From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8071C433E2 for ; Wed, 2 Sep 2020 15:40:58 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A1C59207EA for ; Wed, 2 Sep 2020 15:40:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="TbpwpWvR" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A1C59207EA Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=prYEKyJHoYAv+PdQlyvKGgi2n0uoFdiFw0R7as2AgZ0=; b=TbpwpWvRwGPJYgNGlHMHXgd3U Df8NCzd3DiwkcM2FXCJzN6suPWyyD1f1voO28gdfUOJfOT+2ElGWWpQBtPexzGNNn0gWV/eTmnvV2 iz5/qCTw8pRmKFn86ZX0sg45JAqhJnJyATcFN3NseFVUQIWuSabSiCe8bVo5BzWBxQfVOxfrXH4WR LDWh4gknzRIyPKx+lK6bbd4UjLWusCwqrxULUUtgJWVCQjaHgqSS26lcBnFNMh76vaa3jGLvGZqOY LIioiGXfpSvGvmlSmLaYJ3uN5lXQnkLilxs4RgBGTnsfLmP6ntUqyH5AknRGbP6MgIUug+w/6W0ep frXXkDsHw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDUrG-0005vp-9U; Wed, 02 Sep 2020 15:39:34 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kDUrD-0005uK-Fi for linux-arm-kernel@lists.infradead.org; Wed, 02 Sep 2020 15:39:32 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BF46B101E; Wed, 2 Sep 2020 08:39:29 -0700 (PDT) Received: from arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 6BAE23F71F; Wed, 2 Sep 2020 08:39:28 -0700 (PDT) Date: Wed, 2 Sep 2020 16:39:26 +0100 From: Dave Martin To: Amit Daniel Kachhap Subject: Re: [PATCH v5 3/6] arm64: ptrauth: Introduce Armv8.3 pointer authentication enhancements Message-ID: <20200902153926.GG6642@arm.com> References: <1597734671-23407-1-git-send-email-amit.kachhap@arm.com> <1597734671-23407-4-git-send-email-amit.kachhap@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1597734671-23407-4-git-send-email-amit.kachhap@arm.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200902_113931_659461_9703A897 X-CRM114-Status: GOOD ( 30.67 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Suzuki K Poulose , Catalin Marinas , Mark Brown , James Morse , Vincenzo Frascino , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Aug 18, 2020 at 12:41:08PM +0530, Amit Daniel Kachhap wrote: > Some Armv8.3 Pointer Authentication enhancements have been introduced > which are mandatory for Armv8.6 and optional for Armv8.3. These features > are, > > * ARMv8.3-PAuth2 - An enhanced PAC generation logic is added which hardens > finding the correct PAC value of the authenticated pointer. > > * ARMv8.3-FPAC - Fault is generated now when the ptrauth authentication > instruction fails in authenticating the PAC present in the address. > This is different from earlier case when such failures just adds an > error code in the top byte and waits for subsequent load/store to abort. > The ptrauth instructions which may cause this fault are autiasp, retaa > etc. > > The above features are now represented by additional configurations > for the Address Authentication cpufeature and a new ESR exception class. > > The userspace fault received in the kernel due to ARMv8.3-FPAC is treated > as Illegal instruction and hence signal SIGILL is injected with ILL_ILLOPN > as the signal code. Note that this is different from earlier ARMv8.3 > ptrauth where signal SIGSEGV is issued due to Pointer authentication > failures. The in-kernel PAC fault causes kernel to crash. > > Signed-off-by: Amit Daniel Kachhap > --- > Changes since v4: > * Used force_signal_inject() to create ptrauth signal. This is in > sync with existing Illegal instruction fault handlers. > > arch/arm64/include/asm/esr.h | 4 +++- > arch/arm64/include/asm/exception.h | 1 + > arch/arm64/include/asm/sysreg.h | 24 ++++++++++++++++-------- > arch/arm64/kernel/entry-common.c | 21 +++++++++++++++++++++ > arch/arm64/kernel/traps.c | 9 +++++++++ > 5 files changed, 50 insertions(+), 9 deletions(-) > > diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h > index 035003acfa87..22c81f1edda2 100644 > --- a/arch/arm64/include/asm/esr.h > +++ b/arch/arm64/include/asm/esr.h > @@ -35,7 +35,9 @@ > #define ESR_ELx_EC_SYS64 (0x18) > #define ESR_ELx_EC_SVE (0x19) > #define ESR_ELx_EC_ERET (0x1a) /* EL2 only */ > -/* Unallocated EC: 0x1b - 0x1E */ > +/* Unallocated EC: 0x1B */ > +#define ESR_ELx_EC_FPAC (0x1C) /* EL1 and above */ > +/* Unallocated EC: 0x1D - 0x1E */ > #define ESR_ELx_EC_IMP_DEF (0x1f) /* EL3 only */ > #define ESR_ELx_EC_IABT_LOW (0x20) > #define ESR_ELx_EC_IABT_CUR (0x21) > diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h > index 7577a754d443..99b9383cd036 100644 > --- a/arch/arm64/include/asm/exception.h > +++ b/arch/arm64/include/asm/exception.h > @@ -47,4 +47,5 @@ void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr); > void do_cp15instr(unsigned int esr, struct pt_regs *regs); > void do_el0_svc(struct pt_regs *regs); > void do_el0_svc_compat(struct pt_regs *regs); > +void do_ptrauth_fault(struct pt_regs *regs, unsigned int esr); > #endif /* __ASM_EXCEPTION_H */ > diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h > index 463175f80341..c71bcd0c002a 100644 > --- a/arch/arm64/include/asm/sysreg.h > +++ b/arch/arm64/include/asm/sysreg.h > @@ -633,14 +633,22 @@ > #define ID_AA64ISAR1_APA_SHIFT 4 > #define ID_AA64ISAR1_DPB_SHIFT 0 > > -#define ID_AA64ISAR1_APA_NI 0x0 > -#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 > -#define ID_AA64ISAR1_API_NI 0x0 > -#define ID_AA64ISAR1_API_IMP_DEF 0x1 > -#define ID_AA64ISAR1_GPA_NI 0x0 > -#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 > -#define ID_AA64ISAR1_GPI_NI 0x0 > -#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 > +#define ID_AA64ISAR1_APA_NI 0x0 > +#define ID_AA64ISAR1_APA_ARCHITECTED 0x1 > +#define ID_AA64ISAR1_APA_ARCH_EPAC 0x2 > +#define ID_AA64ISAR1_APA_ARCH_EPAC2 0x3 > +#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC 0x4 > +#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC_CMB 0x5 > +#define ID_AA64ISAR1_API_NI 0x0 > +#define ID_AA64ISAR1_API_IMP_DEF 0x1 > +#define ID_AA64ISAR1_API_IMP_DEF_EPAC 0x2 > +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2 0x3 > +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC 0x4 > +#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC_CMB 0x5 > +#define ID_AA64ISAR1_GPA_NI 0x0 > +#define ID_AA64ISAR1_GPA_ARCHITECTED 0x1 > +#define ID_AA64ISAR1_GPI_NI 0x0 > +#define ID_AA64ISAR1_GPI_IMP_DEF 0x1 > > /* id_aa64pfr0 */ > #define ID_AA64PFR0_CSV3_SHIFT 60 > diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c > index 3dbdf9752b11..8380ffb8160a 100644 > --- a/arch/arm64/kernel/entry-common.c > +++ b/arch/arm64/kernel/entry-common.c > @@ -66,6 +66,13 @@ static void notrace el1_dbg(struct pt_regs *regs, unsigned long esr) > } > NOKPROBE_SYMBOL(el1_dbg); > > +static void notrace el1_fpac(struct pt_regs *regs, unsigned long esr) > +{ > + local_daif_inherit(regs); > + do_ptrauth_fault(regs, esr); > +} > +NOKPROBE_SYMBOL(el1_fpac); > + > asmlinkage void notrace el1_sync_handler(struct pt_regs *regs) > { > unsigned long esr = read_sysreg(esr_el1); > @@ -92,6 +99,9 @@ asmlinkage void notrace el1_sync_handler(struct pt_regs *regs) > case ESR_ELx_EC_BRK64: > el1_dbg(regs, esr); > break; > + case ESR_ELx_EC_FPAC: > + el1_fpac(regs, esr); > + break; > default: > el1_inv(regs, esr); > } > @@ -227,6 +237,14 @@ static void notrace el0_svc(struct pt_regs *regs) > } > NOKPROBE_SYMBOL(el0_svc); > > +static void notrace el0_fpac(struct pt_regs *regs, unsigned long esr) > +{ > + user_exit_irqoff(); > + local_daif_restore(DAIF_PROCCTX); > + do_ptrauth_fault(regs, esr); > +} > +NOKPROBE_SYMBOL(el0_fpac); > + > asmlinkage void notrace el0_sync_handler(struct pt_regs *regs) > { > unsigned long esr = read_sysreg(esr_el1); > @@ -272,6 +290,9 @@ asmlinkage void notrace el0_sync_handler(struct pt_regs *regs) > case ESR_ELx_EC_BRK64: > el0_dbg(regs, esr); > break; > + case ESR_ELx_EC_FPAC: > + el0_fpac(regs, esr); > + break; > default: > el0_inv(regs, esr); > } > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c > index eb19f985f0bc..af2479f2c642 100644 > --- a/arch/arm64/kernel/traps.c > +++ b/arch/arm64/kernel/traps.c > @@ -479,6 +479,14 @@ void do_bti(struct pt_regs *regs) > } > NOKPROBE_SYMBOL(do_bti); > > +void do_ptrauth_fault(struct pt_regs *regs, unsigned int esr) > +{ > + /* In-kernel Pointer authentication fault causes kernel crash */ > + BUG_ON(!user_mode(regs)); Ack, I think keeping this BUG_ON() makes sense here, since force_signal_inject() just warns and returns if !user_mode(regs). Maybe the comment could be clarified though to explain what is meant by "crash": maybe something like: Unexpected FPAC exception or pointer authentication failure in the kernel: kill the task before it does any more harm. > + force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); > +} > +NOKPROBE_SYMBOL(do_ptrauth_fault); > + > #define __user_cache_maint(insn, address, res) \ > if (address >= user_addr_max()) { \ > res = -EFAULT; \ > @@ -775,6 +783,7 @@ static const char *esr_class_str[] = { > [ESR_ELx_EC_SYS64] = "MSR/MRS (AArch64)", > [ESR_ELx_EC_SVE] = "SVE", > [ESR_ELx_EC_ERET] = "ERET/ERETAA/ERETAB", > + [ESR_ELx_EC_FPAC] = "FPAC", [...] With the above, Reviewed-by: Dave Martin Cheers ---Dave _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel