Re: [RFC v2 4/7] arm64: enable ptrauth earlier

From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: kristina.martsenko@arm.com, linux-arm-kernel@lists.infradead.org
Cc: mark.rutland@arm.com, keescook@chromium.org,
	ard.biesheuvel@linaro.org, catalin.marinas@arm.com,
	will.deacon@arm.com, ramana.radhakrishnan@arm.com,
	Amit.Kachhap@arm.com, dave.martin@arm.com
Subject: Re: [RFC v2 4/7] arm64: enable ptrauth earlier
Date: Thu, 13 Jun 2019 16:41:57 +0100	[thread overview]
Message-ID: <9886324a-5a12-5dd8-b84c-3f32098e3d35@arm.com> (raw)
In-Reply-To: <20190529190332.29753-5-kristina.martsenko@arm.com>

On 29/05/2019 20:03, Kristina Martsenko wrote:
> When the kernel is compiled with pointer auth instructions, the boot CPU
> needs to start using address auth very early, so change the cpucap to
> account for this.
> 
> A function that enables pointer auth cannot return, so compile such
> functions without pointer auth (using a compiler function attribute).
> The __no_ptrauth macro will be defined to the required function
> attribute in a later patch.
> 
> Do not use the cpu_enable callback, to avoid compiling the whole
> callchain down to cpu_enable without pointer auth.
> 
> Note the change in behavior: if the boot CPU has address auth and a late
> CPU does not, then we offline the late CPU. Until now we would have just
> disabled address auth in this case.
> 
> Leave generic authentication as a "system scope" cpucap for now, since
> initially the kernel will only use address authentication.
> 
> Signed-off-by: Kristina Martsenko <kristina.martsenko@arm.com>
> ---
> 
> Changes since RFC v1:
>   - Enable instructions for all 5 keys
>   - Replaced __always_inline with __no_ptrauth as it turns out __always_inline
>     is only a hint (and could therefore result in crashes)
>   - Left the __no_ptrauth definition blank for now as it needs to be determined
>     with more complex logic in a later patch
This patch looks fine to me as such. But if you switch to doing the
SCTLR bits in assembly, managed by alternatives, you may not need
the attribute support for C functions.

You may be able to enable the ptr-auth for all the CPUs from early on
in the assembly and also park the CPUs which don't have the capability
via alternative code patching that gets applied just after the boot CPU
is initialized (via apply_boot_alternatives()).

Rough version :

e.g:

+
+/*
+ * ptr_auth_setup(bool primary)
+ *	x0 = 1 for primary, 0 for secondary
+ */
+ptr_auth_setup:
+#ifdef CONFIG_ARM64_PTR_AUTH
+	/* check ptr auth support */
+	mrs	x1, id_aa64isar1_el1
+	ubfx	x1, x1, 4, 8
+	cbz	x1, 1f
+
+	/* x2 = system_has_ptr_auth() */
+alternative_if ARM64_HAS_PTR_AUTH
+	mov	x2, 1
+alternative_else
+	mov	x2, 0
+alternative_endif
+	orr	x0, x2, x0		// primary || system_has_ptr_auth()
+	cbz	x0, 2f
+	mrs	x1, sctlr_el1
+	/* Set the PTR_AUTH_BITS orr	x1, x1, (SCTLR_ELx_AUTH_BITS) */
+	msr	sctlr_el1, x1
+	b	2f
+1:	/* No pionter authentication support */
+alternative_if ARM64_HAS_PTR_AUTH
+	b	3f
+alternative_else_nop_endif
+2:
+#endif
+	ret
+
+#ifdef CONFIG_ARM64_PTR_AUTH
+3:	/* Park the secondary CPU after updating the boot status */
+	update_early_cpu_boot_status \
+	   CPU_STUCK_IN_KERNEL | CPU_STUCK_REASON_NO_PTR_AUTH, x0, x1
+	b	__cpu_park_early
+#endif
+ENDPROC(ptr_auth_setup)
+

Cheers
Suzuki

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel