!2949 Cmdline for ARMv8 Pointer Authentication

	return ptrauth_clear_pac(ptr);

}

static __always_inline void ptrauth_enable(void)

{

	if (!system_supports_address_auth())

		return;

	sysreg_clear_set(sctlr_el1, 0, (SCTLR_ELx_ENIA | SCTLR_ELx_ENIB |

					SCTLR_ELx_ENDA | SCTLR_ELx_ENDB));

	isb();

}

#define ptrauth_thread_init_user(tsk)					\

	ptrauth_keys_init_user(&(tsk)->thread.keys_user)

#define ptrauth_thread_init_kernel(tsk)					\

	ptrauth_keys_switch_kernel(&(tsk)->thread.keys_kernel)

#else /* CONFIG_ARM64_PTR_AUTH */

#define ptrauth_enable()

#define ptrauth_prctl_reset_keys(tsk, arg)	(-EINVAL)

#define ptrauth_strip_insn_pac(lr)	(lr)

#define ptrauth_thread_init_user(tsk)

#endif

	ptrauth_thread_init_kernel(current);

	ptrauth_thread_switch_kernel(current);

	ptrauth_enable();

}

#endif	/* _ASM_STACKPROTECTOR_H */

#endif /* CONFIG_ARM64_RAS_EXTN */

#ifdef CONFIG_ARM64_PTR_AUTH

/*

 * PAuth is enabled by default, and should be explicitly shut down by

 * `arm64.nopauth` if needed.

 */

static int arm64_nopauth __ro_after_init;

static int __init parse_arm64_nopauth(char *str)

{

	arm64_nopauth = 1;

	return 0;

}

early_param("arm64.nopauth", parse_arm64_nopauth);

static bool has_address_auth_cpucap(const struct arm64_cpu_capabilities *entry, int scope)

{

	int boot_val, sec_val;

	if (arm64_nopauth)

		return false;

	/* We don't expect to be called with SCOPE_SYSTEM */

	WARN_ON(scope == SCOPE_SYSTEM);

	/*

	       has_address_auth_cpucap(cpu_hwcaps_ptrs[ARM64_HAS_ADDRESS_AUTH_IMP_DEF], scope);

}

static bool has_ptr_auth_cpucap(const struct arm64_cpu_capabilities *entry,

				int scope)

{

	return !arm64_nopauth && has_cpuid_feature(entry, scope);

}

static bool has_generic_auth(const struct arm64_cpu_capabilities *entry,

			     int __unused)

{

		.sign = FTR_UNSIGNED,

		.field_pos = ID_AA64ISAR1_GPA_SHIFT,

		.min_field_value = ID_AA64ISAR1_GPA_ARCHITECTED,

		.matches = has_cpuid_feature,

		.matches = has_ptr_auth_cpucap,

	},

	{

		.desc = "Generic authentication (IMP DEF algorithm)",

		.sign = FTR_UNSIGNED,

		.field_pos = ID_AA64ISAR1_GPI_SHIFT,

		.min_field_value = ID_AA64ISAR1_GPI_IMP_DEF,

		.matches = has_cpuid_feature,

		.matches = has_ptr_auth_cpucap,

	},

	{

		.capability = ARM64_HAS_GENERIC_AUTH,

		.sign = s,							\

		.min_field_value = min_value,

#define HWCAP_CPUID_MATCH_SELF_DEFINED(match, reg, field, s, min_value)		\

		.matches = match,					\

		.sys_reg = reg,							\

		.field_pos = field,						\

		.sign = s,							\

		.min_field_value = min_value,

#define __HWCAP_CAP(name, cap_type, cap)					\

		.desc = name,							\

		.type = ARM64_CPUCAP_SYSTEM_FEATURE,				\

#ifdef CONFIG_ARM64_PTR_AUTH

static const struct arm64_cpu_capabilities ptr_auth_hwcap_addr_matches[] = {

	{

		HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT,

		HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap,

				SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_APA_SHIFT,

				FTR_UNSIGNED, ID_AA64ISAR1_APA_ARCHITECTED)

	},

	{

		HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_SHIFT,

		HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap,

				SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_SHIFT,

				FTR_UNSIGNED, ID_AA64ISAR1_API_IMP_DEF)

	},

	{},

static const struct arm64_cpu_capabilities ptr_auth_hwcap_gen_matches[] = {

	{

		HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPA_SHIFT,

		HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap,

				SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPA_SHIFT,

				FTR_UNSIGNED, ID_AA64ISAR1_GPA_ARCHITECTED)

	},

	{

		HWCAP_CPUID_MATCH(SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPI_SHIFT,

		HWCAP_CPUID_MATCH_SELF_DEFINED(has_ptr_auth_cpucap,

				SYS_ID_AA64ISAR1_EL1, ID_AA64ISAR1_GPI_SHIFT,

				FTR_UNSIGNED, ID_AA64ISAR1_GPI_IMP_DEF)

	},

	{},

	adr_l	x5, init_task

	msr	sp_el0, x5			// Save thread_info

#ifdef CONFIG_ARM64_PTR_AUTH

	__ptrauth_keys_init_cpu	x5, x6, x7, x8

#endif

	adr_l	x8, vectors			// load VBAR_EL1 with virtual

	msr	vbar_el1, x8			// vector table address

	isb