[PATCH v3 06/16] arm64: enable ptrauth earlier
amit.kachhap at arm.com
Thu Jan 9 00:29:06 PST 2020
On 1/7/20 5:05 PM, Suzuki Kuruppassery Poulose wrote:
> On 16/12/2019 08:47, Amit Daniel Kachhap wrote:
>> From: Kristina Martsenko <kristina.martsenko at arm.com>
>> When the kernel is compiled with pointer auth instructions, the boot CPU
>> needs to start using address auth very early, so change the cpucap to
>> account for this.
>> Pointer auth must be enabled before we call C functions, because it is
>> not possible to enter a function with pointer auth disabled and exit it
>> with pointer auth enabled. Note, mismatches between architected and
>> IMPDEF algorithms will still be caught by the cpufeature framework (the
>> separate *_ARCH and *_IMP_DEF cpucaps).
>> Note the change in behavior: if the boot CPU has address auth and a late
>> CPU does not, then we park the late CPU very early in booting. Also, if
>> the boot CPU does not have address auth and the late CPU has then system
>> panic will occur little later from inside the C code. Until now we would
>> have just disabled address auth in this case.
>> Leave generic authentication as a "system scope" cpucap for now, since
>> initially the kernel will only use address authentication.
>> Reviewed-by: Kees Cook <keescook at chromium.org>
>> Signed-off-by: Kristina Martsenko <kristina.martsenko at arm.com>
>> [Amit: Re-worked ptrauth setup logic, comments]
>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap at arm.com>
>> Changes since last version:
>> * None.
>> arch/arm64/Kconfig | 5 +++++
>> arch/arm64/include/asm/smp.h | 1 +
>> arch/arm64/kernel/cpufeature.c | 13 +++----------
>> arch/arm64/kernel/head.S | 20 ++++++++++++++++++++
>> arch/arm64/kernel/smp.c | 2 ++
>> arch/arm64/mm/proc.S | 31 +++++++++++++++++++++++++++++++
>> 6 files changed, 62 insertions(+), 10 deletions(-)
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index b1b4476..5aabe8a 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -1482,6 +1482,11 @@ config ARM64_PTR_AUTH
>> be enabled. However, KVM guest also require VHE mode and hence
>> CONFIG_ARM64_VHE=y option to use this feature.
>> + If the feature is present on the primary CPU but not a
>> secondary CPU,
>> + then the secondary CPU will be parked.
>> Also, if the boot CPU does not
>> + have address auth and the late CPU has then system panic will
>> + On such a system, this option should not be selected.
> Is this part of the text true ? We do not enable ptr-auth on the CPUs if
> we are missing the support on primary. So, given we disable SCTLR bits,
> the ptr-auth instructions should be a NOP and is thus safe.
I got little confused with your earlier comments  and made the
secondary cpu's panic in case they have ptrauth and primary don't. In
this case ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU will leave it running and
not panic as you mentioned.
I will append ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU feature and update the
comments over here accordingly in my next iteration.
> The rest looks good to me. With the above text removed,
> Reviewed-by: Suzuki K Poulose <suzuki.poulose at arm.com>
Thanks for reviewing.
More information about the linux-arm-kernel