linux/arch/arm64/kernel/pointer_auth.c

112 lines
2.8 KiB
C
Raw Normal View History

// SPDX-License-Identifier: GPL-2.0
#include <linux/compat.h>
#include <linux/errno.h>
#include <linux/prctl.h>
#include <linux/random.h>
#include <linux/sched.h>
#include <asm/cpufeature.h>
#include <asm/pointer_auth.h>
int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg)
{
struct ptrauth_keys_user *keys = &tsk->thread.keys_user;
unsigned long addr_key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY |
PR_PAC_APDAKEY | PR_PAC_APDBKEY;
unsigned long key_mask = addr_key_mask | PR_PAC_APGAKEY;
if (!system_supports_address_auth() && !system_supports_generic_auth())
return -EINVAL;
if (is_compat_thread(task_thread_info(tsk)))
return -EINVAL;
if (!arg) {
ptrauth_keys_init_user(keys);
return 0;
}
if (arg & ~key_mask)
return -EINVAL;
if (((arg & addr_key_mask) && !system_supports_address_auth()) ||
((arg & PR_PAC_APGAKEY) && !system_supports_generic_auth()))
return -EINVAL;
if (arg & PR_PAC_APIAKEY)
get_random_bytes(&keys->apia, sizeof(keys->apia));
if (arg & PR_PAC_APIBKEY)
get_random_bytes(&keys->apib, sizeof(keys->apib));
if (arg & PR_PAC_APDAKEY)
get_random_bytes(&keys->apda, sizeof(keys->apda));
if (arg & PR_PAC_APDBKEY)
get_random_bytes(&keys->apdb, sizeof(keys->apdb));
if (arg & PR_PAC_APGAKEY)
get_random_bytes(&keys->apga, sizeof(keys->apga));
ptrauth_keys_install_user(keys);
return 0;
}
arm64: Introduce prctl(PR_PAC_{SET,GET}_ENABLED_KEYS) This change introduces a prctl that allows the user program to control which PAC keys are enabled in a particular task. The main reason why this is useful is to enable a userspace ABI that uses PAC to sign and authenticate function pointers and other pointers exposed outside of the function, while still allowing binaries conforming to the ABI to interoperate with legacy binaries that do not sign or authenticate pointers. The idea is that a dynamic loader or early startup code would issue this prctl very early after establishing that a process may load legacy binaries, but before executing any PAC instructions. This change adds a small amount of overhead to kernel entry and exit due to additional required instruction sequences. On a DragonBoard 845c (Cortex-A75) with the powersave governor, the overhead of similar instruction sequences was measured as 4.9ns when simulating the common case where IA is left enabled, or 43.7ns when simulating the uncommon case where IA is disabled. These numbers can be seen as the worst case scenario, since in more realistic scenarios a better performing governor would be used and a newer chip would be used that would support PAC unlike Cortex-A75 and would be expected to be faster than Cortex-A75. On an Apple M1 under a hypervisor, the overhead of the entry/exit instruction sequences introduced by this patch was measured as 0.3ns in the case where IA is left enabled, and 33.0ns in the case where IA is disabled. Signed-off-by: Peter Collingbourne <pcc@google.com> Reviewed-by: Dave Martin <Dave.Martin@arm.com> Link: https://linux-review.googlesource.com/id/Ibc41a5e6a76b275efbaa126b31119dc197b927a5 Link: https://lore.kernel.org/r/d6609065f8f40397a4124654eb68c9f490b4d477.1616123271.git.pcc@google.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2021-03-19 11:10:53 +08:00
static u64 arg_to_enxx_mask(unsigned long arg)
{
u64 sctlr_enxx_mask = 0;
WARN_ON(arg & ~PR_PAC_ENABLED_KEYS_MASK);
if (arg & PR_PAC_APIAKEY)
sctlr_enxx_mask |= SCTLR_ELx_ENIA;
if (arg & PR_PAC_APIBKEY)
sctlr_enxx_mask |= SCTLR_ELx_ENIB;
if (arg & PR_PAC_APDAKEY)
sctlr_enxx_mask |= SCTLR_ELx_ENDA;
if (arg & PR_PAC_APDBKEY)
sctlr_enxx_mask |= SCTLR_ELx_ENDB;
return sctlr_enxx_mask;
}
int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
unsigned long enabled)
{
u64 sctlr = tsk->thread.sctlr_user;
if (!system_supports_address_auth())
return -EINVAL;
if (is_compat_thread(task_thread_info(tsk)))
return -EINVAL;
if ((keys & ~PR_PAC_ENABLED_KEYS_MASK) || (enabled & ~keys))
return -EINVAL;
sctlr &= ~arg_to_enxx_mask(keys);
sctlr |= arg_to_enxx_mask(enabled);
if (tsk == current)
set_task_sctlr_el1(sctlr);
else
tsk->thread.sctlr_user = sctlr;
return 0;
}
int ptrauth_get_enabled_keys(struct task_struct *tsk)
{
int retval = 0;
if (!system_supports_address_auth())
return -EINVAL;
if (is_compat_thread(task_thread_info(tsk)))
return -EINVAL;
if (tsk->thread.sctlr_user & SCTLR_ELx_ENIA)
retval |= PR_PAC_APIAKEY;
if (tsk->thread.sctlr_user & SCTLR_ELx_ENIB)
retval |= PR_PAC_APIBKEY;
if (tsk->thread.sctlr_user & SCTLR_ELx_ENDA)
retval |= PR_PAC_APDAKEY;
if (tsk->thread.sctlr_user & SCTLR_ELx_ENDB)
retval |= PR_PAC_APDBKEY;
return retval;
}