFE:
-	case AARCH64_INSN_HINT_WFI:
-	case AARCH64_INSN_HINT_SEV:
-	case AARCH64_INSN_HINT_SEVL:
-		return false;
-	default:
+	case AARCH64_INSN_HINT_NOP:
 		return true;
+	default:
+		return false;
 	}
 }
 
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[PATCH 2/3] arm64: insn: Add constants for PAC and BTI instruction decode

[Mark Brown]

Add constants for decoding the various PAC and BTI instructions defined
in the HINT space. Since we are now decoding both the op2 and CRm fields
rename the enum as well; this is compatible with what the existing users
are doing.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/include/asm/insn.h | 22 ++++++++++++++++++++--
 arch/arm64/kernel/insn.c      |  2 +-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h
index bb313dde58a4..e88309ba06d9 100644
--- a/arch/arm64/include/asm/insn.h
+++ b/arch/arm64/include/asm/insn.h
@@ -39,13 +39,31 @@ enum aarch64_insn_encoding_class {
 					 * system instructions */
 };
 
-enum aarch64_insn_hint_op {
+enum aarch64_insn_hint_cr_op {
 	AARCH64_INSN_HINT_NOP	= 0x0 << 5,
 	AARCH64_INSN_HINT_YIELD	= 0x1 << 5,
 	AARCH64_INSN_HINT_WFE	= 0x2 << 5,
 	AARCH64_INSN_HINT_WFI	= 0x3 << 5,
 	AARCH64_INSN_HINT_SEV	= 0x4 << 5,
 	AARCH64_INSN_HINT_SEVL	= 0x5 << 5,
+
+	AARCH64_INSN_HINT_PACIA_1716 = 0x08 << 5,
+	AARCH64_INSN_HINT_PACIB_1716 = 0x0A << 5,
+	AARCH64_INSN_HINT_AUTIA_1716 = 0x0B << 5,
+	AARCH64_INSN_HINT_AUTIB_1716 = 0x0C << 5,
+	AARCH64_INSN_HINT_PACIAZ     = 0x18 << 5,
+	AARCH64_INSN_HINT_PACIASP    = 0x19 << 5,
+	AARCH64_INSN_HINT_PACIBZ     = 0x1A << 5,
+	AARCH64_INSN_HINT_PACIBSP    = 0x1B << 5,
+	AARCH64_INSN_HINT_AUTIAZ     = 0x1C << 5,
+	AARCH64_INSN_HINT_AUTIASP    = 0x1D << 5,
+	AARCH64_INSN_HINT_AUTIBZ     = 0x1E << 5,
+	AARCH64_INSN_HINT_AUTIBSP    = 0x1F << 5,
+
+	AARCH64_INSN_HINT_BTI   = 0x40 << 5,
+	AARCH64_INSN_HINT_BTIC  = 0x42 << 5,
+	AARCH64_INSN_HINT_BTIJ  = 0x44 << 5,
+	AARCH64_INSN_HINT_BTIJC = 0x4C << 5,
 };
 
 enum aarch64_insn_imm_type {
@@ -370,7 +388,7 @@ u32 aarch64_insn_gen_comp_branch_imm(unsigned long pc, unsigned long addr,
 				     enum aarch64_insn_branch_type type);
 u32 aarch64_insn_gen_cond_branch_imm(unsigned long pc, unsigned long addr,
 				     enum aarch64_insn_condition cond);
-u32 aarch64_insn_gen_hint(enum aarch64_insn_hint_op op);
+u32 aarch64_insn_gen_hint(enum aarch64_insn_hint_cr_op op);
 u32 aarch64_insn_gen_nop(void);
 u32 aarch64_insn_gen_branch_reg(enum aarch64_insn_register reg,
 				enum aarch64_insn_branch_type type);
diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
index 535a3a7a053e..fd77cdd87c47 100644
--- a/arch/arm64/kernel/insn.c
+++ b/arch/arm64/kernel/insn.c
@@ -570,7 +570,7 @@ u32 aarch64_insn_gen_cond_branch_imm(unsigned long pc, unsigned long addr,
 					     offset >> 2);
 }
 
-u32 __kprobes aarch64_insn_gen_hint(enum aarch64_insn_hint_op op)
+u32 __kprobes aarch64_insn_gen_hint(enum aarch64_insn_hint_cr_op op)
 {
 	return aarch64_insn_get_hint_value() | op;
 }
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

[PATCH 3/3] arm64: insn: Report PAC and BTI instructions as NOPs

[Mark Brown]

In order to allow probing of PAC and BTI instructions without more
specialized support recognize them as NOPs.

Signed-off-by: Mark Brown <broonie@kernel.org>
---
 arch/arm64/kernel/insn.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c
index fd77cdd87c47..82afc582d29a 100644
--- a/arch/arm64/kernel/insn.c
+++ b/arch/arm64/kernel/insn.c
@@ -57,7 +57,27 @@ bool __kprobes aarch64_insn_is_nop(u32 insn)
 	if (!aarch64_insn_is_hint(insn))
 		return false;
 
+	/*
+	 * The PAC and BTI instructons are not strictly NOPs but until
+	 * better support is added we can treat them as such.
+	 */
 	switch (insn & 0xFE0) {
+	case AARCH64_INSN_HINT_PACIA_1716:
+	case AARCH64_INSN_HINT_PACIB_1716:
+	case AARCH64_INSN_HINT_AUTIA_1716:
+	case AARCH64_INSN_HINT_AUTIB_1716:
+	case AARCH64_INSN_HINT_PACIAZ:
+	case AARCH64_INSN_HINT_PACIASP:
+	case AARCH64_INSN_HINT_PACIBZ:
+	case AARCH64_INSN_HINT_PACIBSP:
+	case AARCH64_INSN_HINT_AUTIAZ:
+	case AARCH64_INSN_HINT_AUTIASP:
+	case AARCH64_INSN_HINT_AUTIBZ:
+	case AARCH64_INSN_HINT_AUTIBSP:
+	case AARCH64_INSN_HINT_BTI:
+	case AARCH64_INSN_HINT_BTIC:
+	case AARCH64_INSN_HINT_BTIJ:
+	case AARCH64_INSN_HINT_BTIJC:
 	case AARCH64_INSN_HINT_NOP:
 		return true;
 	default:
-- 
2.20.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 0/3] arm64: Make NOP handling a whitelist

[Catalin Marinas]

On Tue, Mar 24, 2020 at 07:48:19PM +0000, Mark Brown wrote:
> Currently we default to assuming any unrecognized instruction in the
> hint space can be safely handled as a NOP.  This is not robust and any
> code that really wants a NOP should be using the explicitly defined NOP
> so let's instead invert this and whitelist those instructions which it
> is safe to handle as NOPs.
> 
> Mark Brown (3):
>   arm64: insn: Don't assume unrecognized HINTs are NOPs
>   arm64: insn: Add constants for PAC and BTI instruction decode
>   arm64: insn: Report PAC and BTI instructions as NOPs
> 
>  arch/arm64/include/asm/insn.h | 22 ++++++++++++++++++++--
>  arch/arm64/kernel/insn.c      | 32 ++++++++++++++++++++++++--------
>  2 files changed, 44 insertions(+), 10 deletions(-)

IIRC, we concluded [1] there is no problem for PAC and BTI instruction
in the NOP space. For this series:

Acked-by: Catalin Marinas <catalin.marinas@arm.com>

[1] https://lore.kernel.org/linux-arm-kernel/20200312184211.GA3849205@arrakis.emea.arm.com/

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 2/3] arm64: insn: Add constants for PAC and BTI instruction decode

[Mark Brown]

[-- Attachment #1.1: Type: text/plain, Size: 408 bytes --]

On Tue, Mar 24, 2020 at 07:48:21PM +0000, Mark Brown wrote:

> +	AARCH64_INSN_HINT_BTI   = 0x40 << 5,
> +	AARCH64_INSN_HINT_BTIC  = 0x42 << 5,
> +	AARCH64_INSN_HINT_BTIJ  = 0x44 << 5,
> +	AARCH64_INSN_HINT_BTIJC = 0x4C << 5,

These constants are wrong (I checked the others, they're fine) - I'll
send out a fixed version as part of the next version of the BTI kernel
patches since they will depend on these.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 176 bytes --]

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH 2/3] arm64: insn: Add constants for PAC and BTI instruction decode

[Will Deacon]

On Tue, Apr 28, 2020 at 12:43:53PM +0100, Mark Brown wrote:
> On Tue, Mar 24, 2020 at 07:48:21PM +0000, Mark Brown wrote:
> 
> > +	AARCH64_INSN_HINT_BTI   = 0x40 << 5,
> > +	AARCH64_INSN_HINT_BTIC  = 0x42 << 5,
> > +	AARCH64_INSN_HINT_BTIJ  = 0x44 << 5,
> > +	AARCH64_INSN_HINT_BTIJC = 0x4C << 5,
> 
> These constants are wrong (I checked the others, they're fine) - I'll
> send out a fixed version as part of the next version of the BTI kernel
> patches since they will depend on these.

Ok, I'll ignore this series then.

Will

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel