include/asm/pointer_auth.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef __ASM_POINTER_AUTH_H
0003 #define __ASM_POINTER_AUTH_H
0004
0005 #include <linux/bitops.h>
0006 #include <linux/prctl.h>
0007 #include <linux/random.h>
0008
0009 #include <asm/cpufeature.h>
0010 #include <asm/memory.h>
0011 #include <asm/sysreg.h>
0012
0013 #define PR_PAC_ENABLED_KEYS_MASK                                               \
0014     (PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY)
0015
0016 #ifdef CONFIG_ARM64_PTR_AUTH
0017 /*
0018  * Each key is a 128-bit quantity which is split across a pair of 64-bit
0019  * registers (Lo and Hi).
0020  */
0021 struct ptrauth_key {
0022     unsigned long lo, hi;
0023 };
0024
0025 /*
0026  * We give each process its own keys, which are shared by all threads. The keys
0027  * are inherited upon fork(), and reinitialised upon exec*().
0028  */
0029 struct ptrauth_keys_user {
0030     struct ptrauth_key apia;
0031     struct ptrauth_key apib;
0032     struct ptrauth_key apda;
0033     struct ptrauth_key apdb;
0034     struct ptrauth_key apga;
0035 };
0036
0037 #define __ptrauth_key_install_nosync(k, v)          \
0038 do {                                \
0039     struct ptrauth_key __pki_v = (v);           \
0040     write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1); \
0041     write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1); \
0042 } while (0)
0043
0044 #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
0045
0046 struct ptrauth_keys_kernel {
0047     struct ptrauth_key apia;
0048 };
0049
0050 static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
0051 {
0052     if (system_supports_address_auth())
0053         get_random_bytes(&keys->apia, sizeof(keys->apia));
0054 }
0055
0056 static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
0057 {
0058     if (!system_supports_address_auth())
0059         return;
0060
0061     __ptrauth_key_install_nosync(APIA, keys->apia);
0062     isb();
0063 }
0064
0065 #endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */
0066
0067 static inline void ptrauth_keys_install_user(struct ptrauth_keys_user *keys)
0068 {
0069     if (system_supports_address_auth()) {
0070         __ptrauth_key_install_nosync(APIB, keys->apib);
0071         __ptrauth_key_install_nosync(APDA, keys->apda);
0072         __ptrauth_key_install_nosync(APDB, keys->apdb);
0073     }
0074
0075     if (system_supports_generic_auth())
0076         __ptrauth_key_install_nosync(APGA, keys->apga);
0077 }
0078
0079 static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
0080 {
0081     if (system_supports_address_auth()) {
0082         get_random_bytes(&keys->apia, sizeof(keys->apia));
0083         get_random_bytes(&keys->apib, sizeof(keys->apib));
0084         get_random_bytes(&keys->apda, sizeof(keys->apda));
0085         get_random_bytes(&keys->apdb, sizeof(keys->apdb));
0086     }
0087
0088     if (system_supports_generic_auth())
0089         get_random_bytes(&keys->apga, sizeof(keys->apga));
0090
0091     ptrauth_keys_install_user(keys);
0092 }
0093
0094 extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
0095
0096 extern int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
0097                     unsigned long enabled);
0098 extern int ptrauth_get_enabled_keys(struct task_struct *tsk);
0099
0100 static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
0101 {
0102     return ptrauth_clear_pac(ptr);
0103 }
0104
0105 static __always_inline void ptrauth_enable(void)
0106 {
0107     if (!system_supports_address_auth())
0108         return;
0109     sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |
0110                     SCTLR_ELx_ENDA | SCTLR_ELx_ENDB));
0111     isb();
0112 }
0113
0114 #define ptrauth_suspend_exit()                                                 \
0115     ptrauth_keys_install_user(&current->thread.keys_user)
0116
0117 #define ptrauth_thread_init_user()                                             \
0118     do {                                                                   \
0119         ptrauth_keys_init_user(&current->thread.keys_user);            \
0120                                            \
0121         /* enable all keys */                                          \
0122         if (system_supports_address_auth())                            \
0123             ptrauth_set_enabled_keys(current,                      \
0124                          PR_PAC_ENABLED_KEYS_MASK,     \
0125                          PR_PAC_ENABLED_KEYS_MASK);    \
0126     } while (0)
0127
0128 #define ptrauth_thread_switch_user(tsk)                                        \
0129     ptrauth_keys_install_user(&(tsk)->thread.keys_user)
0130
0131 #else /* CONFIG_ARM64_PTR_AUTH */
0132 #define ptrauth_enable()
0133 #define ptrauth_prctl_reset_keys(tsk, arg)  (-EINVAL)
0134 #define ptrauth_set_enabled_keys(tsk, keys, enabled)    (-EINVAL)
0135 #define ptrauth_get_enabled_keys(tsk)   (-EINVAL)
0136 #define ptrauth_strip_insn_pac(lr)  (lr)
0137 #define ptrauth_suspend_exit()
0138 #define ptrauth_thread_init_user()
0139 #define ptrauth_thread_switch_user(tsk)
0140 #endif /* CONFIG_ARM64_PTR_AUTH */
0141
0142 #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
0143 #define ptrauth_thread_init_kernel(tsk)                 \
0144     ptrauth_keys_init_kernel(&(tsk)->thread.keys_kernel)
0145 #define ptrauth_thread_switch_kernel(tsk)               \
0146     ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)
0147 #else
0148 #define ptrauth_thread_init_kernel(tsk)
0149 #define ptrauth_thread_switch_kernel(tsk)
0150 #endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */
0151
0152 #endif /* __ASM_POINTER_AUTH_H */