The arm64 Guarded Control Stack (GCS) feature provides support for
hardware protected stacks of return addresses, intended to provide
hardening against return oriented programming (ROP) attacks and to make
it easier to gather call stacks for applications such as profiling.
When GCS is active a sec
As per DDI 0487 RWTXBY we need to manage PSTATE.EXLOCK when entering an
exception, when the exception is entered from a lower EL the bit is cleared
while if entering from the same EL it is set to GCSCR_ELx.EXLOCKEN.
Implement this behaviour in enter_exception64().
Signed-off-by: Mark Brown
---
a
GCS adds new registers GCSCR_EL1, GCSCRE0_EL1, GCSPR_EL1 and GCSPR_EL0. Add
these to those validated by get-reg-list.
Reviewed-by: Thiago Jung Bauermann
Signed-off-by: Mark Brown
---
tools/testing/selftests/kvm/aarch64/get-reg-list.c | 28 ++
1 file changed, 28 insertions(+)
Prior to commit 70ed7238297f ("KVM: arm64: Sanitise ID_AA64MMFR3_EL1")
we just exposed the santised view of ID_AA64MMFR3_EL1 to guests, meaning
that they saw both TCRX and S1PIE if present on the host machine. That
commit added VMM control over the contents of the register and exposed
S1POE but rem
The initial EL2 setup for GCS did not include disabling of EL1 usage of
GCS instructions, also disable these traps. This is the first disabling
of instruction traps, use x2 to store the value to be written.
Signed-off-by: Mark Brown
---
arch/arm64/include/asm/el2_setup.h | 7 ++-
1 file cha
GCS introduces a number of system registers for EL1 and EL0, on systems
with GCS we need to context switch them and expose them to VMMs to allow
guests to use GCS.
In order to allow guests to use GCS we also need to configure
HCRX_EL2.GCSEn, if this is not set GCS instructions will be noops and
CH
On Sat, Oct 05, 2024 at 02:18:57PM +0100, Marc Zyngier wrote:
> Mark Brown wrote:
> > On Sat, Oct 05, 2024 at 12:34:20PM +0100, Marc Zyngier wrote:
> > > Where is the handling of traps resulting of HFGITR_EL2.nGCSSTR_EL1?
> > These will trap with an EC of 0x2d which isn't known so I was expectin
On Sat, Oct 05, 2024 at 03:02:09PM +0100, Marc Zyngier wrote:
> Mark Brown wrote:
> > Ah, I see. I'd been under the impression that the generic machinery was
> > supposed to handle this already using the descriptions in
> > emulate-nested.c and we only needed handlers for more specific actions.
On Sat, 05 Oct 2024 15:26:38 +0100,
Mark Brown wrote:
>
> [1 ]
> On Sat, Oct 05, 2024 at 03:02:09PM +0100, Marc Zyngier wrote:
> > Mark Brown wrote:
>
> > > Ah, I see. I'd been under the impression that the generic machinery was
> > > supposed to handle this already using the descriptions in
On Sat, Oct 05, 2024 at 01:36:09PM +0100, Marc Zyngier wrote:
> Mark Brown wrote:
> > + // PSTATE.EXLOCK is set to 0 upon any exception to a higher
> > + // EL, or to GCSCR_ELx.EXLOCKEN for an exception to the same
> > + // exception level. See ARM DDI 0487 RWTXBY, D.1.3.2 in K.a.
> > +
Kees Cook writes:
> The tradition in kernel .rst is to do this with the trailing "::", e.g.:
>
> +Configure the kernel with::
> +
> + CONFIG_AUTOFDO_CLANG=y
>
> This loses the language-specific highlighting when rendered. Perhaps the
> "::" extension can be further extended?
>
> +Configure th
On Sat, 05 Oct 2024 15:14:21 +0100,
Mark Brown wrote:
>
> On Sat, Oct 05, 2024 at 01:36:09PM +0100, Marc Zyngier wrote:
> > Mark Brown wrote:
>
> > > + // PSTATE.EXLOCK is set to 0 upon any exception to a higher
> > > + // EL, or to GCSCR_ELx.EXLOCKEN for an exception to the same
> > > + // exc
On Fri, Oct 04, 2024 at 02:23:45PM -0700, Justin Stitt wrote:
> On Fri, Oct 4, 2024 at 11:29 AM Peter Zijlstra wrote:
> >
> > On Fri, Oct 04, 2024 at 11:10:04AM -0700, Kees Cook wrote:
> >
> > > +Configure the kernel with::(make)
> > > +
> > > + CONFIG_AUTOFDO_CLANG=y
> > >
> > > Then we could
On Sat, 05 Oct 2024 11:37:30 +0100,
Mark Brown wrote:
>
> GCS introduces a number of system registers for EL1 and EL0, on systems
> with GCS we need to context switch them and expose them to VMMs to allow
> guests to use GCS.
>
> In order to allow guests to use GCS we also need to configure
> HC
On Sat, 05 Oct 2024 11:37:31 +0100,
Mark Brown wrote:
>
> As per DDI 0487 RWTXBY we need to manage PSTATE.EXLOCK when entering an
> exception, when the exception is entered from a lower EL the bit is cleared
> while if entering from the same EL it is set to GCSCR_ELx.EXLOCKEN.
> Implement this be
On Sat, Oct 05, 2024 at 12:34:20PM +0100, Marc Zyngier wrote:
> Mark Brown wrote:
> > + if (!kvm_has_gcs(kvm)) {
> > + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 |
> > + HFGxTR_EL2_nGCS_EL1);
> > + kvm->arch.fgu[HFGITR_GROUP
On Sat, 05 Oct 2024 14:08:39 +0100,
Mark Brown wrote:
>
> On Sat, Oct 05, 2024 at 12:34:20PM +0100, Marc Zyngier wrote:
> > Mark Brown wrote:
>
> > > + if (!kvm_has_gcs(kvm)) {
> > > + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 |
> > > +
On Sat, 05 Oct 2024 14:48:09 +0100,
Mark Brown wrote:
>
> [1 ]
> On Sat, Oct 05, 2024 at 02:18:57PM +0100, Marc Zyngier wrote:
> > Mark Brown wrote:
> > > On Sat, Oct 05, 2024 at 12:34:20PM +0100, Marc Zyngier wrote:
>
> > > > Where is the handling of traps resulting of HFGITR_EL2.nGCSSTR_EL1?
18 matches
Mail list logo
