From nobody Mon Feb 19 16:45:03 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TdpL80T1Nz5C99G; Mon, 19 Feb 2024 16:45:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TdpL74Fnyz4b9F; Mon, 19 Feb 2024 16:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708361103; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NVrlEeEse5GzFjLNFdBUJv/88SWm3FEatc6ecHy/Ys4=; b=MuWE+x4GzRofQYBe2/v1hjOBIG2bnFMukMirSXeYpCrNLxAYNE1sBj0ruSJEJB/VJkkn48 3v1cYq3EkmjmZK5QpS46lnMuW82fy74kTAIHAG/QIKpm0eij7PyEZFB1hJB/iGIaP4m9M1 SKZOW9URMe49Oz4/if0FZpJzQZSnVEkFJ95uGzaBDP7Jadxlqc9W7Von1K31UB4mQR3bwg PxqWQAytIybc7Hod7H3N6WYrVNQOo/jmF3msJziMk8kXQ8enuHzJW4Ag/BN23KM6R0pIor H9Fvu2u4iyAkN5CKIfJSaWpbp6bXHsvZNW+t+lqltpMYgZjmORlt2OcaI8Q1xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708361103; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NVrlEeEse5GzFjLNFdBUJv/88SWm3FEatc6ecHy/Ys4=; b=fkBjqM8zJz2Zq4/htU0gul/ARHxUfYiO0hAiuUrqSNIR2lImCUnInrxXz1QsW9NBmuDgxI /TpJEp4uv3yFvIHhpO1Nq1dEZvcgLuVkgJPdWeRG9OJpK0TfF5w5iipFwAdmjlqZnSw9Cq b9FDW9kisGoJAnUbJDCOomdUNXaewowua6uz3SzwLhVDYFgTsvac+/kJGrydiMl8fMB/O8 7VZ3Rhd5JuWhvoSvG8aXi1Qa24TG5gvPzf75VqT+Z0II7piR1DOWZGj7PmPBskuDyWL6wE H9UHOy4wFPevDzsetXONHrBPtxwsm9d8ahz98I9W29Ivx+eaYzCORFjS3NiCPA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708361103; a=rsa-sha256; cv=none; b=WCr5VyAnRk93oiPHcMhsR9gZwBAAjn42xgLWzWlvjsH7J0PPW13SqTvxECo7chmZhdDa4P sws47W/ZqSplgkgZH/O4yW3u3TJOsTKQJZlwX6hLxKA296i6GUvtT9XbImlLWIVLA8b4rV gasQ0+HLlM02OvjQsPwieMInKLcQnf5m5kd69UZ+X5lgolDk0PSDpdw5CLBhrzhR7r/Put xCqBTbHFBYvByLTHJAyAgWAZKBJWlSxYeGLsqzikjG+yX5moJIy1thUo0eE/7ViU5yBRA6 3cbh7B8gxtbxfjHJNIxQ7RCYiU3xpcdt/djGZKDWLOqMIYX5CSKpSH6aNet1Kg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TdpL73GCmzjVX; Mon, 19 Feb 2024 16:45:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41JGj3Tb095053; Mon, 19 Feb 2024 16:45:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41JGj34E095050; Mon, 19 Feb 2024 16:45:03 GMT (envelope-from git) Date: Mon, 19 Feb 2024 16:45:03 GMT Message-Id: <202402191645.41JGj34E095050@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Andrew Turner Subject: git: 45ffdd4ea582 - stable/14 - arm64: Add BTI landing pads to assembly functions List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: andrew X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 45ffdd4ea5825c5bee19ed9b2d00457cfff2d84e Auto-Submitted: auto-generated The branch stable/14 has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=45ffdd4ea5825c5bee19ed9b2d00457cfff2d84e commit 45ffdd4ea5825c5bee19ed9b2d00457cfff2d84e Author: Andrew Turner AuthorDate: 2023-10-03 08:52:02 +0000 Commit: Andrew Turner CommitDate: 2024-02-19 13:09:50 +0000 arm64: Add BTI landing pads to assembly functions When we enable BTI iboth the first instruction in a function that could be called indirectly, and a branch within a function need a valid landing pad instruction. There are three options for these instructions: 1. A breakpoint instruction 2. A pointer authentication PACIASP/PACIBSP 3. A BTI instruction Option 1 will raise a breakpoint exception so isn't useable in either cases. Option 2 could be used in some function entry cases, but needs to be paired with an authentication instruction, and is normally only used in non-leaf functions we can't use it in this case. This leaves option 3. There are four variants of the instruction, the C variant is used on function entry and the J variant is for jumping within a function. There is also a JC that works with both and one with no target that works with neither. Reviewed by: markj Sponsored by: Arm Ltd Sponsored by: The FreeBSD Foundation (earlier version) Differential Revision: https://reviews.freebsd.org/D42078 (cherry picked from commit e340882d3e49a98aa39b13041a2bf714c30dccdf) --- sys/arm64/arm64/locore.S | 4 ++++ sys/arm64/include/asm.h | 30 +++++++++++++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/sys/arm64/arm64/locore.S b/sys/arm64/arm64/locore.S index 0c3a512cf671..ea5ce8e15ed2 100644 --- a/sys/arm64/arm64/locore.S +++ b/sys/arm64/arm64/locore.S @@ -112,6 +112,8 @@ ENTRY(_start) br x15 virtdone: + BTI_J + /* Set up the stack */ adrp x25, initstack_end add x25, x25, :lo12:initstack_end @@ -230,6 +232,8 @@ ENTRY(mpentry) br x15 mp_virtdone: + BTI_J + /* Start using the AP boot stack */ ldr x4, =bootstack ldr x4, [x4] diff --git a/sys/arm64/include/asm.h b/sys/arm64/include/asm.h index 5c1f874366fd..6ebfca6eaf0c 100644 --- a/sys/arm64/include/asm.h +++ b/sys/arm64/include/asm.h @@ -48,7 +48,7 @@ #define LENTRY(sym) \ .text; .align 2; .type sym,#function; sym: \ - .cfi_startproc; DTRACE_NOP + .cfi_startproc; BTI_C; DTRACE_NOP #define ENTRY(sym) \ .globl sym; LENTRY(sym) #define EENTRY(sym) \ @@ -114,6 +114,34 @@ dsb sy; \ isb +/* + * When a CPU that implements FEAT_BTI uses a BR/BLR instruction (or the + * pointer authentication variants, e.g. BLRAA) and the target location + * has the GP attribute in its page table, then the target of the BR/BLR + * needs to be a valid BTI landing pad. + * + * BTI_C should be used at the start of a function and is used in the + * ENTRY macro. It can be replaced by PACIASP or PACIBSP, however these + * also need an appropriate authenticate instruction before returning. + * + * BTI_J should be used as the target instruction when branching with a + * BR instruction within a function. + * + * When using a BR to branch to a new function, e.g. a tail call, then + * the target register should be x16 or x17 so it is compatible with + * the BRI_C instruction. + * + * As these instructions are in the hint space they are a NOP when + * the CPU doesn't implement FEAT_BTI so are safe to use. + */ +#ifdef __ARM_FEATURE_BTI_DEFAULT +#define BTI_C hint #34 +#define BTI_J hint #36 +#else +#define BTI_C +#define BTI_J +#endif + #endif /* _MACHINE_ASM_H_ */ #endif /* !__arm__ */