Merge branch 'for-next/kernel-ptrauth' into for-next/core

	select HAVE_ALIGNED_STRUCT_PAGE if SLUB

	select HAVE_ARCH_AUDITSYSCALL

	select HAVE_ARCH_BITREVERSE

	select HAVE_ARCH_COMPILER_H

	select HAVE_ARCH_HUGE_VMAP

	select HAVE_ARCH_JUMP_LABEL

	select HAVE_ARCH_JUMP_LABEL_RELATIVE

	bool "Enable support for pointer authentication"

	default y

	depends on !KVM || ARM64_VHE

	depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_PAC

	depends on CC_IS_GCC || (CC_IS_CLANG && AS_HAS_CFI_NEGATE_RA_STATE)

	depends on (!FUNCTION_GRAPH_TRACER || DYNAMIC_FTRACE_WITH_REGS)

	help

	  Pointer authentication (part of the ARMv8.3 Extensions) provides

	  instructions for signing and authenticating pointers against secret

	  and other attacks.

	  This option enables these instructions at EL0 (i.e. for userspace).

	  Choosing this option will cause the kernel to initialise secret keys

	  for each process at exec() time, with these keys being

	  context-switched along with the process.

	  If the compiler supports the -mbranch-protection or

	  -msign-return-address flag (e.g. GCC 7 or later), then this option

	  will also cause the kernel itself to be compiled with return address

	  protection. In this case, and if the target hardware is known to

	  support pointer authentication, then CONFIG_STACKPROTECTOR can be

	  disabled with minimal loss of protection.

	  The feature is detected at runtime. If the feature is not present in

	  hardware it will not be advertised to userspace/KVM guest nor will it

	  be enabled. However, KVM guest also require VHE mode and hence

	  CONFIG_ARM64_VHE=y option to use this feature.

	  If the feature is present on the boot CPU but not on a late CPU, then

	  the late CPU will be parked. Also, if the boot CPU does not have

	  address auth and the late CPU has then the late CPU will still boot

	  but with the feature disabled. On such a system, this option should

	  not be selected.

	  This feature works with FUNCTION_GRAPH_TRACER option only if

	  DYNAMIC_FTRACE_WITH_REGS is enabled.

config CC_HAS_BRANCH_PROT_PAC_RET

	# GCC 9 or later, clang 8 or later

	def_bool $(cc-option,-mbranch-protection=pac-ret+leaf)

config CC_HAS_SIGN_RETURN_ADDRESS

	# GCC 7, 8

	def_bool $(cc-option,-msign-return-address=all)

config AS_HAS_PAC

	def_bool $(as-option,-Wa$(comma)-march=armv8.3-a)

config AS_HAS_CFI_NEGATE_RA_STATE

	def_bool $(as-instr,.cfi_startproc\n.cfi_negate_ra_state\n.cfi_endproc\n)

endmenu

menu "ARMv8.4 architectural features"

					include/generated/asm-offsets.h))

endif

ifeq ($(CONFIG_ARM64_PTR_AUTH),y)

branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address=all

branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=pac-ret+leaf

# -march=armv8.3-a enables the non-nops instructions for PAC, to avoid the

# compiler to generate them and consequently to break the single image contract

# we pass it only to the assembler. This option is utilized only in case of non

# integrated assemblers.

branch-prot-flags-$(CONFIG_AS_HAS_PAC) += -Wa,-march=armv8.3-a

KBUILD_CFLAGS += $(branch-prot-flags-y)

endif

ifeq ($(CONFIG_CPU_BIG_ENDIAN), y)

KBUILD_CPPFLAGS	+= -mbig-endian

CHECKFLAGS	+= -D__AARCH64EB__

/* SPDX-License-Identifier: GPL-2.0 */

#ifndef __ASM_ASM_POINTER_AUTH_H

#define __ASM_ASM_POINTER_AUTH_H

#include <asm/alternative.h>

#include <asm/asm-offsets.h>

#include <asm/cpufeature.h>

#include <asm/sysreg.h>

#ifdef CONFIG_ARM64_PTR_AUTH

/*

 * thread.keys_user.ap* as offset exceeds the #imm offset range

 * so use the base value of ldp as thread.keys_user and offset as

 * thread.keys_user.ap*.

 */

	.macro ptrauth_keys_install_user tsk, tmp1, tmp2, tmp3

	mov	\tmp1, #THREAD_KEYS_USER

	add	\tmp1, \tsk, \tmp1

alternative_if_not ARM64_HAS_ADDRESS_AUTH

	b	.Laddr_auth_skip_\@

alternative_else_nop_endif

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIA]

	msr_s	SYS_APIAKEYLO_EL1, \tmp2

	msr_s	SYS_APIAKEYHI_EL1, \tmp3

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APIB]

	msr_s	SYS_APIBKEYLO_EL1, \tmp2

	msr_s	SYS_APIBKEYHI_EL1, \tmp3

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDA]

	msr_s	SYS_APDAKEYLO_EL1, \tmp2

	msr_s	SYS_APDAKEYHI_EL1, \tmp3

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APDB]

	msr_s	SYS_APDBKEYLO_EL1, \tmp2

	msr_s	SYS_APDBKEYHI_EL1, \tmp3

.Laddr_auth_skip_\@:

alternative_if ARM64_HAS_GENERIC_AUTH

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_USER_KEY_APGA]

	msr_s	SYS_APGAKEYLO_EL1, \tmp2

	msr_s	SYS_APGAKEYHI_EL1, \tmp3

alternative_else_nop_endif

	.endm

	.macro ptrauth_keys_install_kernel tsk, sync, tmp1, tmp2, tmp3

alternative_if ARM64_HAS_ADDRESS_AUTH

	mov	\tmp1, #THREAD_KEYS_KERNEL

	add	\tmp1, \tsk, \tmp1

	ldp	\tmp2, \tmp3, [\tmp1, #PTRAUTH_KERNEL_KEY_APIA]

	msr_s	SYS_APIAKEYLO_EL1, \tmp2

	msr_s	SYS_APIAKEYHI_EL1, \tmp3

	.if     \sync == 1

	isb

	.endif

alternative_else_nop_endif

	.endm

#else /* CONFIG_ARM64_PTR_AUTH */

	.macro ptrauth_keys_install_user tsk, tmp1, tmp2, tmp3

	.endm

	.macro ptrauth_keys_install_kernel tsk, sync, tmp1, tmp2, tmp3

	.endm

#endif /* CONFIG_ARM64_PTR_AUTH */

#endif /* __ASM_ASM_POINTER_AUTH_H */

/* SPDX-License-Identifier: GPL-2.0 */

#ifndef __ASM_COMPILER_H

#define __ASM_COMPILER_H

#if defined(CONFIG_ARM64_PTR_AUTH)

/*

 * The EL0/EL1 pointer bits used by a pointer authentication code.

 * This is dependent on TBI0/TBI1 being enabled, or bits 63:56 would also apply.

 */

#define ptrauth_user_pac_mask()		GENMASK_ULL(54, vabits_actual)

#define ptrauth_kernel_pac_mask()	GENMASK_ULL(63, vabits_actual)

/* Valid for EL0 TTBR0 and EL1 TTBR1 instruction pointers */

#define ptrauth_clear_pac(ptr)						\

	((ptr & BIT_ULL(55)) ? (ptr | ptrauth_kernel_pac_mask()) :	\

			       (ptr & ~ptrauth_user_pac_mask()))

#define __builtin_return_address(val)					\

	(void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val)))

#endif /* CONFIG_ARM64_PTR_AUTH */

#endif /* __ASM_COMPILER_H */

#define ARM64_HAS_E0PD				49

#define ARM64_HAS_RNG				50

#define ARM64_HAS_AMU_EXTN			51

#define ARM64_HAS_ADDRESS_AUTH			52

#define ARM64_HAS_GENERIC_AUTH			53

#define ARM64_NCAPS				52

#define ARM64_NCAPS				54

#endif /* __ASM_CPUCAPS_H */