From nobody Wed Feb 11 16:05:20 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fB3Dd0zbkz6Rjx0 for ; Wed, 11 Feb 2026 16:05:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fB3Dd0DKmz3wVN for ; Wed, 11 Feb 2026 16:05:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770825921; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eHEQ8wLiAMgYg07DyG9Ea3cAHiBdzZpcR4d3SGFo4FI=; b=qMtgdaHm47MOHgWTB2keLdxcbWFDco7h9N9L2cNMv7AqgwhHmqYzCpqHiqc+9vx3g2aITW rTifi5mXMCmfF8Ep28/f67rmEQYLCNlsEuVDsDOzU9441BiP0I0i9At2OoNDz/MiUM6XuF MaU1vG7BSv+u54LQ6RM5TSmAqPT+LF6AErRRH88J1A1VVuFa8rh30hiTwrdvSHStWsMz31 aznrv1Ur4xDzeilxswrreeMsIkvasJ4P57rwNGLGrmBgxFcRQRVR5n5rvTPm+i+7qZczTN Xs9U2OxmSbo73Ue+f0Qhkq3jEA1AXqkZSlewFPZqJGaJs80aSli5Zy7+U2PGBQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770825921; a=rsa-sha256; cv=none; b=OowsKh+ZOzllNHpeeeO7SUTsIos9l5rW422l5lbuS2+rdKBTO9sD/CWcaYZTp34AY1cQZG fnS6csyLsCuI8nRusQmWoQW+GaFIrmqlf/pp5kJESqztTeT89gxtH11oNlG1Sj4mFs2drw E/n2spbDSFyOYjMP13Qa5DHjymTcDEQm4y1tGEmxz0+aFNkIgJ5g1w7ic+IVnOxHOzL9AC 7jdHV+5UMH6olS9hvMcJmwz4qs4BVPOhr7KOuKdtjU+Qnhmkx7Y9FxKd+y80krv6wUvYeK 4+XFgCQbQweU5xqZ6j16FYeF2vdcOb0MLbMtIYAWc4FPlJvYZgqUnNB1XvEj3Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770825921; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eHEQ8wLiAMgYg07DyG9Ea3cAHiBdzZpcR4d3SGFo4FI=; b=rksAJDNEKIWmYh4FyuBRX312ijTPNKCTaErfEGI74uIN0mqxeJvS2Cbz9OylWscyR5biSA k/ntl1YKXoLBuVV2NqZEXLLljCPxSRtdS6DD2hL8xR/FBoD6hTnijXOrqBN9WCkbs0+38e I6JO7gSwby2V5dkpzq9yXZGLsoqNZP9GhPLxAlhxYMl0U9giuzo0/t5vNm/Rwk1EU2DBhX BP3I1iB+/hddWb+VyLiZVy1ZXz/KQaBsqjFYzVZXPOAxSMmU/uXpcBRVVRnNPnrgAM2TEX Zyc5FmUEKGRiqV9AuNBob+21f7QFZqhpNqy2kbRFm1M8yiDjfUHpYCUzMF65zg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fB3Dc6s8Tzwg6 for ; Wed, 11 Feb 2026 16:05:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 22af1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 11 Feb 2026 16:05:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 89589b6d3fba - main - amd64: add LASS support List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 89589b6d3fbac43eb7c6b3cdbdd6f077888b2142 Auto-Submitted: auto-generated Date: Wed, 11 Feb 2026 16:05:20 +0000 Message-Id: <698ca8c0.22af1.1435014b@gitrepo.freebsd.org> The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=89589b6d3fbac43eb7c6b3cdbdd6f077888b2142 commit 89589b6d3fbac43eb7c6b3cdbdd6f077888b2142 Author: Konstantin Belousov AuthorDate: 2024-10-24 02:12:25 +0000 Commit: Konstantin Belousov CommitDate: 2026-02-11 16:04:30 +0000 amd64: add LASS support In short, LASS enforces all kernel memory accesses to have bit 63 set to 1, and all userspace accesses have bit 63 set to 0. Violations of these rules cause #GP. There are natural loopholes, like SMAP with rflags.AC=1 allows kernel to access userspace. Enablement is simple, we need to set CR4.LASS bit on all CPUs. There are complications when kernel has to execute code at low addresses, e.g. for la57 trampoline, or calling into EFI RT. The patch turns CR4.LASS off around these regions. LASS is officially documented in SDM, since at least rev. 085, October 2024. Tested in simics. Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D55218 --- sys/amd64/amd64/efirt_machdep.c | 4 ++++ sys/amd64/amd64/initcpu.c | 13 +++++++++++++ sys/amd64/amd64/machdep.c | 1 + sys/amd64/amd64/pmap.c | 9 +++++++++ sys/amd64/include/md_var.h | 1 + 5 files changed, 28 insertions(+) diff --git a/sys/amd64/amd64/efirt_machdep.c b/sys/amd64/amd64/efirt_machdep.c index fe5d60c978dd..203b2b264587 100644 --- a/sys/amd64/amd64/efirt_machdep.c +++ b/sys/amd64/amd64/efirt_machdep.c @@ -348,6 +348,8 @@ efi_arch_enter(void) */ if (!pmap_pcid_enabled) invltlb(); + if (lass_enabled) + load_cr4(rcr4() & ~CR4_LASS); return (0); } @@ -357,6 +359,8 @@ efi_arch_leave(void) pmap_t curpmap; uint64_t cr3; + if (lass_enabled) + load_cr4(rcr4() | CR4_LASS); curpmap = &curproc->p_vmspace->vm_pmap; cr3 = curpmap->pm_cr3; if (pmap_pcid_enabled) { diff --git a/sys/amd64/amd64/initcpu.c b/sys/amd64/amd64/initcpu.c index 7f317674907e..4c57c27596ad 100644 --- a/sys/amd64/amd64/initcpu.c +++ b/sys/amd64/amd64/initcpu.c @@ -290,6 +290,19 @@ initializecpu(void) if (cpu_stdext_feature2 & CPUID_STDEXT2_PKU) cr4 |= CR4_PKE; + /* + * Any CPU having Linear Address Space Separation (LASS) + * should have SMAP, but check it to be sure. Otherwise + * userspace accesses from kernel cannot work. + */ + if (IS_BSP() && (cpu_stdext_feature4 & CPUID_STDEXT4_LASS) != 0 && + (cpu_stdext_feature & CPUID_STDEXT_SMAP) != 0) { + lass_enabled = 1; + TUNABLE_INT_FETCH("hw.lass", &lass_enabled); + } + if (lass_enabled) + cr4 |= CR4_LASS; + /* * If SMEP is present, we only need to flush RSB (by default) * on context switches, to prevent cross-process ret2spec diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c index b0da0b763b22..e9bb27a54dfb 100644 --- a/sys/amd64/amd64/machdep.c +++ b/sys/amd64/amd64/machdep.c @@ -204,6 +204,7 @@ int cold = 1; long Maxmem = 0; long realmem = 0; int late_console = 1; +int lass_enabled = 0; struct kva_md_info kmi; diff --git a/sys/amd64/amd64/pmap.c b/sys/amd64/amd64/pmap.c index 243a6625bece..8695dd61316e 100644 --- a/sys/amd64/amd64/pmap.c +++ b/sys/amd64/amd64/pmap.c @@ -1737,6 +1737,7 @@ pmap_bootstrap_la57(vm_paddr_t *firstaddr) { void (*la57_tramp)(uint64_t pml5); pml5_entry_t *pt; + uint64_t cr4; if ((cpu_stdext_feature2 & CPUID_STDEXT2_LA57) == 0) return; @@ -1757,8 +1758,16 @@ pmap_bootstrap_la57(vm_paddr_t *firstaddr) KERNSTART + amd64_loadaddr()); printf("Calling la57 trampoline at %p, KPML5phys %#lx ...", la57_tramp, KPML5phys); + if (lass_enabled) { + cr4 = rcr4(); + load_cr4(cr4 & ~CR4_LASS); + } la57_tramp(KPML5phys); printf(" alive in la57 mode\n"); + if (lass_enabled) { + cr4 = rcr4(); + load_cr4(cr4 | CR4_LASS); + } } static void diff --git a/sys/amd64/include/md_var.h b/sys/amd64/include/md_var.h index 19eab48168f7..7bb8ace27061 100644 --- a/sys/amd64/include/md_var.h +++ b/sys/amd64/include/md_var.h @@ -45,6 +45,7 @@ extern int hw_ibrs_disable; extern int hw_ssb_disable; extern int nmi_flush_l1d_sw; extern int syscall_ret_l1d_flush_mode; +extern int lass_enabled; extern vm_paddr_t intel_graphics_stolen_base; extern vm_paddr_t intel_graphics_stolen_size;