[BOOT-WRAPPER PATCH 3/3] aarch64: Enable use of GCS for EL2 and below
Mark Rutland
mark.rutland at arm.com
Tue Nov 26 10:01:56 PST 2024
On Tue, Nov 26, 2024 at 05:20:47PM +0000, Mark Brown wrote:
> On Tue, Nov 26, 2024 at 03:39:55PM +0000, Mark Rutland wrote:
>
> > + if (mrs_field(ID_AA64PFR1_EL1, GCS)) {
> > + scr |= SCR_EL3_GCSEn;
> > + msr(GCSCR_EL2, 0);
> > + msr(GCSCR_EL1, 0);
> > + msr(GCSCRE0_EL1, 0);
> > + }
> > +
>
> We're not doing anything for GCSCR_EL3 where (as for the other ELs)
> RVCHKEN resets to an architecturally UNKNOWN value:
>
> https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers/GCSCR-EL3--Guarded-Control-Stack-Control-Register--EL3-?lang=en
>
> This is also an oversight in the TF-A GCS support. One might question
> the decisions of an implementation which doesn't reset it to 0 but it
> should be safer to initialise.
A need to initialize GCSCR_EL3.RVCHKEN would be an *architecture bug*,
not an oversight in TF-A. That bit should only reset to an UNKNOWN value
if it doesn't have a functional effect on EL3 code that doesn't touch
GCS functionality. If it has no functional effect it's fine to leave it
in an UNKNOWN state.
GCSCR_EL3.PCRSEL resets to 0, so the HW won't push to the GCS for BL/BLR
and won't pop from the GCS for a RET. That menas there's no GCS value
for a return value check to compare with...
That does raise the question of what specifically happens for a return
at EL3 when GCSCR_EL3.{PCRSEL,RVCHKEN} == {1,0}. Can you enlighten me?
Mark.
More information about the linux-arm-kernel
mailing list