* [PATCH] arm64: trap implementation defined functionality in userspace
@ 2022-06-22 11:54 Kristina Martsenko
2022-06-23 19:31 ` Will Deacon
2022-06-29 11:27 ` Mark Brown
0 siblings, 2 replies; 4+ messages in thread
From: Kristina Martsenko @ 2022-06-22 11:54 UTC (permalink / raw)
To: linux-arm-kernel
Cc: Catalin Marinas, Will Deacon, Mark Rutland, Suzuki K Poulose
The Arm v8.8 extension adds a new control FEAT_TIDCP1 that allows the
kernel to disable all implementation-defined system registers and
instructions in userspace. This can improve robustness against covert
channels between processes, for example in cases where the firmware or
hardware didn't disable that functionality by default.
The kernel does not currently support any implementation-defined
features, as there are no hwcaps for any such features, so disable all
imp-def features unconditionally. Any use of imp-def instructions will
result in a SIGILL being delivered to the process (same as for undefined
instructions).
Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
---
arch/arm64/include/asm/sysreg.h | 4 ++++
arch/arm64/kernel/cpufeature.c | 18 ++++++++++++++++++
arch/arm64/tools/cpucaps | 1 +
3 files changed, 23 insertions(+)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 55f998c3dc28..0696ef9f156e 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -902,6 +902,7 @@
/* id_aa64mmfr1 */
#define ID_AA64MMFR1_ECBHB_SHIFT 60
+#define ID_AA64MMFR1_TIDCP1_SHIFT 52
#define ID_AA64MMFR1_HCX_SHIFT 40
#define ID_AA64MMFR1_AFP_SHIFT 44
#define ID_AA64MMFR1_ETS_SHIFT 36
@@ -918,6 +919,9 @@
#define ID_AA64MMFR1_VMIDBITS_8 0
#define ID_AA64MMFR1_VMIDBITS_16 2
+#define ID_AA64MMFR1_TIDCP1_NI 0
+#define ID_AA64MMFR1_TIDCP1_IMP 1
+
/* id_aa64mmfr2 */
#define ID_AA64MMFR2_E0PD_SHIFT 60
#define ID_AA64MMFR2_EVT_SHIFT 56
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 42ea2bd856c6..a1df0e6349f0 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -361,6 +361,7 @@ static const struct arm64_ftr_bits ftr_id_aa64mmfr0[] = {
};
static const struct arm64_ftr_bits ftr_id_aa64mmfr1[] = {
+ ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_TIDCP1_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_AFP_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_ETS_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR1_TWED_SHIFT, 4, 0),
@@ -1986,6 +1987,11 @@ static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, in
}
#endif /* CONFIG_KVM */
+static void cpu_trap_el0_impdef(const struct arm64_cpu_capabilities *__unused)
+{
+ sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_TIDCP);
+}
+
/* Internal helper functions to match cpu capability type */
static bool
cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap)
@@ -2529,6 +2535,18 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.matches = has_cpuid_feature,
.min_field_value = ID_AA64ISAR2_WFXT_SUPPORTED,
},
+ {
+ .desc = "Trap EL0 IMPLEMENTATION DEFINED functionality",
+ .capability = ARM64_HAS_TIDCP1,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
+ .sys_reg = SYS_ID_AA64MMFR1_EL1,
+ .sign = FTR_UNSIGNED,
+ .field_pos = ID_AA64MMFR1_TIDCP1_SHIFT,
+ .field_width = 4,
+ .min_field_value = ID_AA64MMFR1_TIDCP1_IMP,
+ .matches = has_cpuid_feature,
+ .cpu_enable = cpu_trap_el0_impdef,
+ },
{},
};
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index 507b20373953..e491d89913c2 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -36,6 +36,7 @@ HAS_RNG
HAS_SB
HAS_STAGE2_FWB
HAS_SYSREG_GIC_CPUIF
+HAS_TIDCP1
HAS_TLB_RANGE
HAS_VIRT_HOST_EXTN
HAS_WFXT
--
2.25.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] arm64: trap implementation defined functionality in userspace
2022-06-22 11:54 [PATCH] arm64: trap implementation defined functionality in userspace Kristina Martsenko
@ 2022-06-23 19:31 ` Will Deacon
2022-06-29 11:27 ` Mark Brown
1 sibling, 0 replies; 4+ messages in thread
From: Will Deacon @ 2022-06-23 19:31 UTC (permalink / raw)
To: linux-arm-kernel, Kristina Martsenko
Cc: catalin.marinas, kernel-team, Will Deacon, Suzuki K Poulose,
Mark Rutland
On Wed, 22 Jun 2022 12:54:24 +0100, Kristina Martsenko wrote:
> The Arm v8.8 extension adds a new control FEAT_TIDCP1 that allows the
> kernel to disable all implementation-defined system registers and
> instructions in userspace. This can improve robustness against covert
> channels between processes, for example in cases where the firmware or
> hardware didn't disable that functionality by default.
>
> The kernel does not currently support any implementation-defined
> features, as there are no hwcaps for any such features, so disable all
> imp-def features unconditionally. Any use of imp-def instructions will
> result in a SIGILL being delivered to the process (same as for undefined
> instructions).
>
> [...]
Applied to arm64 (for-next/cpufeature), thanks!
[1/1] arm64: trap implementation defined functionality in userspace
https://git.kernel.org/arm64/c/3a46b352a3e6
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] arm64: trap implementation defined functionality in userspace
2022-06-22 11:54 [PATCH] arm64: trap implementation defined functionality in userspace Kristina Martsenko
2022-06-23 19:31 ` Will Deacon
@ 2022-06-29 11:27 ` Mark Brown
2022-07-01 20:11 ` Kristina Martsenko
1 sibling, 1 reply; 4+ messages in thread
From: Mark Brown @ 2022-06-29 11:27 UTC (permalink / raw)
To: Kristina Martsenko
Cc: linux-arm-kernel, Catalin Marinas, Will Deacon, Mark Rutland,
Suzuki K Poulose
[-- Attachment #1.1: Type: text/plain, Size: 867 bytes --]
On Wed, Jun 22, 2022 at 12:54:24PM +0100, Kristina Martsenko wrote:
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -902,6 +902,7 @@
>
> /* id_aa64mmfr1 */
> #define ID_AA64MMFR1_ECBHB_SHIFT 60
> +#define ID_AA64MMFR1_TIDCP1_SHIFT 52
> #define ID_AA64MMFR1_HCX_SHIFT 40
> #define ID_AA64MMFR1_AFP_SHIFT 44
> #define ID_AA64MMFR1_ETS_SHIFT 36
> @@ -918,6 +919,9 @@
> #define ID_AA64MMFR1_VMIDBITS_8 0
> #define ID_AA64MMFR1_VMIDBITS_16 2
>
> +#define ID_AA64MMFR1_TIDCP1_NI 0
> +#define ID_AA64MMFR1_TIDCP1_IMP 1
Infradead being infradead meant I unfortunately didn't see this until
after it was applied so it's a bit late but you're adding defines to
sysreg.h rather than converting to be generated with gen-sysreg.awk -
please consider converting this register to automatic generation (which
could also be done incrementally).
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] arm64: trap implementation defined functionality in userspace
2022-06-29 11:27 ` Mark Brown
@ 2022-07-01 20:11 ` Kristina Martsenko
0 siblings, 0 replies; 4+ messages in thread
From: Kristina Martsenko @ 2022-07-01 20:11 UTC (permalink / raw)
To: Mark Brown
Cc: linux-arm-kernel, Catalin Marinas, Will Deacon, Mark Rutland,
Suzuki K Poulose
On 29/06/2022 12:27, Mark Brown wrote:
> On Wed, Jun 22, 2022 at 12:54:24PM +0100, Kristina Martsenko wrote:
>
>> +++ b/arch/arm64/include/asm/sysreg.h
>> @@ -902,6 +902,7 @@
>>
>> /* id_aa64mmfr1 */
>> #define ID_AA64MMFR1_ECBHB_SHIFT 60
>> +#define ID_AA64MMFR1_TIDCP1_SHIFT 52
>> #define ID_AA64MMFR1_HCX_SHIFT 40
>> #define ID_AA64MMFR1_AFP_SHIFT 44
>> #define ID_AA64MMFR1_ETS_SHIFT 36
>> @@ -918,6 +919,9 @@
>> #define ID_AA64MMFR1_VMIDBITS_8 0
>> #define ID_AA64MMFR1_VMIDBITS_16 2
>>
>> +#define ID_AA64MMFR1_TIDCP1_NI 0
>> +#define ID_AA64MMFR1_TIDCP1_IMP 1
>
> Infradead being infradead meant I unfortunately didn't see this until
> after it was applied so it's a bit late but you're adding defines to
> sysreg.h rather than converting to be generated with gen-sysreg.awk -
> please consider converting this register to automatic generation (which
> could also be done incrementally).
Sure, I'll look at sending a separate patch to convert this register.
Thanks,
Kristina
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-07-01 20:12 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-22 11:54 [PATCH] arm64: trap implementation defined functionality in userspace Kristina Martsenko
2022-06-23 19:31 ` Will Deacon
2022-06-29 11:27 ` Mark Brown
2022-07-01 20:11 ` Kristina Martsenko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).