refactor(cpufeat): convert FEAT_PAuth setup to C
An oversimplified view of FEAT_PAuth is that it's a symmetric encryption
of the LR. PAC instructions execute as NOPs until explicitly turned on.
So in a function that turns PAuth on, the signing would have executed as
a NOP and the authentication will encrypt the address, leading to a
failure. That's why enablement is in assembly - we have full control of
when pointer authentications happen.
However, assembly is hard to read, is opaque to the compiler for
optimisations, and we need to call into C anyway for the platform hook
to get the key. So convert it to C. We can instruct the compiler to not
generate branch protection for the enable function only and as long as
the caller doesn't do branch protection (and all callers are entrypoints
written in assembly) everything will work.
Change-Id: I8917a26e1293033c910e3058664e3ca9207359b7
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
diff --git a/include/lib/extensions/pauth.h b/include/lib/extensions/pauth.h
index dbc2226..db47b80 100644
--- a/include/lib/extensions/pauth.h
+++ b/include/lib/extensions/pauth.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2019-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -7,12 +7,34 @@
#ifndef PAUTH_H
#define PAUTH_H
-/*******************************************************************************
- * ARMv8.3-PAuth support functions
- ******************************************************************************/
+#if ENABLE_PAUTH
+/* Platform hook to generate the APIAKey */
+uint128_t plat_init_apkey(void);
-/* Disable ARMv8.3 pointer authentication in EL1/EL3 */
+void pauth_init(void);
+void pauth_enable_el1(void);
+void pauth_enable_el3(void);
+void pauth_enable_el2(void);
void pauth_disable_el1(void);
void pauth_disable_el3(void);
-
+#else
+static inline void pauth_init(void)
+{
+}
+static inline void pauth_enable_el1(void)
+{
+}
+static inline void pauth_enable_el3(void)
+{
+}
+static inline void pauth_enable_el2(void)
+{
+}
+static inline void pauth_disable_el1(void)
+{
+}
+static inline void pauth_disable_el3(void)
+{
+}
+#endif
#endif /* PAUTH_H */
diff --git a/include/lib/libc/cdefs.h b/include/lib/libc/cdefs.h
index 5febe9d..3bd4a70 100644
--- a/include/lib/libc/cdefs.h
+++ b/include/lib/libc/cdefs.h
@@ -17,6 +17,7 @@
#define __section(x) __attribute__((__section__(x)))
#define __fallthrough __attribute__((__fallthrough__))
#define __noinline __attribute__((__noinline__))
+#define __no_pauth __attribute__((target("branch-protection=none")))
#if RECLAIM_INIT_CODE
/*
* Add each function to a section that is unique so the functions can still
diff --git a/include/lib/utils_def.h b/include/lib/utils_def.h
index 6d8a06a..098506a 100644
--- a/include/lib/utils_def.h
+++ b/include/lib/utils_def.h
@@ -61,6 +61,9 @@
#define HI(addr) (addr >> 32)
#define LO(addr) (addr & 0xffffffff)
+#define HI_64(addr) (addr >> 64)
+#define LO_64(addr) (addr & 0xffffffffffffffff)
+
/*
* This variant of div_round_up can be used in macro definition but should not
* be used in C code as the `div` parameter is evaluated twice.