git: ed304b0be0df - stable/13 - Add BTI exceptions

From: Andrew Turner <andrew_at_FreeBSD.org>
Date: Mon, 19 Feb 2024 16:44:50 UTC
The branch stable/13 has been updated by andrew:

URL: https://cgit.FreeBSD.org/src/commit/?id=ed304b0be0df1e89e50f8463f0a46989b66acc1f

commit ed304b0be0df1e89e50f8463f0a46989b66acc1f
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2023-04-05 12:28:46 +0000
Commit:     Andrew Turner <andrew@FreeBSD.org>
CommitDate: 2024-02-19 12:39:49 +0000

    Add BTI exceptions
    
    We could hit these when executing code marked as using BTI but jumps
    to a non-branch target instruction.
    
    Sponsored by:   Arm Ltd
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D39450
    
    (cherry picked from commit 450f731b7f2351d475b43bbc6234eea28adfd2b0)
---
 sys/arm64/arm64/locore.S   |  2 +-
 sys/arm64/arm64/trap.c     | 11 +++++++++++
 sys/arm64/include/armreg.h |  1 +
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/sys/arm64/arm64/locore.S b/sys/arm64/arm64/locore.S
index 4712f8591b8b..d48984e39a59 100644
--- a/sys/arm64/arm64/locore.S
+++ b/sys/arm64/arm64/locore.S
@@ -737,7 +737,7 @@ sctlr_set:
 	.quad (SCTLR_LSMAOE | SCTLR_nTLSMD | SCTLR_UCI | SCTLR_SPAN | \
 	    SCTLR_nTWE | SCTLR_nTWI | SCTLR_UCT | SCTLR_DZE | \
 	    SCTLR_I | SCTLR_SED | SCTLR_SA0 | SCTLR_SA | SCTLR_C | \
-	    SCTLR_M | SCTLR_CP15BEN)
+	    SCTLR_M | SCTLR_CP15BEN | SCTLR_BT1 | SCTLR_BT0)
 sctlr_clear:
 	/* Bits to clear */
 	.quad (SCTLR_EE | SCTLR_E0E | SCTLR_IESB | SCTLR_WXN | SCTLR_UMA | \
diff --git a/sys/arm64/arm64/trap.c b/sys/arm64/arm64/trap.c
index d62ebba3debd..d6f847d6b88c 100644
--- a/sys/arm64/arm64/trap.c
+++ b/sys/arm64/arm64/trap.c
@@ -526,6 +526,12 @@ do_el1h_sync(struct thread *td, struct trapframe *frame)
 		panic("Undefined instruction: %08x",
 		    *(uint32_t *)frame->tf_elr);
 		break;
+	case EXCP_BTI:
+		far = READ_SPECIALREG(far_el1);
+		print_registers(frame);
+		print_gp_register("far", far);
+		panic("Branch Target exception");
+		break;
 	default:
 		print_registers(frame);
 		print_gp_register("far", READ_SPECIALREG(far_el1));
@@ -660,6 +666,11 @@ do_el0_sync(struct thread *td, struct trapframe *frame, uint64_t far)
 		    (void *)frame->tf_elr, exception);
 		userret(td, frame);
 		break;
+	case EXCP_BTI:
+		call_trapsignal(td, SIGILL, ILL_ILLOPC, (void *)frame->tf_elr,
+		    exception);
+		userret(td, frame);
+		break;
 	default:
 		call_trapsignal(td, SIGBUS, BUS_OBJERR, (void *)frame->tf_elr,
 		    exception);
diff --git a/sys/arm64/include/armreg.h b/sys/arm64/include/armreg.h
index e2395951f524..098c55361913 100644
--- a/sys/arm64/include/armreg.h
+++ b/sys/arm64/include/armreg.h
@@ -411,6 +411,7 @@
 #define	 EXCP_UNKNOWN		0x00	/* Unkwn exception */
 #define	 EXCP_TRAP_WFI_WFE	0x01	/* Trapped WFI or WFE */
 #define	 EXCP_FP_SIMD		0x07	/* VFP/SIMD trap */
+#define	 EXCP_BTI		0x0d	/* Branch Target Exception */
 #define	 EXCP_ILL_STATE		0x0e	/* Illegal execution state */
 #define	 EXCP_SVC32		0x11	/* SVC trap for AArch32 */
 #define	 EXCP_SVC64		0x15	/* SVC trap for AArch64 */