[PATCH v3 06/16] arm64: enable ptrauth earlier

Suzuki Kuruppassery Poulose suzuki.poulose at arm.com
Fri Jan 10 02:18:10 PST 2020


On 09/01/2020 08:29, Amit Kachhap wrote:
> Hi Suzuki,
> 
> On 1/7/20 5:05 PM, Suzuki Kuruppassery Poulose wrote:
>> On 16/12/2019 08:47, Amit Daniel Kachhap wrote:
>>> From: Kristina Martsenko <kristina.martsenko at arm.com>
>>>
>>> When the kernel is compiled with pointer auth instructions, the boot CPU
>>> needs to start using address auth very early, so change the cpucap to
>>> account for this.
>>>
>>> Pointer auth must be enabled before we call C functions, because it is
>>> not possible to enter a function with pointer auth disabled and exit it
>>> with pointer auth enabled. Note, mismatches between architected and
>>> IMPDEF algorithms will still be caught by the cpufeature framework (the
>>> separate *_ARCH and *_IMP_DEF cpucaps).
>>>
>>> Note the change in behavior: if the boot CPU has address auth and a late
>>> CPU does not, then we park the late CPU very early in booting. Also, if
>>> the boot CPU does not have address auth and the late CPU has then system
>>> panic will occur little later from inside the C code. Until now we would
>>> have just disabled address auth in this case.
>>>
>>> Leave generic authentication as a "system scope" cpucap for now, since
>>> initially the kernel will only use address authentication.
>>>
>>> Reviewed-by: Kees Cook <keescook at chromium.org>
>>> Signed-off-by: Kristina Martsenko <kristina.martsenko at arm.com>
>>> [Amit: Re-worked ptrauth setup logic, comments]
>>> Signed-off-by: Amit Daniel Kachhap <amit.kachhap at arm.com>
>>> ---
>>> Changes since last version:
>>> * None.
>>>
>>>   arch/arm64/Kconfig             |  5 +++++
>>>   arch/arm64/include/asm/smp.h   |  1 +
>>>   arch/arm64/kernel/cpufeature.c | 13 +++----------
>>>   arch/arm64/kernel/head.S       | 20 ++++++++++++++++++++
>>>   arch/arm64/kernel/smp.c        |  2 ++
>>>   arch/arm64/mm/proc.S           | 31 +++++++++++++++++++++++++++++++
>>>   6 files changed, 62 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>>> index b1b4476..5aabe8a 100644
>>> --- a/arch/arm64/Kconfig
>>> +++ b/arch/arm64/Kconfig
>>> @@ -1482,6 +1482,11 @@ config ARM64_PTR_AUTH
>>>         be enabled. However, KVM guest also require VHE mode and hence
>>>         CONFIG_ARM64_VHE=y option to use this feature.
>>> +      If the feature is present on the primary CPU but not a 
>>> secondary CPU,
>>> +      then the secondary CPU will be parked.
>>
>> ---
>>
>>>    Also, if the boot CPU does not
>>> +      have address auth and the late CPU has then system panic will 
>>> occur.
>>> +      On such a system, this option should not be selected.
>>
>> Is this part of the text true ? We do not enable ptr-auth on the CPUs if
>> we are missing the support on primary. So, given we disable SCTLR bits,
>> the ptr-auth instructions should be a NOP and is thus safe.
> 
> I got little confused with your earlier comments [1] and made the 
> secondary cpu's panic in case they have ptrauth and primary don't. In 
> this case ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU will leave it running and 
> not panic as you mentioned.

Yes please. Sorry about the confusion.

Suzuki



More information about the linux-arm-kernel mailing list