From nobody Fri Jan 24 12:11:53 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YfcB25XR1z5lKpR; Fri, 24 Jan 2025 12:11:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YfcB21KpVz47yP; Fri, 24 Jan 2025 12:11:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737720714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ERSt/nJ/J+WsyOCm74TtYjab048MrSLZwS618xaatSg=; b=yBVYhMylxdDesqx6WT3urLpYvEh7Mv0jCJobx6t92xvgxDtdONDUxXBNwfPjQUHtvqMjZ5 5j8Prj7SWbp3XNwaZLfNG/rTJTTjI4c+awbH1FLeawGgihBBTzN1qdQ7dZKTinRQRLJ8zS BqGr5ofHWaQ0OvnT5gkeRQtVLtt7pnvDTKEjjaatO+GAbnNQ3T3uOXE9jtX6BfLLlAI7P7 xLtbcVnzW7MPDp+5wMXEKDaUlgoa1dhqSVc2NuC7K1fw6bV/xTOfzKTLEl3bvnKGeYwr8P hykYrEG7Ue1e/BgqpHrp1byfDrrEobwaC+5EPX6TgFS2TWmzF3Q0PuUiajNQog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737720714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ERSt/nJ/J+WsyOCm74TtYjab048MrSLZwS618xaatSg=; b=UUIRjNXMCPfYpl1ILn33K/L2nO0Ic06mzjblec3dUrZoq0CPR3lMbjltxpD0D+6RDbIFwH 0TGZcMQOK3cqqdVJhZ0WE26xc+fC8KFCIqoCr6obHngzg/CHCc0gU+jsqOtuwLKdurQBL2 Yor+sp9s1F83VjqOT7RyohLwvm0QLoGAAA9HuxAL31W2qt7krza4wnCHfMHDON38NIGP5Q 35aadr6OoA3uCaZ/WHBKIOsM1rRiIXwGhCNDPcVonxJQ+SqdiV5+mnDZLlDVVYwjEMDEBQ x1gI4JHpNrCTYLLnbHVBgPMpSt3I8rbd/tLzqZvbcZVJQDI/Y42jP5IV6BGK9g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737720714; a=rsa-sha256; cv=none; b=Syxnn7YT/vfuuQj+wCr46yqnCXbM/Rrmj87JfDIzL80PFjCzGRYGktEZIRrMqKlE/i3GeR tbqQ8Lk9xNAhkhY2FClcHQuLoegeWEl6UjfQgOVszld3hqMtAkz3hBPP715QE+if+BinRU tFKEL9CyAseBM7qiVsyhbUn97aOvTWipVfC/SchtBseaTSnlK/Tch/2RPQBSd18ZwjCv7q GrdYXjZI2MYBUBgjyDaFew0akDm41nZmg3GhWoIYFo+1h/k22VxzcDphaTopYuQzUH1Grl sezfrnQnfoubzIXKDYsHW/Io3rfLoFvoDI3eny3uBHPvtRj4p8CcxAU1e/UeRg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YfcB20PZLz8v3; Fri, 24 Jan 2025 12:11:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50OCBrsx040482; Fri, 24 Jan 2025 12:11:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50OCBrKd040479; Fri, 24 Jan 2025 12:11:53 GMT (envelope-from git) Date: Fri, 24 Jan 2025 12:11:53 GMT Message-Id: <202501241211.50OCBrKd040479@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Andrew Turner Subject: git: e3f9593ed6ff - main - arm64: Move FEAT_PAuth to the cpu feat framework List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: andrew X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e3f9593ed6ff70da7a8be46644693389214f26d5 Auto-Submitted: auto-generated The branch main has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=e3f9593ed6ff70da7a8be46644693389214f26d5 commit e3f9593ed6ff70da7a8be46644693389214f26d5 Author: Andrew Turner AuthorDate: 2025-01-24 11:42:54 +0000 Commit: Andrew Turner CommitDate: 2025-01-24 12:09:28 +0000 arm64: Move FEAT_PAuth to the cpu feat framework Use the common framework rather than a custom function on boot. Because we need to be careful when enabling pointer authentication the enable function only sets the flag to tell other functions it needs to be enabled. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D47818 --- sys/arm64/arm64/machdep.c | 7 ------- sys/arm64/arm64/ptrauth.c | 38 +++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/sys/arm64/arm64/machdep.c b/sys/arm64/arm64/machdep.c index 0a925842dba4..ff7a88edfe61 100644 --- a/sys/arm64/arm64/machdep.c +++ b/sys/arm64/arm64/machdep.c @@ -1010,13 +1010,6 @@ initarm(struct arm64_bootparams *abp) /* Detect early CPU feature support */ enable_cpu_feat(CPU_FEAT_EARLY_BOOT); - /* - * Check if pointer authentication is available on this system, and - * if so enable its use. This needs to be called before init_proc0 - * as that will configure the thread0 pointer authentication keys. - */ - ptrauth_init(); - /* * Dump the boot metadata. We have to wait for cninit() since console * output is required. If it's grossly incorrect the kernel will never diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c index b5f9fad1dc95..7ef958b2e03c 100644 --- a/sys/arm64/arm64/ptrauth.c +++ b/sys/arm64/arm64/ptrauth.c @@ -43,6 +43,7 @@ #include #include +#include #include #include @@ -81,8 +82,8 @@ ptrauth_disable(void) return (false); } -void -ptrauth_init(void) +static bool +ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused) { uint64_t isar1; int pac_enable; @@ -96,28 +97,43 @@ ptrauth_init(void) if (!pac_enable) { if (boothowto & RB_VERBOSE) printf("Pointer authentication is disabled\n"); - return; + return (false); } if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1)) - return; + return (false); if (ptrauth_disable()) - return; + return (false); /* * This assumes if there is pointer authentication on the boot CPU * it will also be available on any non-boot CPUs. If this is ever * not the case we will have to add a quirk. */ - if (ID_AA64ISAR1_APA_VAL(isar1) > 0 || - ID_AA64ISAR1_API_VAL(isar1) > 0) { - enable_ptrauth = true; - elf64_addr_mask.code |= PAC_ADDR_MASK; - elf64_addr_mask.data |= PAC_ADDR_MASK; - } + return (ID_AA64ISAR1_APA_VAL(isar1) > 0 || + ID_AA64ISAR1_API_VAL(isar1) > 0); } +static void +ptrauth_enable(const struct cpu_feat *feat __unused, + cpu_feat_errata errata_status __unused, u_int *errata_list __unused, + u_int errata_count __unused) +{ + enable_ptrauth = true; + elf64_addr_mask.code |= PAC_ADDR_MASK; + elf64_addr_mask.data |= PAC_ADDR_MASK; +} + + +static struct cpu_feat feat_pauth = { + .feat_name = "FEAT_PAuth", + .feat_check = ptrauth_check, + .feat_enable = ptrauth_enable, + .feat_flags = CPU_FEAT_EARLY_BOOT | CPU_FEAT_SYSTEM, +}; +DATA_SET(cpu_feat_set, feat_pauth); + /* Copy the keys when forking a new process */ void ptrauth_fork(struct thread *new_td, struct thread *orig_td)