arch/arm64/include/asm/pointer_auth.h at v5.13 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / arch / arm64 / include / asm / pointer_auth.h
at v5.13 4.5 kB view raw
  1/* SPDX-License-Identifier: GPL-2.0 */
  2#ifndef __ASM_POINTER_AUTH_H
  3#define __ASM_POINTER_AUTH_H
  4
  5#include <linux/bitops.h>
  6#include <linux/prctl.h>
  7#include <linux/random.h>
  8
  9#include <asm/cpufeature.h>
 10#include <asm/memory.h>
 11#include <asm/sysreg.h>
 12
 13#ifdef CONFIG_ARM64_PTR_AUTH
 14/*
 15 * Each key is a 128-bit quantity which is split across a pair of 64-bit
 16 * registers (Lo and Hi).
 17 */
 18struct ptrauth_key {
 19	unsigned long lo, hi;
 20};
 21
 22/*
 23 * We give each process its own keys, which are shared by all threads. The keys
 24 * are inherited upon fork(), and reinitialised upon exec*().
 25 */
 26struct ptrauth_keys_user {
 27	struct ptrauth_key apia;
 28	struct ptrauth_key apib;
 29	struct ptrauth_key apda;
 30	struct ptrauth_key apdb;
 31	struct ptrauth_key apga;
 32};
 33
 34struct ptrauth_keys_kernel {
 35	struct ptrauth_key apia;
 36};
 37
 38#define __ptrauth_key_install_nosync(k, v)			\
 39do {								\
 40	struct ptrauth_key __pki_v = (v);			\
 41	write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1);	\
 42	write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1);	\
 43} while (0)
 44
 45static inline void ptrauth_keys_install_user(struct ptrauth_keys_user *keys)
 46{
 47	if (system_supports_address_auth()) {
 48		__ptrauth_key_install_nosync(APIB, keys->apib);
 49		__ptrauth_key_install_nosync(APDA, keys->apda);
 50		__ptrauth_key_install_nosync(APDB, keys->apdb);
 51	}
 52
 53	if (system_supports_generic_auth())
 54		__ptrauth_key_install_nosync(APGA, keys->apga);
 55}
 56
 57static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
 58{
 59	if (system_supports_address_auth()) {
 60		get_random_bytes(&keys->apia, sizeof(keys->apia));
 61		get_random_bytes(&keys->apib, sizeof(keys->apib));
 62		get_random_bytes(&keys->apda, sizeof(keys->apda));
 63		get_random_bytes(&keys->apdb, sizeof(keys->apdb));
 64	}
 65
 66	if (system_supports_generic_auth())
 67		get_random_bytes(&keys->apga, sizeof(keys->apga));
 68
 69	ptrauth_keys_install_user(keys);
 70}
 71
 72static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
 73{
 74	if (system_supports_address_auth())
 75		get_random_bytes(&keys->apia, sizeof(keys->apia));
 76}
 77
 78static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
 79{
 80	if (!system_supports_address_auth())
 81		return;
 82
 83	__ptrauth_key_install_nosync(APIA, keys->apia);
 84	isb();
 85}
 86
 87extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
 88
 89extern int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
 90				    unsigned long enabled);
 91extern int ptrauth_get_enabled_keys(struct task_struct *tsk);
 92
 93static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
 94{
 95	return ptrauth_clear_pac(ptr);
 96}
 97
 98static __always_inline void ptrauth_enable(void)
 99{
100	if (!system_supports_address_auth())
101		return;
102	sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |
103					SCTLR_ELx_ENDA | SCTLR_ELx_ENDB));
104	isb();
105}
106
107#define ptrauth_suspend_exit()                                                 \
108	ptrauth_keys_install_user(&current->thread.keys_user)
109
110#define ptrauth_thread_init_user()                                             \
111	do {                                                                   \
112		ptrauth_keys_init_user(&current->thread.keys_user);            \
113									       \
114		/* enable all keys */                                          \
115		if (system_supports_address_auth())                            \
116			set_task_sctlr_el1(current->thread.sctlr_user |        \
117					   SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |   \
118					   SCTLR_ELx_ENDA | SCTLR_ELx_ENDB);   \
119	} while (0)
120
121#define ptrauth_thread_switch_user(tsk)                                        \
122	ptrauth_keys_install_user(&(tsk)->thread.keys_user)
123
124#define ptrauth_thread_init_kernel(tsk)					\
125	ptrauth_keys_init_kernel(&(tsk)->thread.keys_kernel)
126#define ptrauth_thread_switch_kernel(tsk)				\
127	ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)
128
129#else /* CONFIG_ARM64_PTR_AUTH */
130#define ptrauth_enable()
131#define ptrauth_prctl_reset_keys(tsk, arg)	(-EINVAL)
132#define ptrauth_set_enabled_keys(tsk, keys, enabled)	(-EINVAL)
133#define ptrauth_get_enabled_keys(tsk)	(-EINVAL)
134#define ptrauth_strip_insn_pac(lr)	(lr)
135#define ptrauth_suspend_exit()
136#define ptrauth_thread_init_user()
137#define ptrauth_thread_init_kernel(tsk)
138#define ptrauth_thread_switch_user(tsk)
139#define ptrauth_thread_switch_kernel(tsk)
140#endif /* CONFIG_ARM64_PTR_AUTH */
141
142#define PR_PAC_ENABLED_KEYS_MASK                                               \
143	(PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY)
144
145#endif /* __ASM_POINTER_AUTH_H */