xref: /OK3568_Linux_fs/kernel/arch/arm64/include/asm/pointer_auth.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */
2*4882a593Smuzhiyun #ifndef __ASM_POINTER_AUTH_H
3*4882a593Smuzhiyun #define __ASM_POINTER_AUTH_H
4*4882a593Smuzhiyun 
5*4882a593Smuzhiyun #include <linux/bitops.h>
6*4882a593Smuzhiyun #include <linux/prctl.h>
7*4882a593Smuzhiyun #include <linux/random.h>
8*4882a593Smuzhiyun 
9*4882a593Smuzhiyun #include <asm/cpufeature.h>
10*4882a593Smuzhiyun #include <asm/memory.h>
11*4882a593Smuzhiyun #include <asm/sysreg.h>
12*4882a593Smuzhiyun 
13*4882a593Smuzhiyun #define PR_PAC_ENABLED_KEYS_MASK                                               \
14*4882a593Smuzhiyun 	(PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY)
15*4882a593Smuzhiyun 
16*4882a593Smuzhiyun #ifdef CONFIG_ARM64_PTR_AUTH
17*4882a593Smuzhiyun /*
18*4882a593Smuzhiyun  * Each key is a 128-bit quantity which is split across a pair of 64-bit
19*4882a593Smuzhiyun  * registers (Lo and Hi).
20*4882a593Smuzhiyun  */
21*4882a593Smuzhiyun struct ptrauth_key {
22*4882a593Smuzhiyun 	unsigned long lo, hi;
23*4882a593Smuzhiyun };
24*4882a593Smuzhiyun 
25*4882a593Smuzhiyun /*
26*4882a593Smuzhiyun  * We give each process its own keys, which are shared by all threads. The keys
27*4882a593Smuzhiyun  * are inherited upon fork(), and reinitialised upon exec*().
28*4882a593Smuzhiyun  */
29*4882a593Smuzhiyun struct ptrauth_keys_user {
30*4882a593Smuzhiyun 	struct ptrauth_key apia;
31*4882a593Smuzhiyun 	struct ptrauth_key apib;
32*4882a593Smuzhiyun 	struct ptrauth_key apda;
33*4882a593Smuzhiyun 	struct ptrauth_key apdb;
34*4882a593Smuzhiyun 	struct ptrauth_key apga;
35*4882a593Smuzhiyun };
36*4882a593Smuzhiyun 
37*4882a593Smuzhiyun struct ptrauth_keys_kernel {
38*4882a593Smuzhiyun 	struct ptrauth_key apia;
39*4882a593Smuzhiyun };
40*4882a593Smuzhiyun 
41*4882a593Smuzhiyun #define __ptrauth_key_install_nosync(k, v)			\
42*4882a593Smuzhiyun do {								\
43*4882a593Smuzhiyun 	struct ptrauth_key __pki_v = (v);			\
44*4882a593Smuzhiyun 	write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1);	\
45*4882a593Smuzhiyun 	write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1);	\
46*4882a593Smuzhiyun } while (0)
47*4882a593Smuzhiyun 
ptrauth_keys_install_user(struct ptrauth_keys_user * keys)48*4882a593Smuzhiyun static inline void ptrauth_keys_install_user(struct ptrauth_keys_user *keys)
49*4882a593Smuzhiyun {
50*4882a593Smuzhiyun 	if (system_supports_address_auth()) {
51*4882a593Smuzhiyun 		__ptrauth_key_install_nosync(APIB, keys->apib);
52*4882a593Smuzhiyun 		__ptrauth_key_install_nosync(APDA, keys->apda);
53*4882a593Smuzhiyun 		__ptrauth_key_install_nosync(APDB, keys->apdb);
54*4882a593Smuzhiyun 	}
55*4882a593Smuzhiyun 
56*4882a593Smuzhiyun 	if (system_supports_generic_auth())
57*4882a593Smuzhiyun 		__ptrauth_key_install_nosync(APGA, keys->apga);
58*4882a593Smuzhiyun }
59*4882a593Smuzhiyun 
ptrauth_keys_init_user(struct ptrauth_keys_user * keys)60*4882a593Smuzhiyun static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
61*4882a593Smuzhiyun {
62*4882a593Smuzhiyun 	if (system_supports_address_auth()) {
63*4882a593Smuzhiyun 		get_random_bytes(&keys->apia, sizeof(keys->apia));
64*4882a593Smuzhiyun 		get_random_bytes(&keys->apib, sizeof(keys->apib));
65*4882a593Smuzhiyun 		get_random_bytes(&keys->apda, sizeof(keys->apda));
66*4882a593Smuzhiyun 		get_random_bytes(&keys->apdb, sizeof(keys->apdb));
67*4882a593Smuzhiyun 	}
68*4882a593Smuzhiyun 
69*4882a593Smuzhiyun 	if (system_supports_generic_auth())
70*4882a593Smuzhiyun 		get_random_bytes(&keys->apga, sizeof(keys->apga));
71*4882a593Smuzhiyun 
72*4882a593Smuzhiyun 	ptrauth_keys_install_user(keys);
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun 
ptrauth_keys_init_kernel(struct ptrauth_keys_kernel * keys)75*4882a593Smuzhiyun static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
76*4882a593Smuzhiyun {
77*4882a593Smuzhiyun 	if (system_supports_address_auth())
78*4882a593Smuzhiyun 		get_random_bytes(&keys->apia, sizeof(keys->apia));
79*4882a593Smuzhiyun }
80*4882a593Smuzhiyun 
ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel * keys)81*4882a593Smuzhiyun static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
82*4882a593Smuzhiyun {
83*4882a593Smuzhiyun 	if (!system_supports_address_auth())
84*4882a593Smuzhiyun 		return;
85*4882a593Smuzhiyun 
86*4882a593Smuzhiyun 	__ptrauth_key_install_nosync(APIA, keys->apia);
87*4882a593Smuzhiyun 	isb();
88*4882a593Smuzhiyun }
89*4882a593Smuzhiyun 
90*4882a593Smuzhiyun extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
91*4882a593Smuzhiyun 
92*4882a593Smuzhiyun extern int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
93*4882a593Smuzhiyun 				    unsigned long enabled);
94*4882a593Smuzhiyun extern int ptrauth_get_enabled_keys(struct task_struct *tsk);
95*4882a593Smuzhiyun 
ptrauth_strip_insn_pac(unsigned long ptr)96*4882a593Smuzhiyun static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
97*4882a593Smuzhiyun {
98*4882a593Smuzhiyun 	return ptrauth_clear_pac(ptr);
99*4882a593Smuzhiyun }
100*4882a593Smuzhiyun 
ptrauth_enable(void)101*4882a593Smuzhiyun static __always_inline void ptrauth_enable(void)
102*4882a593Smuzhiyun {
103*4882a593Smuzhiyun 	if (!system_supports_address_auth())
104*4882a593Smuzhiyun 		return;
105*4882a593Smuzhiyun 	sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |
106*4882a593Smuzhiyun 					SCTLR_ELx_ENDA | SCTLR_ELx_ENDB));
107*4882a593Smuzhiyun 	isb();
108*4882a593Smuzhiyun }
109*4882a593Smuzhiyun 
110*4882a593Smuzhiyun #define ptrauth_suspend_exit()                                                 \
111*4882a593Smuzhiyun 	ptrauth_keys_install_user(&current->thread.keys_user)
112*4882a593Smuzhiyun 
113*4882a593Smuzhiyun #define ptrauth_thread_init_user()                                             \
114*4882a593Smuzhiyun 	do {                                                                   \
115*4882a593Smuzhiyun 		ptrauth_keys_init_user(&current->thread.keys_user);            \
116*4882a593Smuzhiyun 									       \
117*4882a593Smuzhiyun 		/* enable all keys */                                          \
118*4882a593Smuzhiyun 		if (system_supports_address_auth())                            \
119*4882a593Smuzhiyun 			ptrauth_set_enabled_keys(current,                      \
120*4882a593Smuzhiyun 						 PR_PAC_ENABLED_KEYS_MASK,     \
121*4882a593Smuzhiyun 						 PR_PAC_ENABLED_KEYS_MASK);    \
122*4882a593Smuzhiyun 	} while (0)
123*4882a593Smuzhiyun 
124*4882a593Smuzhiyun #define ptrauth_thread_switch_user(tsk)                                        \
125*4882a593Smuzhiyun 	ptrauth_keys_install_user(&(tsk)->thread.keys_user)
126*4882a593Smuzhiyun 
127*4882a593Smuzhiyun #define ptrauth_thread_init_kernel(tsk)					\
128*4882a593Smuzhiyun 	ptrauth_keys_init_kernel(&(tsk)->thread.keys_kernel)
129*4882a593Smuzhiyun #define ptrauth_thread_switch_kernel(tsk)				\
130*4882a593Smuzhiyun 	ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)
131*4882a593Smuzhiyun 
132*4882a593Smuzhiyun #else /* CONFIG_ARM64_PTR_AUTH */
133*4882a593Smuzhiyun #define ptrauth_enable()
134*4882a593Smuzhiyun #define ptrauth_prctl_reset_keys(tsk, arg)	(-EINVAL)
135*4882a593Smuzhiyun #define ptrauth_set_enabled_keys(tsk, keys, enabled)	(-EINVAL)
136*4882a593Smuzhiyun #define ptrauth_get_enabled_keys(tsk)	(-EINVAL)
137*4882a593Smuzhiyun #define ptrauth_strip_insn_pac(lr)	(lr)
138*4882a593Smuzhiyun #define ptrauth_suspend_exit()
139*4882a593Smuzhiyun #define ptrauth_thread_init_user()
140*4882a593Smuzhiyun #define ptrauth_thread_init_kernel(tsk)
141*4882a593Smuzhiyun #define ptrauth_thread_switch_user(tsk)
142*4882a593Smuzhiyun #define ptrauth_thread_switch_kernel(tsk)
143*4882a593Smuzhiyun #endif /* CONFIG_ARM64_PTR_AUTH */
144*4882a593Smuzhiyun 
145*4882a593Smuzhiyun #endif /* __ASM_POINTER_AUTH_H */
146