| Message ID | 1576486038-9899-14-git-send-email-amit.kachhap@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: return address signing | expand |
On Mon, Dec 16, 2019 at 02:17:15PM +0530, Amit Daniel Kachhap wrote: > This patch disables the probing of authenticate ptrauth > instruction which falls under the hint instructions region. > This is done to disallow probe of instruction which may lead > to ptrauth faults. > > The corresponding append pac ptrauth instruction is not > disabled as they are typically the first instruction in the > function so disabling them will be disabling the function > probe itself. Also, appending pac do not cause any exception > in itself. Neither does AUTIASP in v8.3, only the subsequent dereferencing, so why can kprobes cope with PACIASP but not AUTIASP?
On 1/17/20 11:16 AM, Catalin Marinas wrote: > On Mon, Dec 16, 2019 at 02:17:15PM +0530, Amit Daniel Kachhap wrote: >> This patch disables the probing of authenticate ptrauth >> instruction which falls under the hint instructions region. >> This is done to disallow probe of instruction which may lead >> to ptrauth faults. >> >> The corresponding append pac ptrauth instruction is not >> disabled as they are typically the first instruction in the >> function so disabling them will be disabling the function >> probe itself. Also, appending pac do not cause any exception >> in itself. > > Neither does AUTIASP in v8.3, only the subsequent dereferencing, so why > can kprobes cope with PACIASP but not AUTIASP? ok I will add this patch as part of FPAC in armv8.6 ptrauth. >
diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h index bb313dd..2e01db0 100644 --- a/arch/arm64/include/asm/insn.h +++ b/arch/arm64/include/asm/insn.h @@ -40,12 +40,13 @@ enum aarch64_insn_encoding_class { }; enum aarch64_insn_hint_op { - AARCH64_INSN_HINT_NOP = 0x0 << 5, - AARCH64_INSN_HINT_YIELD = 0x1 << 5, - AARCH64_INSN_HINT_WFE = 0x2 << 5, - AARCH64_INSN_HINT_WFI = 0x3 << 5, - AARCH64_INSN_HINT_SEV = 0x4 << 5, - AARCH64_INSN_HINT_SEVL = 0x5 << 5, + AARCH64_INSN_HINT_NOP = 0x0 << 5, + AARCH64_INSN_HINT_YIELD = 0x1 << 5, + AARCH64_INSN_HINT_WFE = 0x2 << 5, + AARCH64_INSN_HINT_WFI = 0x3 << 5, + AARCH64_INSN_HINT_SEV = 0x4 << 5, + AARCH64_INSN_HINT_SEVL = 0x5 << 5, + AARCH64_INSN_HINT_AUTIASP = (0x3 << 8) | (0x5 << 5), }; enum aarch64_insn_imm_type { diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c index 4a9e773..87f7c8a 100644 --- a/arch/arm64/kernel/insn.c +++ b/arch/arm64/kernel/insn.c @@ -63,6 +63,7 @@ bool __kprobes aarch64_insn_is_nop(u32 insn) case AARCH64_INSN_HINT_WFI: case AARCH64_INSN_HINT_SEV: case AARCH64_INSN_HINT_SEVL: + case AARCH64_INSN_HINT_AUTIASP: return false; default: return true; diff --git a/arch/arm64/kernel/probes/decode-insn.c b/arch/arm64/kernel/probes/decode-insn.c index b78fac9..a7caf84 100644 --- a/arch/arm64/kernel/probes/decode-insn.c +++ b/arch/arm64/kernel/probes/decode-insn.c @@ -42,7 +42,7 @@ static bool __kprobes aarch64_insn_is_steppable(u32 insn) != AARCH64_INSN_SPCLREG_DAIF; /* - * The HINT instruction is is problematic when single-stepping, + * The HINT instruction is problematic when single-stepping, * except for the NOP case. */ if (aarch64_insn_is_hint(insn))
This patch disables the probing of authenticate ptrauth instruction which falls under the hint instructions region. This is done to disallow probe of instruction which may lead to ptrauth faults. The corresponding append pac ptrauth instruction is not disabled as they are typically the first instruction in the function so disabling them will be disabling the function probe itself. Also, appending pac do not cause any exception in itself. Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com> --- Changes since last version: * None. arch/arm64/include/asm/insn.h | 13 +++++++------ arch/arm64/kernel/insn.c | 1 + arch/arm64/kernel/probes/decode-insn.c | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-)