From patchwork Fri Aug 13 12:22:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Hoyes X-Patchwork-Id: 1516646 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GmN4j446Gz9sWq for ; Fri, 13 Aug 2021 22:23:16 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id BD0FE82DF0; Fri, 13 Aug 2021 14:23:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 3F4F282DF7; Fri, 13 Aug 2021 14:23:09 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 4614D80082 for ; Fri, 13 Aug 2021 14:23:04 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=peter.hoyes@arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6CFE21042; Fri, 13 Aug 2021 05:23:03 -0700 (PDT) Received: from e125920.arm.com (unknown [10.57.88.64]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F329B3F70D; Fri, 13 Aug 2021 05:23:01 -0700 (PDT) From: Peter Hoyes To: u-boot@lists.denx.de Cc: patrick.delaunay@foss.st.com, sjg@chromium.org, andre.przywara@arm.com, diego.sueiro@arm.com, Peter Hoyes Subject: [PATCH 1/2] armv8: Disable pointer authentication traps for EL1 Date: Fri, 13 Aug 2021 13:22:52 +0100 Message-Id: <20210813122252.2230058-1-peter.hoyes@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Peter Hoyes The use of ARMv8.3 pointer authentication (PAuth) is governed by fields in HCR_EL2, which trigger a 'trap to EL2' if not enabled. The reset value of these fields is 'architecturally unknown' so we must ensure that the fields are enabled (to disable the traps) if we are entering the kernel at EL1. The APK field disables PAuth instruction traps and the API field disables PAuth register traps Add code to disable the traps in armv8_switch_to_el1_m. Prior to doing so, it checks fields in the ID_AA64ISAR1_EL1 register to ensure pointer authentication is supported by the hardware. The runtime checks require a second temporary register, so add this to the EL1 transition macro signature and update 2 call sites. Signed-off-by: Peter Hoyes --- arch/arm/cpu/armv8/fsl-layerscape/spintable.S | 2 +- arch/arm/cpu/armv8/transition.S | 2 +- arch/arm/include/asm/macro.h | 11 +++++++++-- arch/arm/include/asm/system.h | 15 +++++++++++++++ 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/arch/arm/cpu/armv8/fsl-layerscape/spintable.S b/arch/arm/cpu/armv8/fsl-layerscape/spintable.S index 363ded03e6..d6bd188459 100644 --- a/arch/arm/cpu/armv8/fsl-layerscape/spintable.S +++ b/arch/arm/cpu/armv8/fsl-layerscape/spintable.S @@ -93,7 +93,7 @@ __secondary_boot_func: 4: #ifdef CONFIG_ARMV8_SWITCH_TO_EL1 switch_el x7, _dead_loop, 0f, _dead_loop -0: armv8_switch_to_el1_m x4, x6, x7 +0: armv8_switch_to_el1_m x4, x6, x7, x9 #else switch_el x7, 0f, _dead_loop, _dead_loop 0: armv8_switch_to_el2_m x4, x6, x7 diff --git a/arch/arm/cpu/armv8/transition.S b/arch/arm/cpu/armv8/transition.S index a31af4ffc8..9dbdff3a4f 100644 --- a/arch/arm/cpu/armv8/transition.S +++ b/arch/arm/cpu/armv8/transition.S @@ -40,7 +40,7 @@ ENTRY(armv8_switch_to_el1) * now, jump to the address saved in x4. */ br x4 -1: armv8_switch_to_el1_m x4, x5, x6 +1: armv8_switch_to_el1_m x4, x5, x6, x7 ENDPROC(armv8_switch_to_el1) .popsection diff --git a/arch/arm/include/asm/macro.h b/arch/arm/include/asm/macro.h index 485310d660..e1eefc283f 100644 --- a/arch/arm/include/asm/macro.h +++ b/arch/arm/include/asm/macro.h @@ -256,7 +256,7 @@ lr .req x30 * For loading 64-bit OS, x0 is physical address to the FDT blob. * They will be passed to the guest. */ -.macro armv8_switch_to_el1_m, ep, flag, tmp +.macro armv8_switch_to_el1_m, ep, flag, tmp, tmp2 /* Initialize Generic Timers */ mrs \tmp, cnthctl_el2 /* Enable EL1 access to timers */ @@ -306,7 +306,14 @@ lr .req x30 b.eq 1f /* Initialize HCR_EL2 */ - ldr \tmp, =(HCR_EL2_RW_AARCH64 | HCR_EL2_HCD_DIS) + /* Only disable PAuth traps if PAuth is supported */ + mrs \tmp, id_aa64isar1_el1 + ldr \tmp2, =(ID_AA64ISAR1_EL1_GPI | ID_AA64ISAR1_EL1_GPA | \ + ID_AA64ISAR1_EL1_API | ID_AA64ISAR1_EL1_APA) + tst \tmp, \tmp2 + mov \tmp2, #(HCR_EL2_RW_AARCH64 | HCR_EL2_HCD_DIS) + orr \tmp, \tmp2, #(HCR_EL2_APK | HCR_EL2_API) + csel \tmp, \tmp2, \tmp, eq msr hcr_el2, \tmp /* Return to the EL1_SP1 mode from EL2 */ diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index 8b3a54e64c..77aa18909e 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -75,10 +75,25 @@ /* * HCR_EL2 bits definitions */ +#define HCR_EL2_API (1 << 41) /* Trap pointer authentication + instructions */ +#define HCR_EL2_APK (1 << 40) /* Trap pointer authentication + key access */ #define HCR_EL2_RW_AARCH64 (1 << 31) /* EL1 is AArch64 */ #define HCR_EL2_RW_AARCH32 (0 << 31) /* Lower levels are AArch32 */ #define HCR_EL2_HCD_DIS (1 << 29) /* Hypervisor Call disabled */ +/* + * ID_AA64ISAR1_EL1 bits definitions + */ +#define ID_AA64ISAR1_EL1_GPI (0xF << 28) /* Implementation-defined generic + code auth algorithm */ +#define ID_AA64ISAR1_EL1_GPA (0xF << 24) /* QARMA generic code auth + algorithm */ +#define ID_AA64ISAR1_EL1_API (0xF << 8) /* Implementation-defined address + auth algorithm */ +#define ID_AA64ISAR1_EL1_APA (0xF << 4) /* QARMA address auth algorithm */ + /* * ID_AA64PFR0_EL1 bits definitions */ From patchwork Fri Aug 13 12:23:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Hoyes X-Patchwork-Id: 1516647 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GmN5g4t3Wz9sWq for ; Fri, 13 Aug 2021 22:24:07 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C638D82DF7; Fri, 13 Aug 2021 14:24:03 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id 74B5582E2B; Fri, 13 Aug 2021 14:24:02 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 1373C82DF0 for ; Fri, 13 Aug 2021 14:23:58 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=peter.hoyes@arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 228A01042; Fri, 13 Aug 2021 05:23:57 -0700 (PDT) Received: from e125920.arm.com (unknown [10.57.88.64]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AB3303F70D; Fri, 13 Aug 2021 05:23:55 -0700 (PDT) From: Peter Hoyes To: u-boot@lists.denx.de Cc: patrick.delaunay@foss.st.com, sjg@chromium.org, andre.przywara@arm.com, diego.sueiro@arm.com, Peter Hoyes Subject: [PATCH 2/2] armv8: Ensure EL1&0 VMSA is enabled Date: Fri, 13 Aug 2021 13:23:48 +0100 Message-Id: <20210813122348.2230188-1-peter.hoyes@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean From: Peter Hoyes On Armv8-R, the EL1&0 memory system architecture is configurable as a VMSA or PMSA, and resets to an "architecturally unknown" value. Add code to armv8_switch_to_el1_m which detects whether the MSA at EL1&0 is configurable using the id_aa64mmfr0_el1 register MSA fields. If it is we must ensure the VMSA is enabled so that a rich OS can boot. The MSA and MSA_FRAC fields are described in the Armv8-R architecture profile supplement (section G1.3.7): https://developer.arm.com/documentation/ddi0600/latest/ Signed-off-by: Peter Hoyes --- arch/arm/include/asm/macro.h | 17 +++++++++++++++++ arch/arm/include/asm/system.h | 24 ++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/arch/arm/include/asm/macro.h b/arch/arm/include/asm/macro.h index e1eefc283f..ecd8221c0d 100644 --- a/arch/arm/include/asm/macro.h +++ b/arch/arm/include/asm/macro.h @@ -316,6 +316,23 @@ lr .req x30 csel \tmp, \tmp2, \tmp, eq msr hcr_el2, \tmp + /* + * Detect whether the system has a configurable memory system + * architecture at EL1&0 + */ + mrs \tmp, id_aa64mmfr0_el1 + lsr \tmp, \tmp, #48 + and \tmp, \tmp, #((ID_AA64MMFR0_EL1_MSA_MASK | \ + ID_AA64MMFR0_EL1_MSA_FRAC_MASK) >> 48) + cmp \tmp, #((ID_AA64MMFR0_EL1_MSA_USE_FRAC | \ + ID_AA64MMFR0_EL1_MSA_FRAC_VMSA) >> 48) + bne 2f + + /* Ensure the EL1&0 VMSA is enabled */ + mov \tmp, #(VTCR_EL2_MSA) + msr vtcr_el2, \tmp +2: + /* Return to the EL1_SP1 mode from EL2 */ ldr \tmp, =(SPSR_EL_DEBUG_MASK | SPSR_EL_SERR_MASK |\ SPSR_EL_IRQ_MASK | SPSR_EL_FIQ_MASK |\ diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index 77aa18909e..e4c11e830a 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h @@ -83,6 +83,30 @@ #define HCR_EL2_RW_AARCH32 (0 << 31) /* Lower levels are AArch32 */ #define HCR_EL2_HCD_DIS (1 << 29) /* Hypervisor Call disabled */ +/* + * VTCR_EL2 bits definitions + */ +#define VTCR_EL2_MSA (1 << 31) /* EL1&0 memory architecture */ + +/* + * ID_AA64MMFR0_EL1 bits definitions + */ +#define ID_AA64MMFR0_EL1_MSA_FRAC_MASK (0xFUL << 52) /* Memory system + architecture + frac */ +#define ID_AA64MMFR0_EL1_MSA_FRAC_VMSA (0x2UL << 52) /* EL1&0 supports + VMSA */ +#define ID_AA64MMFR0_EL1_MSA_FRAC_PMSA (0x1UL << 52) /* EL1&0 only + supports PMSA*/ +#define ID_AA64MMFR0_EL1_MSA_FRAC_NO_PMSA (0x0UL << 52) /* No PMSA + support */ +#define ID_AA64MMFR0_EL1_MSA_MASK (0xFUL << 48) /* Memory system + architecture */ +#define ID_AA64MMFR0_EL1_MSA_USE_FRAC (0xFUL << 48) /* Use MSA_FRAC */ +#define ID_AA64MMFR0_EL1_MSA_VMSA (0x0UL << 48) /* Memory system + architecture + is VMSA */ + /* * ID_AA64ISAR1_EL1 bits definitions */