From: Srinivas Ramana <sramana@codeaurora.org>
To: catalin.marinas@arm.com, will@kernel.org, pajay@qti.qualcomm.com
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-arm-msm@vger.kernel.org,
Srinivas Ramana <sramana@codeaurora.org>,
Prasad Sodagudi <psodagud@codeaurora.org>
Subject: [PATCH 3/3] arm64: Enable control of pointer authentication using early param
Date: Fri, 8 Jan 2021 16:29:23 -0800 [thread overview]
Message-ID: <1610152163-16554-4-git-send-email-sramana@codeaurora.org> (raw)
In-Reply-To: <1610152163-16554-1-git-send-email-sramana@codeaurora.org>
Add support to control turning off the pointer authentication
using a kernel command line early param.
This will help control pointer authentication feature for both kernel
and userspace without kernel changes.
Signed-off-by: Ajay Patil <pajay@qti.qualcomm.com>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Srinivas Ramana <sramana@codeaurora.org>
---
Documentation/admin-guide/kernel-parameters.txt | 6 ++++
arch/arm64/kernel/cpufeature.c | 38 +++++++++++++++++++------
2 files changed, 36 insertions(+), 8 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index c722ec19cd00..d6855e0a9085 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -373,6 +373,12 @@
arcrimi= [HW,NET] ARCnet - "RIM I" (entirely mem-mapped) cards
Format: <io>,<irq>,<nodeID>
+ arm64.disable_ptr_auth=
+ [ARM64] Force disable Linux support for address
+ authentication (both user and in-kernel).
+ 0 - Pointer authentication is enabled[Default]
+ 1 - Pointer authentication is force disabled
+
ataflop= [HW,M68k]
atarimouse= [HW,MOUSE] Atari Mouse
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index b2ffa9eaaaff..bdaaff78240b 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -164,6 +164,24 @@ static void cpu_enable_cnp(struct arm64_cpu_capabilities const *cap);
static bool __system_matches_cap(unsigned int n);
+#ifdef CONFIG_ARM64_PTR_AUTH
+bool arm64_disable_ptr_auth;
+
+static int __init arm64_disable_ptr_auth_fn(char *buf)
+{
+ return strtobool(buf, &arm64_disable_ptr_auth);
+}
+early_param("arm64.disable_ptr_auth", arm64_disable_ptr_auth_fn);
+
+s64 ptr_auth_ftr_filter(const struct arm64_ftr_bits *ftrp, s64 val)
+{
+ if (arm64_disable_ptr_auth)
+ return 0;
+ else
+ return val;
+}
+#endif
+
/*
* NOTE: Any changes to the visibility of features should be kept in
* sync with the documentation of the CPU feature register ABI.
@@ -193,17 +211,21 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_SPECRES_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_SB_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FRINTTS_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
- FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPI_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
- FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPA_SHIFT, 4, 0),
+#ifdef CONFIG_ARM64_PTR_AUTH
+ FILTERED_ARM64_FTR_BITS(FTR_UNSIGNED, FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
+ ID_AA64ISAR1_GPI_SHIFT, 4, 0, ptr_auth_ftr_filter),
+ FILTERED_ARM64_FTR_BITS(FTR_UNSIGNED, FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
+ ID_AA64ISAR1_GPA_SHIFT, 4, 0, ptr_auth_ftr_filter),
+#endif
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0),
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
- FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_API_SHIFT, 4, 0),
- ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
- FTR_STRICT, FTR_EXACT, ID_AA64ISAR1_APA_SHIFT, 4, 0),
+#ifdef CONFIG_ARM64_PTR_AUTH
+ FILTERED_ARM64_FTR_BITS(FTR_UNSIGNED, FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
+ ID_AA64ISAR1_API_SHIFT, 4, 0, ptr_auth_ftr_filter),
+ FILTERED_ARM64_FTR_BITS(FTR_UNSIGNED, FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE,
+ ID_AA64ISAR1_APA_SHIFT, 4, 0, ptr_auth_ftr_filter),
+#endif
ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0),
ARM64_FTR_END,
};
--
2.7.4
next prev parent reply other threads:[~2021-01-09 0:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-09 0:29 [PATCH 0/3] arm64: cpufeature: Add filter function to control Srinivas Ramana
2021-01-09 0:29 ` [PATCH 1/3] arm64: Defer enabling pointer authentication on boot core Srinivas Ramana
2021-01-09 0:29 ` [PATCH 2/3] arm64: cpufeature: Add a filter function to cpufeature Srinivas Ramana
2021-01-09 0:29 ` Srinivas Ramana [this message]
2021-01-11 13:40 ` [PATCH 0/3] arm64: cpufeature: Add filter function to control Marc Zyngier
2021-01-14 7:15 ` Srinivas Ramana
2021-01-14 8:20 ` Marc Zyngier
2021-01-14 18:37 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1610152163-16554-4-git-send-email-sramana@codeaurora.org \
--to=sramana@codeaurora.org \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pajay@qti.qualcomm.com \
--cc=psodagud@codeaurora.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).