[PATCH v2 4/4] arm64: Add support of PAuth QARMA3 architected algorithm

Mon Feb 21 06:47:02 PST 2022

On 2/15/22 6:21 PM, Will Deacon wrote:
> On Mon, Jan 31, 2022 at 05:06:54PM +0000, Vladimir Murzin wrote:
>> QARMA3 is relaxed version of the QARMA5 algorithm which expected to
>> reduce the latency of calculation while still delivering a suitable
>> level of security.
>>
>> Support for QARMA3 can be discovered via ID_AA64ISAR2_EL1
>>
>>     APA3, bits [15:12] Indicates whether the QARMA3 algorithm is
>>                        implemented in the PE for address
>>                        authentication in AArch64 state.
>>
>>     GPA3, bits [11:8] Indicates whether the QARMA3 algorithm is
>>                        implemented in the PE for generic code
>>                        authentication in AArch64 state.
>>
>> Signed-off-by: Vladimir Murzin <vladimir.murzin at arm.com>
>> ---
>>  arch/arm64/include/asm/asm_pointer_auth.h      |  3 ++
>>  arch/arm64/include/asm/cpufeature.h            |  1 +
>>  arch/arm64/include/asm/kvm_hyp.h               |  1 +
>>  arch/arm64/include/asm/sysreg.h                | 12 +++++++
>>  arch/arm64/kernel/cpufeature.c                 | 45 +++++++++++++++++++++++---
>>  arch/arm64/kernel/idreg-override.c             | 16 +++++++--
>>  arch/arm64/kvm/arm.c                           |  1 +
>>  arch/arm64/kvm/hyp/include/nvhe/fixed_config.h |  5 +++
>>  arch/arm64/kvm/hyp/nvhe/sys_regs.c             | 14 ++++++++
>>  arch/arm64/kvm/sys_regs.c                      |  5 +++
>>  arch/arm64/tools/cpucaps                       |  2 ++
>>  11 files changed, 99 insertions(+), 6 deletions(-)
>>
>> diff --git a/arch/arm64/include/asm/asm_pointer_auth.h b/arch/arm64/include/asm/asm_pointer_auth.h
>> index f1bba5f..ead62f7 100644
>> --- a/arch/arm64/include/asm/asm_pointer_auth.h
>> +++ b/arch/arm64/include/asm/asm_pointer_auth.h
>> @@ -60,6 +60,9 @@ alternative_else_nop_endif
>>  	.macro __ptrauth_keys_init_cpu tsk, tmp1, tmp2, tmp3
>>  	mrs	\tmp1, id_aa64isar1_el1
>>  	ubfx	\tmp1, \tmp1, #ID_AA64ISAR1_APA_SHIFT, #8
>> +	mrs_s	\tmp2, SYS_ID_AA64ISAR2_EL1
>> +	ubfx	\tmp2, \tmp2, #ID_AA64ISAR2_APA3_SHIFT, #4
>> +	orr	\tmp1, \tmp1, \tmp2
>>  	cbz	\tmp1, .Lno_addr_auth\@
>>  	mov_q	\tmp1, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB | \
>>  			SCTLR_ELx_ENDA | SCTLR_ELx_ENDB)
>> diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
>> index ef6be92..fe7137f 100644
>> --- a/arch/arm64/include/asm/cpufeature.h
>> +++ b/arch/arm64/include/asm/cpufeature.h
>> @@ -854,6 +854,7 @@ static inline unsigned int get_vmid_bits(u64 mmfr1)
>>  extern struct arm64_ftr_override id_aa64mmfr1_override;
>>  extern struct arm64_ftr_override id_aa64pfr1_override;
>>  extern struct arm64_ftr_override id_aa64isar1_override;
>> +extern struct arm64_ftr_override id_aa64isar2_override;
>>  
>>  u32 get_kvm_ipa_limit(void);
>>  void dump_cpu_features(void);
>> diff --git a/arch/arm64/include/asm/kvm_hyp.h b/arch/arm64/include/asm/kvm_hyp.h
>> index 462882f..aa7fa2a 100644
>> --- a/arch/arm64/include/asm/kvm_hyp.h
>> +++ b/arch/arm64/include/asm/kvm_hyp.h
>> @@ -118,6 +118,7 @@ extern u64 kvm_nvhe_sym(id_aa64pfr0_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64pfr1_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64isar0_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64isar1_el1_sys_val);
>> +extern u64 kvm_nvhe_sym(id_aa64isar2_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64mmfr0_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64mmfr1_el1_sys_val);
>>  extern u64 kvm_nvhe_sym(id_aa64mmfr2_el1_sys_val);
>> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
>> index 898bee0..cbe4164 100644
>> --- a/arch/arm64/include/asm/sysreg.h
>> +++ b/arch/arm64/include/asm/sysreg.h
>> @@ -773,6 +773,8 @@
>>  #define ID_AA64ISAR1_GPI_IMP_DEF		0x1
>>  
>>  /* id_aa64isar2 */
>> +#define ID_AA64ISAR2_APA3_SHIFT		12
>> +#define ID_AA64ISAR2_GPA3_SHIFT		8
>>  #define ID_AA64ISAR2_RPRES_SHIFT	4
>>  #define ID_AA64ISAR2_WFXT_SHIFT		0
>>  
>> @@ -786,6 +788,16 @@
>>  #define ID_AA64ISAR2_WFXT_NI		0x0
>>  #define ID_AA64ISAR2_WFXT_SUPPORTED	0x2
>>  
>> +#define ID_AA64ISAR2_APA3_NI			0x0
>> +#define ID_AA64ISAR2_APA3_ARCHITECTED		0x1
>> +#define ID_AA64ISAR2_APA3_ARCH_EPAC		0x2
>> +#define ID_AA64ISAR2_APA3_ARCH_EPAC2		0x3
>> +#define ID_AA64ISAR2_APA3_ARCH_EPAC2_FPAC	0x4
>> +#define ID_AA64ISAR2_APA3_ARCH_EPAC2_FPAC_CMB	0x5
>> +
>> +#define ID_AA64ISAR2_GPA3_NI			0x0
>> +#define ID_AA64ISAR2_GPA3_ARCHITECTED		0x1
>> +
>>  /* id_aa64pfr0 */
>>  #define ID_AA64PFR0_CSV3_SHIFT		60
>>  #define ID_AA64PFR0_CSV2_SHIFT		56
>> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
>> index 69fbc53..aab6766 100644
>> --- a/arch/arm64/kernel/cpufeature.c
>> +++ b/arch/arm64/kernel/cpufeature.c
>> @@ -226,6 +226,10 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
>>  };
>>  
>>  static const struct arm64_ftr_bits ftr_id_aa64isar2[] = {
>> +	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
>> +		       FTR_STRICT, FTR_EXACT, ID_AA64ISAR2_APA3_SHIFT, 4, 0),
>> +	ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH),
>> +		       FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR2_GPA3_SHIFT, 4, 0),
>>  	ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64ISAR2_RPRES_SHIFT, 4, 0),
>>  	ARM64_FTR_END,
>>  };
>> @@ -596,6 +600,7 @@ static const struct arm64_ftr_bits ftr_raz[] = {
>>  struct arm64_ftr_override __ro_after_init id_aa64mmfr1_override;
>>  struct arm64_ftr_override __ro_after_init id_aa64pfr1_override;
>>  struct arm64_ftr_override __ro_after_init id_aa64isar1_override;
>> +struct arm64_ftr_override __ro_after_init id_aa64isar2_override;
>>  
>>  static const struct __ftr_reg_entry {
>>  	u32			sys_id;
>> @@ -644,6 +649,8 @@ static const struct __ftr_reg_entry {
>>  	ARM64_FTR_REG_OVERRIDE(SYS_ID_AA64ISAR1_EL1, ftr_id_aa64isar1,
>>  			       &id_aa64isar1_override),
>>  	ARM64_FTR_REG(SYS_ID_AA64ISAR2_EL1, ftr_id_aa64isar2),
>> +	ARM64_FTR_REG_OVERRIDE(SYS_ID_AA64ISAR2_EL1, ftr_id_aa64isar2,
>> +			       &id_aa64isar2_override),
>>  
>>  	/* Op1 = 0, CRn = 0, CRm = 7 */
>>  	ARM64_FTR_REG(SYS_ID_AA64MMFR0_EL1, ftr_id_aa64mmfr0),
>> @@ -1834,10 +1841,11 @@ static bool has_address_auth_metacap(const struct arm64_cpu_capabilities *entry,
>>  {
>>  	bool api = has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_IMP_DEF], scope);
>>  	bool apa = has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_ARCH_QARMA5], scope);
>> +	bool apa3 = has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_ARCH_QARMA3], scope);
>>  
>> -	WARN_ON(apa && api);
>> +	WARN_ON((apa && api) || (apa && apa3) || (api && apa3));
> 
> I don't really get the point in this warning, what is somebody supposed to
> do if they hit it? The kernel isn't the right place to make assertions about
> the CPU design.

Right, there is nothing user can do other than reporting about that. It was
inspired by the similar check in cpu_has_fwb(), yet I was under impression
that assertion can be triggered via id regester override as well - now I see
that invalid override is ignored.  I'm fine with removing assertion as long
as code base use assertions consistently...

Cheers
Vladimir

> 
> Will
> 