Unverified Commit 2428a999 authored by Shu Hang's avatar Shu Hang Committed by Liu Zhehui
Browse files

HAOC: Add kernel command line support for x86 IEE. 

community inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IBQKOW



-----------------------------------

Use kernel command line haoc to control if HAOC should be enabled.
eg: haoc=on to enable haoc protection.

Signed-off-by: default avatarShu Hang <shuh2023@zgclab.edu.cn>
Signed-off-by: default avatarHu Bing <hubing2023@zgclab.edu.cn>
Signed-off-by: default avatarLiu Zhehui <liuzhh@zgclab.edu.cn>
parent 8d2e6d1b

arch/x86/Kconfig

+2 −1
Original line number Diff line number Diff line
@@ -1551,7 +1551,8 @@ config AMD_MEM_ENCRYPT 


config IEE

	depends on X86_64

	def_bool n

	def_bool y



# Common NUMA Features

config NUMA

	bool "NUMA Memory Allocation and Scheduler Support"

arch/x86/include/asm/haoc/iee-access.h

+17 −4
Original line number Diff line number Diff line
@@ -10,28 +10,41 @@ 
#ifndef _LINUX_IEE_ACCESS_H

#define _LINUX_IEE_ACCESS_H



#include <asm/haoc/iee.h>

#include <asm/haoc/haoc-def.h>



extern unsigned long long iee_rw_gate(int flag, ...);



static inline void iee_memcpy(void *dst, const void *src, size_t n)

{

	if (haoc_enabled)

		iee_rw_gate(IEE_OP_MEMCPY, dst, src, n);

	else

		memcpy(dst, src, n);

}



static inline void iee_memset(void *ptr, int data, size_t n)

{

	if (haoc_enabled)

		iee_rw_gate(IEE_OP_MEMSET, ptr, data, n);

	else

		memset(ptr, data, n);

}



static inline void iee_set_freeptr(void **pptr, void *ptr)

{

	if (haoc_enabled)

		iee_rw_gate(IEE_OP_SET_FREEPTR, pptr, ptr);

	else

		*pptr = ptr;

}



static inline unsigned long iee_test_and_clear_bit(long nr, unsigned long *addr)

{

	if (haoc_enabled)

		return iee_rw_gate(IEE_OP_TEST_CLEAR_BIT, nr, addr);

	else

		return test_and_clear_bit(nr, addr);

}



#endif

arch/x86/include/asm/haoc/iee.h

+1 −0
Original line number Diff line number Diff line
@@ -30,4 +30,5 @@ DECLARE_PER_CPU(struct iee_stack, iee_stacks); 


extern void *alloc_low_pages(unsigned int num);

extern void iee_init(void);

extern bool haoc_enabled;

#endif

arch/x86/kernel/cpu/common.c

+17 −9
Original line number Diff line number Diff line
@@ -65,6 +65,9 @@ 
#include <asm/set_memory.h>

#include <asm/traps.h>

#include <asm/sev.h>

#ifdef CONFIG_IEE

#include <asm/haoc/iee.h>

#endif



#include "cpu.h"
@@ -595,6 +598,20 @@ static __always_inline void setup_cet(struct cpuinfo_x86 *c) 
	if (!IS_ENABLED(CONFIG_X86_CET))

		return;



#ifdef CONFIG_IEE

	if (haoc_enabled) {

		/*

		 * NOTE: IEE relies on CR0.WP (Write Protection).

		 * According to Intel SDM Vol.3(Section 2.5):

		 * This flag must be set before software can set CR4.CET,

		 * and it cannot be cleared as long as CR4.CET = 1.

		 * Therefore, IEE does not enable CET during kernel boot.

		 */

		pr_info("CET disabled because of the contradiction with IEE");

		return;

	}

#endif



	kernel_ibt = HAS_KERNEL_IBT && cpu_feature_enabled(X86_FEATURE_IBT);

	user_shstk = cpu_feature_enabled(X86_FEATURE_SHSTK) &&

		     IS_ENABLED(CONFIG_X86_USER_SHADOW_STACK);
@@ -610,16 +627,7 @@ static __always_inline void setup_cet(struct cpuinfo_x86 *c) 
	else

		wrmsrl(MSR_IA32_S_CET, 0);



	#ifndef CONFIG_IEE

	/*

	 * NOTE: IEE relies on CR0.WP (Write Protection).

	 * According to Intel SDM Vol.3(Section 2.5):

	 * This flag must be set before software can set CR4.CET,

	 * and it cannot be cleared as long as CR4.CET = 1.

	 * Therefore, IEE does not enable CR4.CET during kernel boot.

	 */

	cr4_set_bits(X86_CR4_CET);

	#endif



	if (kernel_ibt && ibt_selftest()) {

		pr_err("IBT selftest: Failed!\n");

arch/x86/kernel/haoc/iee/iee-init.c

+7 −0
Original line number Diff line number Diff line
@@ -156,3 +156,10 @@ void __init iee_init(void) 
	_iee_mapping_init();

	_iee_stack_init();

}



bool __ro_after_init haoc_enabled;

static int __init parse_haoc_enabled(char *str)

{

	return kstrtobool(str, &haoc_enabled);

}

early_param("haoc", parse_haoc_enabled);