Received: by 10.192.165.156 with SMTP id m28csp377850imm; Tue, 17 Apr 2018 11:39:41 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/uu8ASE4fj5wLtYWN5kcr6o7h5tcu+XyGEq1JDC5+R5DqJCnMefXGFHZLlJpSoz0gf/kHl X-Received: by 2002:a17:902:6006:: with SMTP id r6-v6mr3025957plj.70.1523990381486; Tue, 17 Apr 2018 11:39:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523990381; cv=none; d=google.com; s=arc-20160816; b=g8EQrb6aibjNuJUQluXw/AXfhymsVmFlfFZbNGz6Z1RAmV01JVOkKDEEMbCR8ebbjm qSmHYWIOI8AL1NEnWBDRsDX/5hwM0atOmd27xbYzOGECRGxTGUhdYpdoE80O55mMU+lJ Gu+VXaPLXCH3z0HmypSf74KO8KWDRfj8MVTTJvSr5MovP590BLZ0UpTQWwBxNnmHIeNW f7Us3XAWsQWmqQtemjz+BZKWzEGQNWRAqF70wwPAAjzUJ9GJN2Z5s1yAXhfItwWa6E/U N8RP/KtarzsDepP/hA14cIyLAOCrrNCNrH+FfpD47qT54j+wo84Ps82XydM5H0GhIFdL n0vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=XRqeiWN62iYC/SKfswSUlXoSTH6ynOz0k/prXfeTS9Y=; b=SKgVR6j0saRUe5wyg3R0U0fzjPg4VgJKxVDp3U0fBJDoplpKSJNVLRwsDnU9A7RFck A2UotpatJTd5XcEiSWUPx0myKukhqAXOMtV0EnjDexiv6+3LZlF3xZn0ObdjuAtkjLi9 Ah43KpjfNkCKfKITF6hkk4eyRp38r53Fa0xcNPR7mksoWuZtIbeDmlRlnbnvyT3qKgW6 NRpo/LdCkvcf+FVI0csJka5iKRqxiy6xzRbwZ8e7ZwWrR8Y5OB/IToibSUxsZS4l5kQ6 IJaWHtCFrcMLD9rXzTbW3WyK+dju6i9rZLudQg+EdP4W6scXl03bdlLePAml7IBe0CAs oN2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si11635453pgp.528.2018.04.17.11.39.27; Tue, 17 Apr 2018 11:39:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752796AbeDQSiG (ORCPT + 99 others); Tue, 17 Apr 2018 14:38:06 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:47006 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752604AbeDQSiC (ORCPT ); Tue, 17 Apr 2018 14:38:02 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E6DD61435; Tue, 17 Apr 2018 11:38:01 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6CE593F587; Tue, 17 Apr 2018 11:37:59 -0700 (PDT) From: Mark Rutland To: linux-arm-kernel@lists.infradead.org Cc: arnd@arndb.de, catalin.marinas@arm.com, cdall@kernel.org, drjones@redhat.com, kvmarm@lists.cs.columbia.edu, linux-arch@vger.kernel.org, marc.zyngier@arm.com, mark.rutland@arm.com, ramana.radhakrishnan@arm.com, suzuki.poulose@arm.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, awallis@codeaurora.org, kernel-hardening@lists.openwall.com Subject: [PATCHv3 05/11] arm64/cpufeature: detect pointer authentication Date: Tue, 17 Apr 2018 19:37:29 +0100 Message-Id: <20180417183735.56985-6-mark.rutland@arm.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180417183735.56985-1-mark.rutland@arm.com> References: <20180417183735.56985-1-mark.rutland@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org So that we can dynamically handle the presence of pointer authentication functionality, wire up probing code in cpufeature.c. From ARMv8.3 onwards, ID_AA64ISAR1 is no longer entirely RES0, and now has four fields describing the presence of pointer authentication functionality: * APA - address authentication present, using an architected algorithm * API - address authentication present, using an IMP DEF algorithm * GPA - generic authentication present, using an architected algorithm * GPI - generic authentication present, using an IMP DEF algorithm For the moment we only care about address authentication, so we only need to check APA and API. It is assumed that if all CPUs support an IMP DEF algorithm, the same algorithm is used across all CPUs. Note that when we implement KVM support, we will also need to ensure that CPUs have uniform support for GPA and GPI. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Suzuki K Poulose Cc: Will Deacon --- arch/arm64/include/asm/cpucaps.h | 5 ++++- arch/arm64/kernel/cpufeature.c | 47 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index bc51b72fafd4..9dcb4d1b14f5 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -48,7 +48,10 @@ #define ARM64_HAS_CACHE_IDC 27 #define ARM64_HAS_CACHE_DIC 28 #define ARM64_HW_DBM 29 +#define ARM64_HAS_ADDRESS_AUTH_ARCH 30 +#define ARM64_HAS_ADDRESS_AUTH_IMP_DEF 31 +#define ARM64_HAS_ADDRESS_AUTH 32 -#define ARM64_NCAPS 30 +#define ARM64_NCAPS 33 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 536d572e5596..01b1a7e7d70f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -142,6 +142,10 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_LRCPC_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FCMA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_JSCVT_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_API_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_APA_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_DPB_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -1025,6 +1029,22 @@ static void cpu_copy_el2regs(const struct arm64_cpu_capabilities *__unused) } #endif +#ifdef CONFIG_ARM64_PTR_AUTH +static bool has_address_auth(const struct arm64_cpu_capabilities *entry, + int __unused) +{ + u64 isar1 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR1_EL1); + bool api, apa; + + apa = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_APA_SHIFT) > 0; + api = cpuid_feature_extract_unsigned_field(isar1, + ID_AA64ISAR1_API_SHIFT) > 0; + + return apa || api; +} +#endif /* CONFIG_ARM64_PTR_AUTH */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1201,6 +1221,33 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_hw_dbm, }, #endif +#ifdef CONFIG_ARM64_PTR_AUTH + { + .desc = "Address authentication (architected algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_ARCH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_APA_SHIFT, + .min_field_value = ID_AA64ISAR1_APA_ARCHITECTED, + .matches = has_cpuid_feature, + }, + { + .desc = "Address authentication (IMP DEF algorithm)", + .capability = ARM64_HAS_ADDRESS_AUTH_IMP_DEF, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64ISAR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64ISAR1_API_SHIFT, + .min_field_value = ID_AA64ISAR1_API_IMP_DEF, + .matches = has_cpuid_feature, + }, + { + .capability = ARM64_HAS_ADDRESS_AUTH, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_address_auth, + }, +#endif /* CONFIG_ARM64_PTR_AUTH */ {}, }; -- 2.11.0