From patchwork Wed Jul 19 16:01:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 108303 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp1011858obm; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) X-Received: by 10.84.195.131 with SMTP id j3mr605981pld.147.1500480193070; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500480193; cv=none; d=google.com; s=arc-20160816; b=Tsjvutzg9D486GFH8Wmpq+bSQ003+rD1JyguJ6ECnWcoQP3FDmDL6TOePmezljyHd2 lKuX7/6+sMHq/WBeELjtUs8vUEAGh85RuU/r9MSEy5dPn67DCBntyzj7qwVE6yJDzNR1 Q5Z21E/+frL6i3+yscpI76HKBWMIprgF30zkm1id6GViINqSRnGCEyH8zzzrxWws4hsM aN6NXpIVyWzfpLM+bYCqfuPZPLFhzjuQBiNcYe9Z+YYDPmT89ru1KHTJ+H28mB5QpR2O WfRAQVM9F80UF/mKKf2XkJ67pQJ2NlbgwGSe+5rpqxily/R2yb65AZfaFabfBO2u3el3 UTww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=Z6O+aBZy6eRPrlztAzvL6M+urmrlnj8UAqMUJppyNLo=; b=nZ9z0qZYKMh1musIzyfwrkU7ARqtvS5qnW2B0UTGvGB85nBegrDyfqMqlvNOGsLEDx lc+RURJruCV+i9DB1rfZkwcCzgBuL2SXhMNqwhIDa+2pzYjryY1iveQHLOI76Fa9jYxy orVnmaSbnAyiqfXV20y8J7IwOgDf7TekSx8SrNg6qr+v6Bwl5mE2MpSbKvDRrqvu3HsU Z6tFboUZhFZebmOCXDWpH/Bu+QLlMOEkEpgKjzo9aRDytT3v2Xiz8W4/K7qm9+gxMq3H cEz31MVBOCRDfMNEoINnFAJ4mdC2qLHoBrOU9ENtARmoiN8ch1TerDMTVF4s8bHxiQH0 Zo0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s144si270017pgs.186.2017.07.19.09.03.12; Wed, 19 Jul 2017 09:03:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933213AbdGSQDJ (ORCPT + 25 others); Wed, 19 Jul 2017 12:03:09 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:42312 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754369AbdGSQDH (ORCPT ); Wed, 19 Jul 2017 12:03:07 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F3B602B; Wed, 19 Jul 2017 09:03:06 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9AFE83F577; Wed, 19 Jul 2017 09:03:04 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, christoffer.dall@linaro.org, Dave.Martin@arm.com, jiong.wang@arm.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, yao.qi@arm.com, linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Subject: [PATCH 06/11] arm64: Don't trap host pointer auth use to EL2 Date: Wed, 19 Jul 2017 17:01:27 +0100 Message-Id: <1500480092-28480-7-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> References: <1500480092-28480-1-git-send-email-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To allow EL0 (and/or EL1) to use pointer authentication functionality, we must ensure that pointer authentication instructions and accesses to pointer authentication keys are not trapped to EL2 (where we will not be able to handle them). This patch ensures that HCR_EL2 is configured appropriately when the kernel is booted at EL2. For non-VHE kernels we set HCR_EL2.{API,APK}, ensuring that EL1 can access keys and permit EL0 use of instructions. For VHE kernels, EL2 access is controlled by EL3, and we need not set anything. This does not enable support for KVM guests, since KVM manages HCR_EL2 itself. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Christoffer Dall Cc: Marc Zyngier Cc: Will Deacon Cc: kvmarm@lists.cs.columbia.edu --- arch/arm64/include/asm/kvm_arm.h | 2 ++ arch/arm64/kernel/head.S | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) -- 1.9.1 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 61d694c..c1267e8 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -23,6 +23,8 @@ #include /* Hyp Configuration Register (HCR) bits */ +#define HCR_API (UL(1) << 41) +#define HCR_APK (UL(1) << 40) #define HCR_E2H (UL(1) << 34) #define HCR_ID (UL(1) << 33) #define HCR_CD (UL(1) << 32) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 973df7d..8b8e8d7 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -412,10 +412,25 @@ CPU_LE( bic x0, x0, #(1 << 25) ) // Clear the EE bit for EL2 /* Hyp configuration. */ mov x0, #HCR_RW // 64-bit EL1 - cbz x2, set_hcr + cbz x2, 1f orr x0, x0, #HCR_TGE // Enable Host Extensions orr x0, x0, #HCR_E2H -set_hcr: +1: +#ifdef CONFIG_ARM64_POINTER_AUTHENTICATION + /* + * Disable pointer authentication traps to EL2. The HCR_EL2.{APK,API} + * bits exist iff at least one authentication mechanism is implemented. + */ + mrs x1, id_aa64isar1_el1 + mov_q x3, ((0xf << ID_AA64ISAR1_GPI_SHIFT) | \ + (0xf << ID_AA64ISAR1_GPA_SHIFT) | \ + (0xf << ID_AA64ISAR1_API_SHIFT) | \ + (0xf << ID_AA64ISAR1_APA_SHIFT)) + and x1, x1, x3 + cbz x1, 1f + orr x0, x0, #(HCR_APK | HCR_API) +1: +#endif msr hcr_el2, x0 isb