arm64: implement PKEYS support

	refcount_t	pinned;

	void		*vdso;

	unsigned long	flags;

	u8		pkey_allocation_map;

} mm_context_t;

/*

#include <linux/sched/hotplug.h>

#include <linux/mm_types.h>

#include <linux/pgtable.h>

#include <linux/pkeys.h>

#include <asm/cacheflush.h>

#include <asm/cpufeature.h>

#include <asm/daifflags.h>

#include <asm/proc-fns.h>

#include <asm-generic/mm_hooks.h>

#include <asm/cputype.h>

#include <asm/sysreg.h>

#include <asm/tlbflush.h>

{

	atomic64_set(&mm->context.id, 0);

	refcount_set(&mm->context.pinned, 0);

	/* pkey 0 is the default, so always reserve it. */

	mm->context.pkey_allocation_map = BIT(0);

	return 0;

}

static inline void arch_dup_pkeys(struct mm_struct *oldmm,

				  struct mm_struct *mm)

{

	/* Duplicate the oldmm pkey state in mm: */

	mm->context.pkey_allocation_map = oldmm->context.pkey_allocation_map;

}

static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm)

{

	arch_dup_pkeys(oldmm, mm);

	return 0;

}

static inline void arch_exit_mmap(struct mm_struct *mm)

{

}

static inline void arch_unmap(struct mm_struct *mm,

			unsigned long start, unsigned long end)

{

}

#ifdef CONFIG_ARM64_SW_TTBR0_PAN

static inline void update_saved_ttbr0(struct task_struct *tsk,

				      struct mm_struct *mm)

	return -1UL >> 8;

}

/*

 * Only enforce protection keys on the current process, because there is no

 * user context to access POR_EL0 for another address space.

 */

static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,

		bool write, bool execute, bool foreign)

{

	if (!system_supports_poe())

		return true;

	/* allow access if the VMA is not one from this process */

	if (foreign || vma_is_foreign(vma))

		return true;

	return por_el0_allows_pkey(vma_pkey(vma), write, execute);

}

#include <asm-generic/mmu_context.h>

#endif /* !__ASSEMBLY__ */

#include <asm/cmpxchg.h>

#include <asm/fixmap.h>

#include <asm/por.h>

#include <linux/mmdebug.h>

#include <linux/mm_types.h>

#include <linux/sched.h>

#define pte_accessible(mm, pte)	\

	(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid(pte))

static inline bool por_el0_allows_pkey(u8 pkey, bool write, bool execute)

{

	u64 por;

	if (!system_supports_poe())

		return true;

	por = read_sysreg_s(SYS_POR_EL0);

	if (write)

		return por_elx_allows_write(por, pkey);

	if (execute)

		return por_elx_allows_exec(por, pkey);

	return por_elx_allows_read(por, pkey);

}

/*

 * p??_access_permitted() is true for valid user mappings (PTE_USER

 * bit set, subject to the write permission check). For execute-only

#define pte_access_permitted_no_overlay(pte, write) \

	(((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) && (!(write) || pte_write(pte)))

#define pte_access_permitted(pte, write) \

	pte_access_permitted_no_overlay(pte, write)

	(pte_access_permitted_no_overlay(pte, write) && \

	por_el0_allows_pkey(FIELD_GET(PTE_PO_IDX_MASK, pte_val(pte)), write, false))

#define pmd_access_permitted(pmd, write) \

	(pte_access_permitted(pmd_pte(pmd), (write)))

#define pud_access_permitted(pud, write) \

/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Copyright (C) 2023 Arm Ltd.

 *

 * Based on arch/x86/include/asm/pkeys.h

 */

#ifndef _ASM_ARM64_PKEYS_H

#define _ASM_ARM64_PKEYS_H

#define ARCH_VM_PKEY_FLAGS (VM_PKEY_BIT0 | VM_PKEY_BIT1 | VM_PKEY_BIT2)

#define arch_max_pkey() 8

int arch_set_user_pkey_access(struct task_struct *tsk, int pkey,

		unsigned long init_val);

static inline bool arch_pkeys_enabled(void)

{

	return false;

}

static inline int vma_pkey(struct vm_area_struct *vma)

{

	return (vma->vm_flags & ARCH_VM_PKEY_FLAGS) >> VM_PKEY_SHIFT;

}

static inline int arch_override_mprotect_pkey(struct vm_area_struct *vma,

		int prot, int pkey)

{

	if (pkey != -1)

		return pkey;

	return vma_pkey(vma);

}

static inline int execute_only_pkey(struct mm_struct *mm)

{

	// Execute-only mappings are handled by EPAN/FEAT_PAN3.

	WARN_ON_ONCE(!cpus_have_final_cap(ARM64_HAS_EPAN));

	return -1;

}

#define mm_pkey_allocation_map(mm)	(mm)->context.pkey_allocation_map

#define mm_set_pkey_allocated(mm, pkey) do {		\

	mm_pkey_allocation_map(mm) |= (1U << pkey);	\

} while (0)

#define mm_set_pkey_free(mm, pkey) do {			\

	mm_pkey_allocation_map(mm) &= ~(1U << pkey);	\

} while (0)

static inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey)

{

	/*

	 * "Allocated" pkeys are those that have been returned

	 * from pkey_alloc() or pkey 0 which is allocated

	 * implicitly when the mm is created.

	 */

	if (pkey < 0 || pkey >= arch_max_pkey())

		return false;

	return mm_pkey_allocation_map(mm) & (1U << pkey);

}

/*

 * Returns a positive, 3-bit key on success, or -1 on failure.

 */

static inline int mm_pkey_alloc(struct mm_struct *mm)

{

	/*

	 * Note: this is the one and only place we make sure

	 * that the pkey is valid as far as the hardware is

	 * concerned.  The rest of the kernel trusts that

	 * only good, valid pkeys come out of here.

	 */

	u8 all_pkeys_mask = GENMASK(arch_max_pkey() - 1, 0);

	int ret;

	if (!arch_pkeys_enabled())

		return -1;

	/*

	 * Are we out of pkeys?  We must handle this specially

	 * because ffz() behavior is undefined if there are no

	 * zeros.

	 */

	if (mm_pkey_allocation_map(mm) == all_pkeys_mask)

		return -1;

	ret = ffz(mm_pkey_allocation_map(mm));

	mm_set_pkey_allocated(mm, ret);

	return ret;

}

static inline int mm_pkey_free(struct mm_struct *mm, int pkey)

{

	if (!mm_pkey_is_allocated(mm, pkey))

		return -EINVAL;

	mm_set_pkey_free(mm, pkey);

	return 0;

}

#endif /* _ASM_ARM64_PKEYS_H */

/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Copyright (C) 2023 Arm Ltd.

 */

#ifndef _ASM_ARM64_POR_H

#define _ASM_ARM64_POR_H

#define POR_BITS_PER_PKEY		4

#define POR_ELx_IDX(por_elx, idx)	(((por_elx) >> ((idx) * POR_BITS_PER_PKEY)) & 0xf)

static inline bool por_elx_allows_read(u64 por, u8 pkey)

{

	u8 perm = POR_ELx_IDX(por, pkey);

	return perm & POE_R;

}

static inline bool por_elx_allows_write(u64 por, u8 pkey)

{

	u8 perm = POR_ELx_IDX(por, pkey);

	return perm & POE_W;

}

static inline bool por_elx_allows_exec(u64 por, u8 pkey)

{

	u8 perm = POR_ELx_IDX(por, pkey);

	return perm & POE_X;

}

#endif /* _ASM_ARM64_POR_H */