LXR qemu/target/arm/pauth

   1/*
   2 * ARM v8.3-PAuth Operations
   3 *
   4 * Copyright (c) 2019 Linaro, Ltd.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 */
  19
  20#include "qemu/osdep.h"
  21#include "cpu.h"
  22#include "internals.h"
  23#include "exec/exec-all.h"
  24#include "exec/cpu_ldst.h"
  25#include "exec/helper-proto.h"
  26#include "tcg/tcg-gvec-desc.h"
  27
  28
  29static uint64_t pac_cell_shuffle(uint64_t i)
  30{
  31    uint64_t o = 0;
  32
  33    o |= extract64(i, 52, 4);
  34    o |= extract64(i, 24, 4) << 4;
  35    o |= extract64(i, 44, 4) << 8;
  36    o |= extract64(i,  0, 4) << 12;
  37
  38    o |= extract64(i, 28, 4) << 16;
  39    o |= extract64(i, 48, 4) << 20;
  40    o |= extract64(i,  4, 4) << 24;
  41    o |= extract64(i, 40, 4) << 28;
  42
  43    o |= extract64(i, 32, 4) << 32;
  44    o |= extract64(i, 12, 4) << 36;
  45    o |= extract64(i, 56, 4) << 40;
  46    o |= extract64(i, 20, 4) << 44;
  47
  48    o |= extract64(i,  8, 4) << 48;
  49    o |= extract64(i, 36, 4) << 52;
  50    o |= extract64(i, 16, 4) << 56;
  51    o |= extract64(i, 60, 4) << 60;
  52
  53    return o;
  54}
  55
  56static uint64_t pac_cell_inv_shuffle(uint64_t i)
  57{
  58    uint64_t o = 0;
  59
  60    o |= extract64(i, 12, 4);
  61    o |= extract64(i, 24, 4) << 4;
  62    o |= extract64(i, 48, 4) << 8;
  63    o |= extract64(i, 36, 4) << 12;
  64
  65    o |= extract64(i, 56, 4) << 16;
  66    o |= extract64(i, 44, 4) << 20;
  67    o |= extract64(i,  4, 4) << 24;
  68    o |= extract64(i, 16, 4) << 28;
  69
  70    o |= i & MAKE_64BIT_MASK(32, 4);
  71    o |= extract64(i, 52, 4) << 36;
  72    o |= extract64(i, 28, 4) << 40;
  73    o |= extract64(i,  8, 4) << 44;
  74
  75    o |= extract64(i, 20, 4) << 48;
  76    o |= extract64(i,  0, 4) << 52;
  77    o |= extract64(i, 40, 4) << 56;
  78    o |= i & MAKE_64BIT_MASK(60, 4);
  79
  80    return o;
  81}
  82
  83static uint64_t pac_sub(uint64_t i)
  84{
  85    static const uint8_t sub[16] = {
  86        0xb, 0x6, 0x8, 0xf, 0xc, 0x0, 0x9, 0xe,
  87        0x3, 0x7, 0x4, 0x5, 0xd, 0x2, 0x1, 0xa,
  88    };
  89    uint64_t o = 0;
  90    int b;
  91
  92    for (b = 0; b < 64; b += 16) {
  93        o |= (uint64_t)sub[(i >> b) & 0xf] << b;
  94    }
  95    return o;
  96}
  97
  98static uint64_t pac_inv_sub(uint64_t i)
  99{
 100    static const uint8_t inv_sub[16] = {
 101        0x5, 0xe, 0xd, 0x8, 0xa, 0xb, 0x1, 0x9,
 102        0x2, 0x6, 0xf, 0x0, 0x4, 0xc, 0x7, 0x3,
 103    };
 104    uint64_t o = 0;
 105    int b;
 106
 107    for (b = 0; b < 64; b += 16) {
 108        o |= (uint64_t)inv_sub[(i >> b) & 0xf] << b;
 109    }
 110    return o;
 111}
 112
 113static int rot_cell(int cell, int n)
 114{
 115    /* 4-bit rotate left by n.  */
 116    cell |= cell << 4;
 117    return extract32(cell, 4 - n, 4);
 118}
 119
 120static uint64_t pac_mult(uint64_t i)
 121{
 122    uint64_t o = 0;
 123    int b;
 124
 125    for (b = 0; b < 4 * 4; b += 4) {
 126        int i0, i4, i8, ic, t0, t1, t2, t3;
 127
 128        i0 = extract64(i, b, 4);
 129        i4 = extract64(i, b + 4 * 4, 4);
 130        i8 = extract64(i, b + 8 * 4, 4);
 131        ic = extract64(i, b + 12 * 4, 4);
 132
 133        t0 = rot_cell(i8, 1) ^ rot_cell(i4, 2) ^ rot_cell(i0, 1);
 134        t1 = rot_cell(ic, 1) ^ rot_cell(i4, 1) ^ rot_cell(i0, 2);
 135        t2 = rot_cell(ic, 2) ^ rot_cell(i8, 1) ^ rot_cell(i0, 1);
 136        t3 = rot_cell(ic, 1) ^ rot_cell(i8, 2) ^ rot_cell(i4, 1);
 137
 138        o |= (uint64_t)t3 << b;
 139        o |= (uint64_t)t2 << (b + 4 * 4);
 140        o |= (uint64_t)t1 << (b + 8 * 4);
 141        o |= (uint64_t)t0 << (b + 12 * 4);
 142    }
 143    return o;
 144}
 145
 146static uint64_t tweak_cell_rot(uint64_t cell)
 147{
 148    return (cell >> 1) | (((cell ^ (cell >> 1)) & 1) << 3);
 149}
 150
 151static uint64_t tweak_shuffle(uint64_t i)
 152{
 153    uint64_t o = 0;
 154
 155    o |= extract64(i, 16, 4) << 0;
 156    o |= extract64(i, 20, 4) << 4;
 157    o |= tweak_cell_rot(extract64(i, 24, 4)) << 8;
 158    o |= extract64(i, 28, 4) << 12;
 159
 160    o |= tweak_cell_rot(extract64(i, 44, 4)) << 16;
 161    o |= extract64(i,  8, 4) << 20;
 162    o |= extract64(i, 12, 4) << 24;
 163    o |= tweak_cell_rot(extract64(i, 32, 4)) << 28;
 164
 165    o |= extract64(i, 48, 4) << 32;
 166    o |= extract64(i, 52, 4) << 36;
 167    o |= extract64(i, 56, 4) << 40;
 168    o |= tweak_cell_rot(extract64(i, 60, 4)) << 44;
 169
 170    o |= tweak_cell_rot(extract64(i,  0, 4)) << 48;
 171    o |= extract64(i,  4, 4) << 52;
 172    o |= tweak_cell_rot(extract64(i, 40, 4)) << 56;
 173    o |= tweak_cell_rot(extract64(i, 36, 4)) << 60;
 174
 175    return o;
 176}
 177
 178static uint64_t tweak_cell_inv_rot(uint64_t cell)
 179{
 180    return ((cell << 1) & 0xf) | ((cell & 1) ^ (cell >> 3));
 181}
 182
 183static uint64_t tweak_inv_shuffle(uint64_t i)
 184{
 185    uint64_t o = 0;
 186
 187    o |= tweak_cell_inv_rot(extract64(i, 48, 4));
 188    o |= extract64(i, 52, 4) << 4;
 189    o |= extract64(i, 20, 4) << 8;
 190    o |= extract64(i, 24, 4) << 12;
 191
 192    o |= extract64(i,  0, 4) << 16;
 193    o |= extract64(i,  4, 4) << 20;
 194    o |= tweak_cell_inv_rot(extract64(i,  8, 4)) << 24;
 195    o |= extract64(i, 12, 4) << 28;
 196
 197    o |= tweak_cell_inv_rot(extract64(i, 28, 4)) << 32;
 198    o |= tweak_cell_inv_rot(extract64(i, 60, 4)) << 36;
 199    o |= tweak_cell_inv_rot(extract64(i, 56, 4)) << 40;
 200    o |= tweak_cell_inv_rot(extract64(i, 16, 4)) << 44;
 201
 202    o |= extract64(i, 32, 4) << 48;
 203    o |= extract64(i, 36, 4) << 52;
 204    o |= extract64(i, 40, 4) << 56;
 205    o |= tweak_cell_inv_rot(extract64(i, 44, 4)) << 60;
 206
 207    return o;
 208}
 209
 210static uint64_t pauth_computepac(uint64_t data, uint64_t modifier,
 211                                 ARMPACKey key)
 212{
 213    static const uint64_t RC[5] = {
 214        0x0000000000000000ull,
 215        0x13198A2E03707344ull,
 216        0xA4093822299F31D0ull,
 217        0x082EFA98EC4E6C89ull,
 218        0x452821E638D01377ull,
 219    };
 220    const uint64_t alpha = 0xC0AC29B7C97C50DDull;
 221    /*
 222     * Note that in the ARM pseudocode, key0 contains bits <127:64>
 223     * and key1 contains bits <63:0> of the 128-bit key.
 224     */
 225    uint64_t key0 = key.hi, key1 = key.lo;
 226    uint64_t workingval, runningmod, roundkey, modk0;
 227    int i;
 228
 229    modk0 = (key0 << 63) | ((key0 >> 1) ^ (key0 >> 63));
 230    runningmod = modifier;
 231    workingval = data ^ key0;
 232
 233    for (i = 0; i <= 4; ++i) {
 234        roundkey = key1 ^ runningmod;
 235        workingval ^= roundkey;
 236        workingval ^= RC[i];
 237        if (i > 0) {
 238            workingval = pac_cell_shuffle(workingval);
 239            workingval = pac_mult(workingval);
 240        }
 241        workingval = pac_sub(workingval);
 242        runningmod = tweak_shuffle(runningmod);
 243    }
 244    roundkey = modk0 ^ runningmod;
 245    workingval ^= roundkey;
 246    workingval = pac_cell_shuffle(workingval);
 247    workingval = pac_mult(workingval);
 248    workingval = pac_sub(workingval);
 249    workingval = pac_cell_shuffle(workingval);
 250    workingval = pac_mult(workingval);
 251    workingval ^= key1;
 252    workingval = pac_cell_inv_shuffle(workingval);
 253    workingval = pac_inv_sub(workingval);
 254    workingval = pac_mult(workingval);
 255    workingval = pac_cell_inv_shuffle(workingval);
 256    workingval ^= key0;
 257    workingval ^= runningmod;
 258    for (i = 0; i <= 4; ++i) {
 259        workingval = pac_inv_sub(workingval);
 260        if (i < 4) {
 261            workingval = pac_mult(workingval);
 262            workingval = pac_cell_inv_shuffle(workingval);
 263        }
 264        runningmod = tweak_inv_shuffle(runningmod);
 265        roundkey = key1 ^ runningmod;
 266        workingval ^= RC[4 - i];
 267        workingval ^= roundkey;
 268        workingval ^= alpha;
 269    }
 270    workingval ^= modk0;
 271
 272    return workingval;
 273}
 274
 275static uint64_t pauth_addpac(CPUARMState *env, uint64_t ptr, uint64_t modifier,
 276                             ARMPACKey *key, bool data)
 277{
 278    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 279    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
 280    uint64_t pac, ext_ptr, ext, test;
 281    int bot_bit, top_bit;
 282
 283    /* If tagged pointers are in use, use ptr<55>, otherwise ptr<63>.  */
 284    if (param.tbi) {
 285        ext = sextract64(ptr, 55, 1);
 286    } else {
 287        ext = sextract64(ptr, 63, 1);
 288    }
 289
 290    /* Build a pointer with known good extension bits.  */
 291    top_bit = 64 - 8 * param.tbi;
 292    bot_bit = 64 - param.tsz;
 293    ext_ptr = deposit64(ptr, bot_bit, top_bit - bot_bit, ext);
 294
 295    pac = pauth_computepac(ext_ptr, modifier, *key);
 296
 297    /*
 298     * Check if the ptr has good extension bits and corrupt the
 299     * pointer authentication code if not.
 300     */
 301    test = sextract64(ptr, bot_bit, top_bit - bot_bit);
 302    if (test != 0 && test != -1) {
 303        pac ^= MAKE_64BIT_MASK(top_bit - 1, 1);
 304    }
 305
 306    /*
 307     * Preserve the determination between upper and lower at bit 55,
 308     * and insert pointer authentication code.
 309     */
 310    if (param.tbi) {
 311        ptr &= ~MAKE_64BIT_MASK(bot_bit, 55 - bot_bit + 1);
 312        pac &= MAKE_64BIT_MASK(bot_bit, 54 - bot_bit + 1);
 313    } else {
 314        ptr &= MAKE_64BIT_MASK(0, bot_bit);
 315        pac &= ~(MAKE_64BIT_MASK(55, 1) | MAKE_64BIT_MASK(0, bot_bit));
 316    }
 317    ext &= MAKE_64BIT_MASK(55, 1);
 318    return pac | ext | ptr;
 319}
 320
 321static uint64_t pauth_original_ptr(uint64_t ptr, ARMVAParameters param)
 322{
 323    uint64_t extfield = -param.select;
 324    int bot_pac_bit = 64 - param.tsz;
 325    int top_pac_bit = 64 - 8 * param.tbi;
 326
 327    return deposit64(ptr, bot_pac_bit, top_pac_bit - bot_pac_bit, extfield);
 328}
 329
 330static uint64_t pauth_auth(CPUARMState *env, uint64_t ptr, uint64_t modifier,
 331                           ARMPACKey *key, bool data, int keynumber)
 332{
 333    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 334    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
 335    int bot_bit, top_bit;
 336    uint64_t pac, orig_ptr, test;
 337
 338    orig_ptr = pauth_original_ptr(ptr, param);
 339    pac = pauth_computepac(orig_ptr, modifier, *key);
 340    bot_bit = 64 - param.tsz;
 341    top_bit = 64 - 8 * param.tbi;
 342
 343    test = (pac ^ ptr) & ~MAKE_64BIT_MASK(55, 1);
 344    if (unlikely(extract64(test, bot_bit, top_bit - bot_bit))) {
 345        int error_code = (keynumber << 1) | (keynumber ^ 1);
 346        if (param.tbi) {
 347            return deposit64(orig_ptr, 53, 2, error_code);
 348        } else {
 349            return deposit64(orig_ptr, 61, 2, error_code);
 350        }
 351    }
 352    return orig_ptr;
 353}
 354
 355static uint64_t pauth_strip(CPUARMState *env, uint64_t ptr, bool data)
 356{
 357    ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
 358    ARMVAParameters param = aa64_va_parameters(env, ptr, mmu_idx, data);
 359
 360    return pauth_original_ptr(ptr, param);
 361}
 362
 363static void QEMU_NORETURN pauth_trap(CPUARMState *env, int target_el,
 364                                     uintptr_t ra)
 365{
 366    raise_exception_ra(env, EXCP_UDEF, syn_pactrap(), target_el, ra);
 367}
 368
 369static void pauth_check_trap(CPUARMState *env, int el, uintptr_t ra)
 370{
 371    if (el < 2 && arm_feature(env, ARM_FEATURE_EL2)) {
 372        uint64_t hcr = arm_hcr_el2_eff(env);
 373        bool trap = !(hcr & HCR_API);
 374        /* FIXME: ARMv8.1-VHE: trap only applies to EL1&0 regime.  */
 375        /* FIXME: ARMv8.3-NV: HCR_NV trap takes precedence for ERETA[AB].  */
 376        if (trap) {
 377            pauth_trap(env, 2, ra);
 378        }
 379    }
 380    if (el < 3 && arm_feature(env, ARM_FEATURE_EL3)) {
 381        if (!(env->cp15.scr_el3 & SCR_API)) {
 382            pauth_trap(env, 3, ra);
 383        }
 384    }
 385}
 386
 387static bool pauth_key_enabled(CPUARMState *env, int el, uint32_t bit)
 388{
 389    uint32_t sctlr;
 390    if (el == 0) {
 391        /* FIXME: ARMv8.1-VHE S2 translation regime.  */
 392        sctlr = env->cp15.sctlr_el[1];
 393    } else {
 394        sctlr = env->cp15.sctlr_el[el];
 395    }
 396    return (sctlr & bit) != 0;
 397}
 398
 399uint64_t HELPER(pacia)(CPUARMState *env, uint64_t x, uint64_t y)
 400{
 401    int el = arm_current_el(env);
 402    if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
 403        return x;
 404    }
 405    pauth_check_trap(env, el, GETPC());
 406    return pauth_addpac(env, x, y, &env->keys.apia, false);
 407}
 408
 409uint64_t HELPER(pacib)(CPUARMState *env, uint64_t x, uint64_t y)
 410{
 411    int el = arm_current_el(env);
 412    if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
 413        return x;
 414    }
 415    pauth_check_trap(env, el, GETPC());
 416    return pauth_addpac(env, x, y, &env->keys.apib, false);
 417}
 418
 419uint64_t HELPER(pacda)(CPUARMState *env, uint64_t x, uint64_t y)
 420{
 421    int el = arm_current_el(env);
 422    if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
 423        return x;
 424    }
 425    pauth_check_trap(env, el, GETPC());
 426    return pauth_addpac(env, x, y, &env->keys.apda, true);
 427}
 428
 429uint64_t HELPER(pacdb)(CPUARMState *env, uint64_t x, uint64_t y)
 430{
 431    int el = arm_current_el(env);
 432    if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
 433        return x;
 434    }
 435    pauth_check_trap(env, el, GETPC());
 436    return pauth_addpac(env, x, y, &env->keys.apdb, true);
 437}
 438
 439uint64_t HELPER(pacga)(CPUARMState *env, uint64_t x, uint64_t y)
 440{
 441    uint64_t pac;
 442
 443    pauth_check_trap(env, arm_current_el(env), GETPC());
 444    pac = pauth_computepac(x, y, env->keys.apga);
 445
 446    return pac & 0xffffffff00000000ull;
 447}
 448
 449uint64_t HELPER(autia)(CPUARMState *env, uint64_t x, uint64_t y)
 450{
 451    int el = arm_current_el(env);
 452    if (!pauth_key_enabled(env, el, SCTLR_EnIA)) {
 453        return x;
 454    }
 455    pauth_check_trap(env, el, GETPC());
 456    return pauth_auth(env, x, y, &env->keys.apia, false, 0);
 457}
 458
 459uint64_t HELPER(autib)(CPUARMState *env, uint64_t x, uint64_t y)
 460{
 461    int el = arm_current_el(env);
 462    if (!pauth_key_enabled(env, el, SCTLR_EnIB)) {
 463        return x;
 464    }
 465    pauth_check_trap(env, el, GETPC());
 466    return pauth_auth(env, x, y, &env->keys.apib, false, 1);
 467}
 468
 469uint64_t HELPER(autda)(CPUARMState *env, uint64_t x, uint64_t y)
 470{
 471    int el = arm_current_el(env);
 472    if (!pauth_key_enabled(env, el, SCTLR_EnDA)) {
 473        return x;
 474    }
 475    pauth_check_trap(env, el, GETPC());
 476    return pauth_auth(env, x, y, &env->keys.apda, true, 0);
 477}
 478
 479uint64_t HELPER(autdb)(CPUARMState *env, uint64_t x, uint64_t y)
 480{
 481    int el = arm_current_el(env);
 482    if (!pauth_key_enabled(env, el, SCTLR_EnDB)) {
 483        return x;
 484    }
 485    pauth_check_trap(env, el, GETPC());
 486    return pauth_auth(env, x, y, &env->keys.apdb, true, 1);
 487}
 488
 489uint64_t HELPER(xpaci)(CPUARMState *env, uint64_t a)
 490{
 491    return pauth_strip(env, a, false);
 492}
 493
 494uint64_t HELPER(xpacd)(CPUARMState *env, uint64_t a)
 495{
 496    return pauth_strip(env, a, true);
 497}
 498