1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef __ASM_POINTER_AUTH_H
3 #define __ASM_POINTER_AUTH_H
4 
5 #include <linux/bitops.h>
6 #include <linux/prctl.h>
7 #include <linux/random.h>
8 
9 #include <asm/cpufeature.h>
10 #include <asm/memory.h>
11 #include <asm/sysreg.h>
12 
13 #define PR_PAC_ENABLED_KEYS_MASK                                               \
14 	(PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY | PR_PAC_APDBKEY)
15 
16 #ifdef CONFIG_ARM64_PTR_AUTH
17 /*
18  * Each key is a 128-bit quantity which is split across a pair of 64-bit
19  * registers (Lo and Hi).
20  */
21 struct ptrauth_key {
22 	unsigned long lo, hi;
23 };
24 
25 /*
26  * We give each process its own keys, which are shared by all threads. The keys
27  * are inherited upon fork(), and reinitialised upon exec*().
28  */
29 struct ptrauth_keys_user {
30 	struct ptrauth_key apia;
31 	struct ptrauth_key apib;
32 	struct ptrauth_key apda;
33 	struct ptrauth_key apdb;
34 	struct ptrauth_key apga;
35 };
36 
37 #define __ptrauth_key_install_nosync(k, v)			\
38 do {								\
39 	struct ptrauth_key __pki_v = (v);			\
40 	write_sysreg_s(__pki_v.lo, SYS_ ## k ## KEYLO_EL1);	\
41 	write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1);	\
42 } while (0)
43 
44 #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
45 
46 struct ptrauth_keys_kernel {
47 	struct ptrauth_key apia;
48 };
49 
50 static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
51 {
52 	if (system_supports_address_auth())
53 		get_random_bytes(&keys->apia, sizeof(keys->apia));
54 }
55 
56 static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
57 {
58 	if (!system_supports_address_auth())
59 		return;
60 
61 	__ptrauth_key_install_nosync(APIA, keys->apia);
62 	isb();
63 }
64 
65 #endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */
66 
67 static inline void ptrauth_keys_install_user(struct ptrauth_keys_user *keys)
68 {
69 	if (system_supports_address_auth()) {
70 		__ptrauth_key_install_nosync(APIB, keys->apib);
71 		__ptrauth_key_install_nosync(APDA, keys->apda);
72 		__ptrauth_key_install_nosync(APDB, keys->apdb);
73 	}
74 
75 	if (system_supports_generic_auth())
76 		__ptrauth_key_install_nosync(APGA, keys->apga);
77 }
78 
79 static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
80 {
81 	if (system_supports_address_auth()) {
82 		get_random_bytes(&keys->apia, sizeof(keys->apia));
83 		get_random_bytes(&keys->apib, sizeof(keys->apib));
84 		get_random_bytes(&keys->apda, sizeof(keys->apda));
85 		get_random_bytes(&keys->apdb, sizeof(keys->apdb));
86 	}
87 
88 	if (system_supports_generic_auth())
89 		get_random_bytes(&keys->apga, sizeof(keys->apga));
90 
91 	ptrauth_keys_install_user(keys);
92 }
93 
94 extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
95 
96 extern int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
97 				    unsigned long enabled);
98 extern int ptrauth_get_enabled_keys(struct task_struct *tsk);
99 
100 static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
101 {
102 	return ptrauth_clear_pac(ptr);
103 }
104 
105 static __always_inline void ptrauth_enable(void)
106 {
107 	if (!system_supports_address_auth())
108 		return;
109 	sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |
110 					SCTLR_ELx_ENDA | SCTLR_ELx_ENDB));
111 	isb();
112 }
113 
114 #define ptrauth_suspend_exit()                                                 \
115 	ptrauth_keys_install_user(&current->thread.keys_user)
116 
117 #define ptrauth_thread_init_user()                                             \
118 	do {                                                                   \
119 		ptrauth_keys_init_user(&current->thread.keys_user);            \
120 									       \
121 		/* enable all keys */                                          \
122 		if (system_supports_address_auth())                            \
123 			ptrauth_set_enabled_keys(current,                      \
124 						 PR_PAC_ENABLED_KEYS_MASK,     \
125 						 PR_PAC_ENABLED_KEYS_MASK);    \
126 	} while (0)
127 
128 #define ptrauth_thread_switch_user(tsk)                                        \
129 	ptrauth_keys_install_user(&(tsk)->thread.keys_user)
130 
131 #else /* CONFIG_ARM64_PTR_AUTH */
132 #define ptrauth_enable()
133 #define ptrauth_prctl_reset_keys(tsk, arg)	(-EINVAL)
134 #define ptrauth_set_enabled_keys(tsk, keys, enabled)	(-EINVAL)
135 #define ptrauth_get_enabled_keys(tsk)	(-EINVAL)
136 #define ptrauth_strip_insn_pac(lr)	(lr)
137 #define ptrauth_suspend_exit()
138 #define ptrauth_thread_init_user()
139 #define ptrauth_thread_switch_user(tsk)
140 #endif /* CONFIG_ARM64_PTR_AUTH */
141 
142 #ifdef CONFIG_ARM64_PTR_AUTH_KERNEL
143 #define ptrauth_thread_init_kernel(tsk)					\
144 	ptrauth_keys_init_kernel(&(tsk)->thread.keys_kernel)
145 #define ptrauth_thread_switch_kernel(tsk)				\
146 	ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)
147 #else
148 #define ptrauth_thread_init_kernel(tsk)
149 #define ptrauth_thread_switch_kernel(tsk)
150 #endif /* CONFIG_ARM64_PTR_AUTH_KERNEL */
151 
152 #endif /* __ASM_POINTER_AUTH_H */
153