1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _PKEYS_HELPER_H 3 #define _PKEYS_HELPER_H 4 #define _GNU_SOURCE 5 #include <string.h> 6 #include <stdarg.h> 7 #include <stdio.h> 8 #include <stdint.h> 9 #include <stdbool.h> 10 #include <signal.h> 11 #include <assert.h> 12 #include <stdlib.h> 13 #include <ucontext.h> 14 #include <sys/mman.h> 15 16 #define NR_PKEYS 16 17 #define PKRU_BITS_PER_PKEY 2 18 19 #ifndef DEBUG_LEVEL 20 #define DEBUG_LEVEL 0 21 #endif 22 #define DPRINT_IN_SIGNAL_BUF_SIZE 4096 23 extern int dprint_in_signal; 24 extern char dprint_in_signal_buffer[DPRINT_IN_SIGNAL_BUF_SIZE]; 25 static inline void sigsafe_printf(const char *format, ...) 26 { 27 va_list ap; 28 29 va_start(ap, format); 30 if (!dprint_in_signal) { 31 vprintf(format, ap); 32 } else { 33 int ret; 34 int len = vsnprintf(dprint_in_signal_buffer, 35 DPRINT_IN_SIGNAL_BUF_SIZE, 36 format, ap); 37 /* 38 * len is amount that would have been printed, 39 * but actual write is truncated at BUF_SIZE. 40 */ 41 if (len > DPRINT_IN_SIGNAL_BUF_SIZE) 42 len = DPRINT_IN_SIGNAL_BUF_SIZE; 43 ret = write(1, dprint_in_signal_buffer, len); 44 if (ret < 0) 45 abort(); 46 } 47 va_end(ap); 48 } 49 #define dprintf_level(level, args...) do { \ 50 if (level <= DEBUG_LEVEL) \ 51 sigsafe_printf(args); \ 52 fflush(NULL); \ 53 } while (0) 54 #define dprintf0(args...) dprintf_level(0, args) 55 #define dprintf1(args...) dprintf_level(1, args) 56 #define dprintf2(args...) dprintf_level(2, args) 57 #define dprintf3(args...) dprintf_level(3, args) 58 #define dprintf4(args...) dprintf_level(4, args) 59 60 extern unsigned int shadow_pkru; 61 static inline unsigned int __rdpkru(void) 62 { 63 unsigned int eax, edx; 64 unsigned int ecx = 0; 65 unsigned int pkru; 66 67 asm volatile(".byte 0x0f,0x01,0xee\n\t" 68 : "=a" (eax), "=d" (edx) 69 : "c" (ecx)); 70 pkru = eax; 71 return pkru; 72 } 73 74 static inline unsigned int _rdpkru(int line) 75 { 76 unsigned int pkru = __rdpkru(); 77 78 dprintf4("rdpkru(line=%d) pkru: %x shadow: %x\n", 79 line, pkru, shadow_pkru); 80 assert(pkru == shadow_pkru); 81 82 return pkru; 83 } 84 85 #define rdpkru() _rdpkru(__LINE__) 86 87 static inline void __wrpkru(unsigned int pkru) 88 { 89 unsigned int eax = pkru; 90 unsigned int ecx = 0; 91 unsigned int edx = 0; 92 93 dprintf4("%s() changing %08x to %08x\n", __func__, __rdpkru(), pkru); 94 asm volatile(".byte 0x0f,0x01,0xef\n\t" 95 : : "a" (eax), "c" (ecx), "d" (edx)); 96 assert(pkru == __rdpkru()); 97 } 98 99 static inline void wrpkru(unsigned int pkru) 100 { 101 dprintf4("%s() changing %08x to %08x\n", __func__, __rdpkru(), pkru); 102 /* will do the shadow check for us: */ 103 rdpkru(); 104 __wrpkru(pkru); 105 shadow_pkru = pkru; 106 dprintf4("%s(%08x) pkru: %08x\n", __func__, pkru, __rdpkru()); 107 } 108 109 /* 110 * These are technically racy. since something could 111 * change PKRU between the read and the write. 112 */ 113 static inline void __pkey_access_allow(int pkey, int do_allow) 114 { 115 unsigned int pkru = rdpkru(); 116 int bit = pkey * 2; 117 118 if (do_allow) 119 pkru &= (1<<bit); 120 else 121 pkru |= (1<<bit); 122 123 dprintf4("pkru now: %08x\n", rdpkru()); 124 wrpkru(pkru); 125 } 126 127 static inline void __pkey_write_allow(int pkey, int do_allow_write) 128 { 129 long pkru = rdpkru(); 130 int bit = pkey * 2 + 1; 131 132 if (do_allow_write) 133 pkru &= (1<<bit); 134 else 135 pkru |= (1<<bit); 136 137 wrpkru(pkru); 138 dprintf4("pkru now: %08x\n", rdpkru()); 139 } 140 141 #define PROT_PKEY0 0x10 /* protection key value (bit 0) */ 142 #define PROT_PKEY1 0x20 /* protection key value (bit 1) */ 143 #define PROT_PKEY2 0x40 /* protection key value (bit 2) */ 144 #define PROT_PKEY3 0x80 /* protection key value (bit 3) */ 145 146 #define PAGE_SIZE 4096 147 #define MB (1<<20) 148 149 static inline void __cpuid(unsigned int *eax, unsigned int *ebx, 150 unsigned int *ecx, unsigned int *edx) 151 { 152 /* ecx is often an input as well as an output. */ 153 asm volatile( 154 "cpuid;" 155 : "=a" (*eax), 156 "=b" (*ebx), 157 "=c" (*ecx), 158 "=d" (*edx) 159 : "0" (*eax), "2" (*ecx)); 160 } 161 162 /* Intel-defined CPU features, CPUID level 0x00000007:0 (ecx) */ 163 #define X86_FEATURE_PKU (1<<3) /* Protection Keys for Userspace */ 164 #define X86_FEATURE_OSPKE (1<<4) /* OS Protection Keys Enable */ 165 166 static inline int cpu_has_pku(void) 167 { 168 unsigned int eax; 169 unsigned int ebx; 170 unsigned int ecx; 171 unsigned int edx; 172 173 eax = 0x7; 174 ecx = 0x0; 175 __cpuid(&eax, &ebx, &ecx, &edx); 176 177 if (!(ecx & X86_FEATURE_PKU)) { 178 dprintf2("cpu does not have PKU\n"); 179 return 0; 180 } 181 if (!(ecx & X86_FEATURE_OSPKE)) { 182 dprintf2("cpu does not have OSPKE\n"); 183 return 0; 184 } 185 return 1; 186 } 187 188 #define XSTATE_PKRU_BIT (9) 189 #define XSTATE_PKRU 0x200 190 191 int pkru_xstate_offset(void) 192 { 193 unsigned int eax; 194 unsigned int ebx; 195 unsigned int ecx; 196 unsigned int edx; 197 int xstate_offset; 198 int xstate_size; 199 unsigned long XSTATE_CPUID = 0xd; 200 int leaf; 201 202 /* assume that XSTATE_PKRU is set in XCR0 */ 203 leaf = XSTATE_PKRU_BIT; 204 { 205 eax = XSTATE_CPUID; 206 ecx = leaf; 207 __cpuid(&eax, &ebx, &ecx, &edx); 208 209 if (leaf == XSTATE_PKRU_BIT) { 210 xstate_offset = ebx; 211 xstate_size = eax; 212 } 213 } 214 215 if (xstate_size == 0) { 216 printf("could not find size/offset of PKRU in xsave state\n"); 217 return 0; 218 } 219 220 return xstate_offset; 221 } 222 223 #endif /* _PKEYS_HELPER_H */ 224