From: Kristina Martsenko <redacted>

When the kernel is compiled with pointer auth instructions, the boot CPU
needs to start using address auth very early, so change the cpucap to
account for this.

Pointer auth must be enabled before we call C functions, because it is
not possible to enter a function with pointer auth disabled and exit it
with pointer auth enabled. Note, mismatches between architected and
IMPDEF algorithms will still be caught by the cpufeature framework (the
separate *_ARCH and *_IMP_DEF cpucaps).

Note the change in behavior: if the boot CPU has address auth and a late
CPU does not, then we park the late CPU very early in booting. Also, if
the boot CPU does not have address auth and the late CPU has then system
panic will occur little later from inside the C code. Until now we would
have just disabled address auth in this case.

Leave generic authentication as a "system scope" cpucap for now, since
initially the kernel will only use address authentication.

Reviewed-by: Kees Cook <redacted>
Signed-off-by: Kristina Martsenko <redacted>
[Amit: Re-worked ptrauth setup logic, comments]
Signed-off-by: Amit Daniel Kachhap <redacted>
---
Changes since last version:
* None.

  arch/arm64/Kconfig             |  5 +++++
  arch/arm64/include/asm/smp.h   |  1 +
  arch/arm64/kernel/cpufeature.c | 13 +++----------
  arch/arm64/kernel/head.S       | 20 ++++++++++++++++++++
  arch/arm64/kernel/smp.c        |  2 ++
  arch/arm64/mm/proc.S           | 31 +++++++++++++++++++++++++++++++
  6 files changed, 62 insertions(+), 10 deletions(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index b1b4476..5aabe8a 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig

@@ -1482,6 +1482,11 @@ config ARM64_PTR_AUTH
  	  be enabled. However, KVM guest also require VHE mode and hence
  	  CONFIG_ARM64_VHE=y option to use this feature.
  
+	  If the feature is present on the primary CPU but not a secondary CPU,
+	  then the secondary CPU will be parked.