[PATCH] ARM64: Provide the ARM64_TBI option
Robin Murphy
robin.murphy at arm.com
Wed Jul 14 11:43:03 PDT 2021
On 2021-07-14 19:06, Yuan Li wrote:
> The ARM64 provides the Top Byte Ignore (TBI) early on, so the kernel turns TBI
> on by default, but, it does not provide any option to turn the feature off.
>
> In ARMv8.3, the Pointer Authentication (PA) was introduced, and if TBI is
> turned off, the PA will be able to use the top byte, resulting longer pointer
> authentication codes, which is more secure.
>
> This patch changes the default support for the TBI to an option that can be
> turned off.
This would have to be something that processes explicitly opt in to. See
Documentation/arm64/tagged-pointers.rst - silently disabling TBI0 *will*
break existing userspace software.
Robin.
> Signed-off-by: Yuan Li <lydorazoe at gmail.com>
> ---
> arch/arm64/Kconfig | 6 ++++++
> arch/arm64/include/asm/memory.h | 6 +++++-
> arch/arm64/include/asm/pgtable-hwdef.h | 5 +++++
> lib/Kconfig.kasan | 2 ++
> 4 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index b5b13a932561..22be64358df2 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -357,6 +357,10 @@ source "arch/arm64/Kconfig.platforms"
>
> menu "Kernel Features"
>
> +config ARM64_TBI
> + bool "Enable support for Top Byte Ignore (TBI)"
> + default y
> +
> menu "ARM errata workarounds via the alternatives framework"
>
> config ARM64_WORKAROUND_CLEAN_CACHE
> @@ -1212,6 +1216,7 @@ config ARM64_SW_TTBR0_PAN
> config ARM64_TAGGED_ADDR_ABI
> bool "Enable the tagged user addresses syscall ABI"
> default y
> + depends on ARM64_TBI
> help
> When this option is enabled, user applications can opt in to a
> relaxed ABI via prctl() allowing tagged addresses to be passed
> @@ -1649,6 +1654,7 @@ config ARM64_AS_HAS_MTE
> config ARM64_MTE
> bool "Memory Tagging Extension support"
> default y
> + depends on ARM64_TBI
> depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI
> depends on AS_HAS_ARMV8_5
> depends on AS_HAS_LSE_ATOMICS
> diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
> index 824a3655dd93..74323aa69811 100644
> --- a/arch/arm64/include/asm/memory.h
> +++ b/arch/arm64/include/asm/memory.h
> @@ -215,8 +215,12 @@ static inline unsigned long kaslr_offset(void)
> * up with a tagged userland pointer. Clear the tag to get a sane pointer to
> * pass on to access_ok(), for instance.
> */
> -#define __untagged_addr(addr) \
> +#ifdef CONFIG_ARM64_TBI
> +#define __untagged_addr(addr) \
> ((__force __typeof__(addr))sign_extend64((__force u64)(addr), 55))
> +#else /* CONFIG_ARM64_TBI */
> +#define __untagged_addr(addr) (addr)
> +#endif /* CONFIG_ARM64_TBI */
>
> #define untagged_addr(addr) ({ \
> u64 __addr = (__force u64)(addr); \
> diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
> index 40085e53f573..827904470515 100644
> --- a/arch/arm64/include/asm/pgtable-hwdef.h
> +++ b/arch/arm64/include/asm/pgtable-hwdef.h
> @@ -264,8 +264,13 @@
> #define TCR_IPS_MASK (UL(7) << TCR_IPS_SHIFT)
> #define TCR_A1 (UL(1) << 22)
> #define TCR_ASID16 (UL(1) << 36)
> +#ifdef CONFIG_ARM64_TBI
> #define TCR_TBI0 (UL(1) << 37)
> #define TCR_TBI1 (UL(1) << 38)
> +#else /* CONFIG_ARM64_TBI */
> +#define TCR_TBI0 (UL(0) << 37)
> +#define TCR_TBI1 (UL(0) << 38)
> +#endif /* CONFIG_ARM64_TBI */
> #define TCR_HA (UL(1) << 39)
> #define TCR_HD (UL(1) << 40)
> #define TCR_TBID1 (UL(1) << 52)
> diff --git a/lib/Kconfig.kasan b/lib/Kconfig.kasan
> index 1e2d10f86011..df30ed3dac4d 100644
> --- a/lib/Kconfig.kasan
> +++ b/lib/Kconfig.kasan
> @@ -85,6 +85,7 @@ config KASAN_GENERIC
>
> config KASAN_SW_TAGS
> bool "Software tag-based mode"
> + depends on ARM64_TBI
> depends on HAVE_ARCH_KASAN_SW_TAGS && CC_HAS_KASAN_SW_TAGS
> select SLUB_DEBUG if SLUB
> select CONSTRUCTORS
> @@ -108,6 +109,7 @@ config KASAN_SW_TAGS
>
> config KASAN_HW_TAGS
> bool "Hardware tag-based mode"
> + depends on ARM64_TBI
> depends on HAVE_ARCH_KASAN_HW_TAGS
> depends on SLUB
> help
>
More information about the linux-arm-kernel
mailing list