From 4e8f6e44bce8da3b0e2df37b12839f4bc9c9cabe Mon Sep 17 00:00:00 2001 From: Neeraj Upadhyay Date: Tue, 25 Apr 2023 15:27:00 +0530 Subject: [PATCH 1/4] arm64: Fix label placement in record_mmu_state() Fix label so that pre_disable_mmu_workaround() is called before clearing sctlr_el1.M. Fixes: 2ced0f30a426 ("arm64: head: Switch endianness before populating the ID map") Signed-off-by: Neeraj Upadhyay Acked-by: Ard Biesheuvel Link: https://lore.kernel.org/r/20230425095700.22005-1-quic_neeraju@quicinc.com Signed-off-by: Will Deacon --- arch/arm64/kernel/head.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index b98970907226..e92caebff46a 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -150,8 +150,8 @@ CPU_BE( tbz x19, #SCTLR_ELx_EE_SHIFT, 1f ) pre_disable_mmu_workaround msr sctlr_el2, x19 b 3f - pre_disable_mmu_workaround -2: msr sctlr_el1, x19 +2: pre_disable_mmu_workaround + msr sctlr_el1, x19 3: isb mov x19, xzr ret From eda081d2efac50c9b314df7fb340a62306a7b07a Mon Sep 17 00:00:00 2001 From: Kristina Martsenko Date: Fri, 28 Apr 2023 14:25:46 +0100 Subject: [PATCH 2/4] arm64: cpufeature: Fix pointer auth hwcaps The pointer auth hwcaps are not getting reported to userspace, as they are missing the .matches field. Add the field back. Fixes: 876e3c8efe79 ("arm64/cpufeature: Pull out helper for CPUID register definitions") Signed-off-by: Kristina Martsenko Reviewed-by: Mark Brown Link: https://lore.kernel.org/r/20230428132546.2513834-1-kristina.martsenko@arm.com Signed-off-by: Will Deacon --- arch/arm64/kernel/cpufeature.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 1bdad599e769..d26a11f78b9f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2657,26 +2657,26 @@ static const struct arm64_cpu_capabilities arm64_features[] = { #ifdef CONFIG_ARM64_PTR_AUTH static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = { { - ARM64_CPUID_FIELDS(ID_AA64ISAR1_EL1, APA, PAuth) + HWCAP_CPUID_MATCH(ID_AA64ISAR1_EL1, APA, PAuth) }, { - ARM64_CPUID_FIELDS(ID_AA64ISAR2_EL1, APA3, PAuth) + HWCAP_CPUID_MATCH(ID_AA64ISAR2_EL1, APA3, PAuth) }, { - ARM64_CPUID_FIELDS(ID_AA64ISAR1_EL1, API, PAuth) + HWCAP_CPUID_MATCH(ID_AA64ISAR1_EL1, API, PAuth) }, {}, }; static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = { { - ARM64_CPUID_FIELDS(ID_AA64ISAR1_EL1, GPA, IMP) + HWCAP_CPUID_MATCH(ID_AA64ISAR1_EL1, GPA, IMP) }, { - ARM64_CPUID_FIELDS(ID_AA64ISAR2_EL1, GPA3, IMP) + HWCAP_CPUID_MATCH(ID_AA64ISAR2_EL1, GPA3, IMP) }, { - ARM64_CPUID_FIELDS(ID_AA64ISAR1_EL1, GPI, IMP) + HWCAP_CPUID_MATCH(ID_AA64ISAR1_EL1, GPI, IMP) }, {}, }; From 4df69e0df295822cdf816442fe4897f214cccb08 Mon Sep 17 00:00:00 2001 From: "ndesaulniers@google.com" Date: Fri, 28 Apr 2023 11:28:17 -0700 Subject: [PATCH 3/4] arm64: kernel: remove SHF_WRITE|SHF_EXECINSTR from .idmap.text commit d54170812ef1 ("arm64: fix .idmap.text assertion for large kernels") modified some of the section assembler directives that declare .idmap.text to be SHF_ALLOC instead of SHF_ALLOC|SHF_WRITE|SHF_EXECINSTR. This patch fixes up the remaining stragglers that were left behind. Add Fixes tag so that this doesn't precede related change in stable. Fixes: d54170812ef1 ("arm64: fix .idmap.text assertion for large kernels") Reported-by: Greg Thelen Reviewed-by: Ard Biesheuvel Signed-off-by: Nick Desaulniers Link: https://lore.kernel.org/r/20230428-awx-v2-1-b197ffa16edc@google.com Signed-off-by: Will Deacon --- arch/arm64/kernel/cpu-reset.S | 2 +- arch/arm64/kernel/sleep.S | 2 +- arch/arm64/mm/proc.S | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S index 6b752fe89745..c87445dde674 100644 --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -14,7 +14,7 @@ #include .text -.pushsection .idmap.text, "awx" +.pushsection .idmap.text, "a" /* * cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S index 2ae7cff1953a..2aa5129d8253 100644 --- a/arch/arm64/kernel/sleep.S +++ b/arch/arm64/kernel/sleep.S @@ -97,7 +97,7 @@ SYM_FUNC_START(__cpu_suspend_enter) ret SYM_FUNC_END(__cpu_suspend_enter) - .pushsection ".idmap.text", "awx" + .pushsection ".idmap.text", "a" SYM_CODE_START(cpu_resume) mov x0, xzr bl init_kernel_el diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 91410f488090..c2cb437821ca 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -167,7 +167,7 @@ alternative_else_nop_endif SYM_FUNC_END(cpu_do_resume) #endif - .pushsection ".idmap.text", "awx" + .pushsection ".idmap.text", "a" .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2 adrp \tmp1, reserved_pg_dir @@ -201,7 +201,7 @@ SYM_FUNC_END(idmap_cpu_replace_ttbr1) #define KPTI_NG_PTE_FLAGS (PTE_ATTRINDX(MT_NORMAL) | SWAPPER_PTE_FLAGS) - .pushsection ".idmap.text", "awx" + .pushsection ".idmap.text", "a" .macro kpti_mk_tbl_ng, type, num_entries add end_\type\()p, cur_\type\()p, #\num_entries * 8 @@ -400,7 +400,7 @@ SYM_FUNC_END(idmap_kpti_install_ng_mappings) * Output: * Return in x0 the value of the SCTLR_EL1 register. */ - .pushsection ".idmap.text", "awx" + .pushsection ".idmap.text", "a" SYM_FUNC_START(__cpu_setup) tlbi vmalle1 // Invalidate local TLB dsb nsh From 0fddb79bf283a561eb81f09d01f5ac8f61bf8966 Mon Sep 17 00:00:00 2001 From: Fangrui Song Date: Tue, 2 May 2023 07:41:05 +0000 Subject: [PATCH 4/4] arm64: lds: move .got section out of .text Currently, the .got section is placed within the output section .text. However, when .got is non-empty, the SHF_WRITE flag is set for .text when linked by lld. GNU ld recognizes .text as a special section and ignores the SHF_WRITE flag. By renaming .text, we can also get the SHF_WRITE flag. The kernel has performed R_AARCH64_RELATIVE resolving very early, and can then assume that .got is read-only. Let's move .got to the vmlinux_rodata pseudo-segment. As Ard Biesheuvel notes: "This matters to consumers of the vmlinux ELF representation of the kernel image, such as syzkaller, which disregards writable PT_LOAD segments when resolving code symbols. The kernel itself does not care about this distinction, but given that the GOT contains data and not code, it does not require executable permissions, and therefore does not belong in .text to begin with." Reviewed-by: Ard Biesheuvel Signed-off-by: Fangrui Song Link: https://lore.kernel.org/r/20230502074105.1541926-1-maskray@google.com Signed-off-by: Will Deacon --- arch/arm64/kernel/vmlinux.lds.S | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index b9202c2ee18e..3cd7e76cc562 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -181,18 +181,8 @@ SECTIONS KPROBES_TEXT HYPERVISOR_TEXT *(.gnu.warning) - . = ALIGN(16); - *(.got) /* Global offset table */ } - /* - * Make sure that the .got.plt is either completely empty or it - * contains only the lazy dispatch entries. - */ - .got.plt : { *(.got.plt) } - ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, - "Unexpected GOT/PLT entries detected!") - . = ALIGN(SEGMENT_ALIGN); _etext = .; /* End of text section */ @@ -201,6 +191,15 @@ SECTIONS HYPERVISOR_DATA_SECTIONS + .got : { *(.got) } + /* + * Make sure that the .got.plt is either completely empty or it + * contains only the lazy dispatch entries. + */ + .got.plt : { *(.got.plt) } + ASSERT(SIZEOF(.got.plt) == 0 || SIZEOF(.got.plt) == 0x18, + "Unexpected GOT/PLT entries detected!") + /* code sections that are never executed via the kernel mapping */ .rodata.text : { TRAMP_TEXT