Date: Mon, 23 Jun 2025 16:34:24 GMT From: Andrew Turner <andrew@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: fe55780e5f10 - main - arm64: Enable pointer authentication with QARMA3 Message-ID: <202506231634.55NGYOeq066218@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=fe55780e5f104d05475726eba0b05236358a9864 commit fe55780e5f104d05475726eba0b05236358a9864 Author: Andrew Turner <andrew@FreeBSD.org> AuthorDate: 2025-06-21 00:28:56 +0000 Commit: Andrew Turner <andrew@FreeBSD.org> CommitDate: 2025-06-21 00:28:56 +0000 arm64: Enable pointer authentication with QARMA3 When the QARMA3 algorithm is used the ID_AA64ISAR2_EL1.APA3 field is non-zero. Include this in the check for enabling pointer auth. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D49710 --- sys/arm64/arm64/ptrauth.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c index dd36e66c85bb..a943220d66cd 100644 --- a/sys/arm64/arm64/ptrauth.c +++ b/sys/arm64/arm64/ptrauth.c @@ -85,7 +85,7 @@ ptrauth_disable(void) static bool ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused) { - uint64_t isar1; + uint64_t isar; int pac_enable; /* @@ -100,9 +100,6 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused) goto out; } - if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1)) - goto out; - if (ptrauth_disable()) goto out; @@ -111,13 +108,36 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused) * it will also be available on any non-boot CPUs. If this is ever * not the case we will have to add a quirk. */ - return (ID_AA64ISAR1_APA_VAL(isar1) > 0 || - ID_AA64ISAR1_API_VAL(isar1) > 0); + + /* + * The QARMA5 or implementation efined algorithms are reported in + * ID_AA64ISAR1_EL1. + */ + if (get_kernel_reg(ID_AA64ISAR1_EL1, &isar)) { + if (ID_AA64ISAR1_APA_VAL(isar) > 0 || + ID_AA64ISAR1_API_VAL(isar) > 0) { + return (true); + } + } + + /* The QARMA3 algorithm is reported in ID_AA64ISAR2_EL1. */ + if (get_kernel_reg(ID_AA64ISAR2_EL1, &isar)) { + if (ID_AA64ISAR2_APA3_VAL(isar) > 0) { + return (true); + } + } out: + /* + * Pointer authentication may be disabled, mask out the ID fields we + * expose to userspace and the rest of the kernel so they don't try + * to use it. + */ update_special_reg(ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_MASK | ID_AA64ISAR1_APA_MASK | ID_AA64ISAR1_GPA_MASK | ID_AA64ISAR1_GPI_MASK, 0); + update_special_reg(ID_AA64ISAR2_EL1, ID_AA64ISAR2_APA3_MASK, 0); + return (false); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506231634.55NGYOeq066218>