Commit e16aeb07 authored by Amit Daniel Kachhap's avatar Amit Daniel Kachhap Committed by Will Deacon
Browse files

arm64: ptrauth: Introduce Armv8.3 pointer authentication enhancements 



Some Armv8.3 Pointer Authentication enhancements have been introduced
which are mandatory for Armv8.6 and optional for Armv8.3. These features
are,

* ARMv8.3-PAuth2 - An enhanced PAC generation logic is added which hardens
  finding the correct PAC value of the authenticated pointer.

* ARMv8.3-FPAC - Fault is generated now when the ptrauth authentication
  instruction fails in authenticating the PAC present in the address.
  This is different from earlier case when such failures just adds an
  error code in the top byte and waits for subsequent load/store to abort.
  The ptrauth instructions which may cause this fault are autiasp, retaa
  etc.

The above features are now represented by additional configurations
for the Address Authentication cpufeature and a new ESR exception class.

The userspace fault received in the kernel due to ARMv8.3-FPAC is treated
as Illegal instruction and hence signal SIGILL is injected with ILL_ILLOPN
as the signal code. Note that this is different from earlier ARMv8.3
ptrauth where signal SIGSEGV is issued due to Pointer authentication
failures. The in-kernel PAC fault causes kernel to crash.

Signed-off-by: default avatarAmit Daniel Kachhap <amit.kachhap@arm.com>
Reviewed-by: default avatarDave Martin <Dave.Martin@arm.com>
Link: https://lore.kernel.org/r/20200914083656.21428-4-amit.kachhap@arm.com


Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent 4ef333b2

arch/arm64/include/asm/esr.h

+3 −1
Original line number Diff line number Diff line
@@ -35,7 +35,9 @@ 
#define ESR_ELx_EC_SYS64	(0x18)

#define ESR_ELx_EC_SVE		(0x19)

#define ESR_ELx_EC_ERET		(0x1a)	/* EL2 only */

/* Unallocated EC: 0x1b - 0x1E */

/* Unallocated EC: 0x1B */

#define ESR_ELx_EC_FPAC		(0x1C)	/* EL1 and above */

/* Unallocated EC: 0x1D - 0x1E */

#define ESR_ELx_EC_IMP_DEF	(0x1f)	/* EL3 only */

#define ESR_ELx_EC_IABT_LOW	(0x20)

#define ESR_ELx_EC_IABT_CUR	(0x21)

arch/arm64/include/asm/exception.h

+1 −0
Original line number Diff line number Diff line
@@ -47,4 +47,5 @@ void bad_el0_sync(struct pt_regs *regs, int reason, unsigned int esr); 
void do_cp15instr(unsigned int esr, struct pt_regs *regs);

void do_el0_svc(struct pt_regs *regs);

void do_el0_svc_compat(struct pt_regs *regs);

void do_ptrauth_fault(struct pt_regs *regs, unsigned int esr);

#endif	/* __ASM_EXCEPTION_H */

arch/arm64/include/asm/sysreg.h

+16 −8
Original line number Diff line number Diff line
@@ -638,8 +638,16 @@ 


#define ID_AA64ISAR1_APA_NI			0x0

#define ID_AA64ISAR1_APA_ARCHITECTED		0x1

#define ID_AA64ISAR1_APA_ARCH_EPAC		0x2

#define ID_AA64ISAR1_APA_ARCH_EPAC2		0x3

#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC	0x4

#define ID_AA64ISAR1_APA_ARCH_EPAC2_FPAC_CMB	0x5

#define ID_AA64ISAR1_API_NI			0x0

#define ID_AA64ISAR1_API_IMP_DEF		0x1

#define ID_AA64ISAR1_API_IMP_DEF_EPAC		0x2

#define ID_AA64ISAR1_API_IMP_DEF_EPAC2		0x3

#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC	0x4

#define ID_AA64ISAR1_API_IMP_DEF_EPAC2_FPAC_CMB	0x5

#define ID_AA64ISAR1_GPA_NI			0x0

#define ID_AA64ISAR1_GPA_ARCHITECTED		0x1

#define ID_AA64ISAR1_GPI_NI			0x0

arch/arm64/kernel/entry-common.c

+21 −0
Original line number Diff line number Diff line
@@ -66,6 +66,13 @@ static void notrace el1_dbg(struct pt_regs *regs, unsigned long esr) 
}

NOKPROBE_SYMBOL(el1_dbg);



static void notrace el1_fpac(struct pt_regs *regs, unsigned long esr)

{

	local_daif_inherit(regs);

	do_ptrauth_fault(regs, esr);

}

NOKPROBE_SYMBOL(el1_fpac);



asmlinkage void notrace el1_sync_handler(struct pt_regs *regs)

{

	unsigned long esr = read_sysreg(esr_el1);
@@ -92,6 +99,9 @@ asmlinkage void notrace el1_sync_handler(struct pt_regs *regs) 
	case ESR_ELx_EC_BRK64:

		el1_dbg(regs, esr);

		break;

	case ESR_ELx_EC_FPAC:

		el1_fpac(regs, esr);

		break;

	default:

		el1_inv(regs, esr);

	}
@@ -227,6 +237,14 @@ static void notrace el0_svc(struct pt_regs *regs) 
}

NOKPROBE_SYMBOL(el0_svc);



static void notrace el0_fpac(struct pt_regs *regs, unsigned long esr)

{

	user_exit_irqoff();

	local_daif_restore(DAIF_PROCCTX);

	do_ptrauth_fault(regs, esr);

}

NOKPROBE_SYMBOL(el0_fpac);



asmlinkage void notrace el0_sync_handler(struct pt_regs *regs)

{

	unsigned long esr = read_sysreg(esr_el1);
@@ -272,6 +290,9 @@ asmlinkage void notrace el0_sync_handler(struct pt_regs *regs) 
	case ESR_ELx_EC_BRK64:

		el0_dbg(regs, esr);

		break;

	case ESR_ELx_EC_FPAC:

		el0_fpac(regs, esr);

		break;

	default:

		el0_inv(regs, esr);

	}

arch/arm64/kernel/traps.c

+12 −0
Original line number Diff line number Diff line
@@ -479,6 +479,17 @@ void do_bti(struct pt_regs *regs) 
}

NOKPROBE_SYMBOL(do_bti);



void do_ptrauth_fault(struct pt_regs *regs, unsigned int esr)

{

	/*

	 * Unexpected FPAC exception or pointer authentication failure in

	 * the kernel: kill the task before it does any more harm.

	 */

	BUG_ON(!user_mode(regs));

	force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr);

}

NOKPROBE_SYMBOL(do_ptrauth_fault);



#define __user_cache_maint(insn, address, res)			\

	if (address >= user_addr_max()) {			\

		res = -EFAULT;					\
@@ -775,6 +786,7 @@ static const char *esr_class_str[] = { 
	[ESR_ELx_EC_SYS64]		= "MSR/MRS (AArch64)",

	[ESR_ELx_EC_SVE]		= "SVE",

	[ESR_ELx_EC_ERET]		= "ERET/ERETAA/ERETAB",

	[ESR_ELx_EC_FPAC]		= "FPAC",

	[ESR_ELx_EC_IMP_DEF]		= "EL3 IMP DEF",

	[ESR_ELx_EC_IABT_LOW]		= "IABT (lower EL)",

	[ESR_ELx_EC_IABT_CUR]		= "IABT (current EL)",

CRA Git | Maintained and supported by SUSTech CRA and CCSE