As per the PCuABI specification, CCTLR_EL0.SBL should be set in purecap, ensuring that CLR is sealed by BL* instructions, and requiring the target capability to be sealed for register-based branch instructions.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- arch/arm64/include/asm/sysreg.h | 2 ++ arch/arm64/kernel/morello.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 7a0ee4677d09..5b51d5ed0493 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -962,6 +962,8 @@ #define TRFCR_ELx_ExTRE BIT(1) #define TRFCR_ELx_E0TRE BIT(0)
+#define CCTLR_ELx_SBL BIT(7) + /* GIC Hypervisor interface registers */ /* ICH_MISR_EL2 bit definitions */ #define ICH_MISR_EOI (1 << 0) diff --git a/arch/arm64/kernel/morello.c b/arch/arm64/kernel/morello.c index f20e0b386828..12116b725460 100644 --- a/arch/arm64/kernel/morello.c +++ b/arch/arm64/kernel/morello.c @@ -129,11 +129,14 @@ void morello_thread_init_user(void) { struct morello_state *morello_state = ¤t->thread.morello_user_state; uintcap_t ddc; + u64 cctlr;
if (is_pure_task()) { ddc = 0; + cctlr = CCTLR_ELx_SBL; } else { ddc = cheri_user_root_allperms_cap; + cctlr = 0; }
/* @@ -159,8 +162,8 @@ void morello_thread_init_user(void) write_cap_sysreg(0, cid_el0); morello_state->cid = (uintcap_t)0;
- write_sysreg(0, cctlr_el0); - morello_state->cctlr = 0; + write_sysreg(cctlr, cctlr_el0); + morello_state->cctlr = cctlr; }
void morello_thread_save_user_state(struct task_struct *tsk)