[PATCH v3 06/16] arm64: enable ptrauth earlier

Suzuki Kuruppassery Poulose suzuki.poulose at arm.com
Tue Jan 7 03:35:17 PST 2020

On 16/12/2019 08:47, Amit Daniel Kachhap wrote:
> From: Kristina Martsenko <kristina.martsenko at arm.com>
> When the kernel is compiled with pointer auth instructions, the boot CPU
> needs to start using address auth very early, so change the cpucap to
> account for this.
> Pointer auth must be enabled before we call C functions, because it is
> not possible to enter a function with pointer auth disabled and exit it
> with pointer auth enabled. Note, mismatches between architected and
> IMPDEF algorithms will still be caught by the cpufeature framework (the
> separate *_ARCH and *_IMP_DEF cpucaps).
> Note the change in behavior: if the boot CPU has address auth and a late
> CPU does not, then we park the late CPU very early in booting. Also, if
> the boot CPU does not have address auth and the late CPU has then system
> panic will occur little later from inside the C code. Until now we would
> have just disabled address auth in this case.
> Leave generic authentication as a "system scope" cpucap for now, since
> initially the kernel will only use address authentication.
> Reviewed-by: Kees Cook <keescook at chromium.org>
> Signed-off-by: Kristina Martsenko <kristina.martsenko at arm.com>
> [Amit: Re-worked ptrauth setup logic, comments]
> Signed-off-by: Amit Daniel Kachhap <amit.kachhap at arm.com>
> ---
> Changes since last version:
> * None.
>   arch/arm64/Kconfig             |  5 +++++
>   arch/arm64/include/asm/smp.h   |  1 +
>   arch/arm64/kernel/cpufeature.c | 13 +++----------
>   arch/arm64/kernel/head.S       | 20 ++++++++++++++++++++
>   arch/arm64/kernel/smp.c        |  2 ++
>   arch/arm64/mm/proc.S           | 31 +++++++++++++++++++++++++++++++
>   6 files changed, 62 insertions(+), 10 deletions(-)
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b1b4476..5aabe8a 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1482,6 +1482,11 @@ config ARM64_PTR_AUTH
>   	  be enabled. However, KVM guest also require VHE mode and hence
>   	  CONFIG_ARM64_VHE=y option to use this feature.
> +	  If the feature is present on the primary CPU but not a secondary CPU,
> +	  then the secondary CPU will be parked.


>    Also, if the boot CPU does not
> +	  have address auth and the late CPU has then system panic will occur.
> +	  On such a system, this option should not be selected.

Is this part of the text true ? We do not enable ptr-auth on the CPUs if
we are missing the support on primary. So, given we disable SCTLR bits,
the ptr-auth instructions should be a NOP and is thus safe.

The rest looks good to me. With the above text removed,

Reviewed-by: Suzuki K Poulose <suzuki.poulose at arm.com>

More information about the linux-arm-kernel mailing list