From: Kevin Brodsky kevin.brodsky@arm.com
This should help with in-kernel sandboxing.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- arch/arm64/kernel/head.S | 5 +++-- arch/arm64/mm/proc.S | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 59fda4ffc43f..072a676a7bbc 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -598,8 +598,9 @@ SYM_INNER_LABEL(init_el2, SYM_L_LOCAL) bic x1, x1, #CPTR_EL2_TC msr cptr_el2, x1 isb - /* Disable PCC/DDC base offset and other capability-related features */ - msr cctlr_el2, xzr + /* Seal CLR / require a sealed target for capability branches */ + mov x9, #CCTLR_ELx_SBL + msr cctlr_el2, x9
/* * Capability exception entry/return is now enabled, as a result we diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index f67a1a17e909..3ba111dab6fc 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -498,8 +498,9 @@ SYM_FUNC_START(__cpu_setup) orr x9, x9, CPACR_EL1_CEN msr cpacr_el1, x9 isb - /* Disable PCC/DDC base offset and other capability-related features */ - msr cctlr_el1, xzr + /* Seal CLR / require a sealed target for capability branches */ + mov x9, #CCTLR_ELx_SBL + msr cctlr_el1, x9
/* * Allow controlling the Morello-defined capability tag load/store