Date: Fri, 24 Jan 2025 12:11:53 GMT From: Andrew Turner <andrew@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: e3f9593ed6ff - main - arm64: Move FEAT_PAuth to the cpu feat framework Message-ID: <202501241211.50OCBrKd040479@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=e3f9593ed6ff70da7a8be46644693389214f26d5 commit e3f9593ed6ff70da7a8be46644693389214f26d5 Author: Andrew Turner <andrew@FreeBSD.org> AuthorDate: 2025-01-24 11:42:54 +0000 Commit: Andrew Turner <andrew@FreeBSD.org> CommitDate: 2025-01-24 12:09:28 +0000 arm64: Move FEAT_PAuth to the cpu feat framework Use the common framework rather than a custom function on boot. Because we need to be careful when enabling pointer authentication the enable function only sets the flag to tell other functions it needs to be enabled. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D47818 --- sys/arm64/arm64/machdep.c | 7 ------- sys/arm64/arm64/ptrauth.c | 38 +++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/sys/arm64/arm64/machdep.c b/sys/arm64/arm64/machdep.c index 0a925842dba4..ff7a88edfe61 100644 --- a/sys/arm64/arm64/machdep.c +++ b/sys/arm64/arm64/machdep.c @@ -1010,13 +1010,6 @@ initarm(struct arm64_bootparams *abp) /* Detect early CPU feature support */ enable_cpu_feat(CPU_FEAT_EARLY_BOOT); - /* - * Check if pointer authentication is available on this system, and - * if so enable its use. This needs to be called before init_proc0 - * as that will configure the thread0 pointer authentication keys. - */ - ptrauth_init(); - /* * Dump the boot metadata. We have to wait for cninit() since console * output is required. If it's grossly incorrect the kernel will never diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c index b5f9fad1dc95..7ef958b2e03c 100644 --- a/sys/arm64/arm64/ptrauth.c +++ b/sys/arm64/arm64/ptrauth.c @@ -43,6 +43,7 @@ #include <machine/armreg.h> #include <machine/cpu.h> +#include <machine/cpu_feat.h> #include <machine/reg.h> #include <machine/vmparam.h> @@ -81,8 +82,8 @@ ptrauth_disable(void) return (false); } -void -ptrauth_init(void) +static bool +ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused) { uint64_t isar1; int pac_enable; @@ -96,28 +97,43 @@ ptrauth_init(void) if (!pac_enable) { if (boothowto & RB_VERBOSE) printf("Pointer authentication is disabled\n"); - return; + return (false); } if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1)) - return; + return (false); if (ptrauth_disable()) - return; + return (false); /* * This assumes if there is pointer authentication on the boot CPU * it will also be available on any non-boot CPUs. If this is ever * not the case we will have to add a quirk. */ - if (ID_AA64ISAR1_APA_VAL(isar1) > 0 || - ID_AA64ISAR1_API_VAL(isar1) > 0) { - enable_ptrauth = true; - elf64_addr_mask.code |= PAC_ADDR_MASK; - elf64_addr_mask.data |= PAC_ADDR_MASK; - } + return (ID_AA64ISAR1_APA_VAL(isar1) > 0 || + ID_AA64ISAR1_API_VAL(isar1) > 0); } +static void +ptrauth_enable(const struct cpu_feat *feat __unused, + cpu_feat_errata errata_status __unused, u_int *errata_list __unused, + u_int errata_count __unused) +{ + enable_ptrauth = true; + elf64_addr_mask.code |= PAC_ADDR_MASK; + elf64_addr_mask.data |= PAC_ADDR_MASK; +} + + +static struct cpu_feat feat_pauth = { + .feat_name = "FEAT_PAuth", + .feat_check = ptrauth_check, + .feat_enable = ptrauth_enable, + .feat_flags = CPU_FEAT_EARLY_BOOT | CPU_FEAT_SYSTEM, +}; +DATA_SET(cpu_feat_set, feat_pauth); + /* Copy the keys when forking a new process */ void ptrauth_fork(struct thread *new_td, struct thread *orig_td)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501241211.50OCBrKd040479>