| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210812190213.2601506-5-maz@kernel.org>
Date: Thu, 12 Aug 2021 20:02:12 +0100
From: Marc Zyngier <maz@...nel.org>
To: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Cc: Rafał Miłecki <zajec5@...il.com>,
Will Deacon <will@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Mark Rutland <mark.rutland@....com>,
Ard Biesheuvel <ardb@...nel.org>,
Florian Fainelli <f.fainelli@...il.com>,
bcm-kernel-feedback-list@...adcom.com, kernel-team@...roid.com
Subject: [PATCH 4/5] arm64: Warn on booting at EL2 with HVC disabled
Now that we are able to paper over the gigantic stupidity that
booting at EL2 with SCR_EL3.HCE==0 is, let's taint WARN_TAINT()
when detecting this situation.
Yes, this is *LOUD*.
Signed-off-by: Marc Zyngier <maz@...nel.org>
---
arch/arm64/include/asm/virt.h | 10 ++++++++++
arch/arm64/kernel/head.S | 10 ++++++++++
arch/arm64/kernel/smp.c | 3 +++
3 files changed, 23 insertions(+)
diff --git a/arch/arm64/include/asm/virt.h b/arch/arm64/include/asm/virt.h
index 7379f35ae2c6..89bf5ae522da 100644
--- a/arch/arm64/include/asm/virt.h
+++ b/arch/arm64/include/asm/virt.h
@@ -49,6 +49,9 @@
#define BOOT_CPU_MODE_EL1 (0xe11)
#define BOOT_CPU_MODE_EL2 (0xe12)
+/* Flags associated to the boot mode */
+#define BOOT_CPU_MODE_DOWNGRADED (1 << 0)
+
#ifndef __ASSEMBLY__
#include <asm/ptrace.h>
@@ -67,6 +70,13 @@
*/
extern u32 __boot_cpu_mode[2];
+/*
+ * __boot_cpu_mode_flags records events that are associated with CPUs
+ * coming online. A CPU having been downgraded from EL2 to EL1 because
+ * of HVC not being enabled will have BOOT_CPU_MODE_DOWNGRADED set.
+ */
+extern u32 __boot_cpu_mode_flags[1];
+
void __hyp_set_vectors(phys_addr_t phys_vector_base);
void __hyp_reset_vectors(void);
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index d6b2b05f5d3a..fdad6805868b 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -530,7 +530,13 @@ SYM_INNER_LABEL(init_el2, SYM_L_LOCAL)
/*
* HVC is unusable, so pretend we actually booted at EL1.
* Once we have left EL2, there will be no going back.
+ * set_cpu_boot_mode_flag will do the necessary CMOs for us.
*/
+ adr_l x1, __boot_cpu_mode_flags
+ ldr w0, [x1]
+ orr w0, w0, BOOT_CPU_MODE_DOWNGRADED
+ str w0, [x1]
+
mov_q x0, INIT_SCTLR_EL1_MMU_OFF
msr sctlr_el1, x0
@@ -623,6 +629,10 @@ SYM_DATA_START(__early_cpu_boot_status)
.quad 0
SYM_DATA_END(__early_cpu_boot_status)
+SYM_DATA_START(__boot_cpu_mode_flags)
+ .long 0
+SYM_DATA_END(__boot_cpu_mode_flags)
+
.popsection
/*
diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c
index 6f6ff072acbd..43fad7ca9110 100644
--- a/arch/arm64/kernel/smp.c
+++ b/arch/arm64/kernel/smp.c
@@ -425,6 +425,9 @@ static void __init hyp_mode_check(void)
else if (is_hyp_mode_mismatched())
WARN_TAINT(1, TAINT_CPU_OUT_OF_SPEC,
"CPU: CPUs started in inconsistent modes");
+ else if (__boot_cpu_mode_flags[0] & BOOT_CPU_MODE_DOWNGRADED)
+ WARN_TAINT(1, TAINT_CPU_OUT_OF_SPEC,
+ "CPU: CPUs downgraded to EL1, HVC disabled");
else
pr_info("CPU: All CPU(s) started at EL1\n");
if (IS_ENABLED(CONFIG_KVM) && !is_kernel_in_hyp_mode()) {
--
2.30.2
Powered by blists - more mailing lists