git: 450f731b7f23 - main - Add BTI exceptions

From: Andrew Turner <andrew_at_FreeBSD.org>
Date: Fri, 22 Sep 2023 17:16:53 UTC
The branch main has been updated by andrew:

URL: https://cgit.FreeBSD.org/src/commit/?id=450f731b7f2351d475b43bbc6234eea28adfd2b0

commit 450f731b7f2351d475b43bbc6234eea28adfd2b0
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2023-04-05 12:28:46 +0000
Commit:     Andrew Turner <andrew@FreeBSD.org>
CommitDate: 2023-09-22 17:15:14 +0000

    Add BTI exceptions
    
    We could hit these when executing code marked as using BTI but jumps
    to a non-branch target instruction.
    
    Sponsored by:   Arm Ltd
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D39450
---
 sys/arm64/arm64/locore.S   |  2 +-
 sys/arm64/arm64/trap.c     | 10 ++++++++++
 sys/arm64/include/armreg.h |  1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/arm64/arm64/locore.S b/sys/arm64/arm64/locore.S
index 0ceb01eda5c0..bc2a84c404ab 100644
--- a/sys/arm64/arm64/locore.S
+++ b/sys/arm64/arm64/locore.S
@@ -864,7 +864,7 @@ sctlr_set:
 	.quad (SCTLR_LSMAOE | SCTLR_nTLSMD | SCTLR_UCI | SCTLR_SPAN | \
 	    SCTLR_nTWE | SCTLR_nTWI | SCTLR_UCT | SCTLR_DZE | \
 	    SCTLR_I | SCTLR_SED | SCTLR_SA0 | SCTLR_SA | SCTLR_C | \
-	    SCTLR_M | SCTLR_CP15BEN)
+	    SCTLR_M | SCTLR_CP15BEN | SCTLR_BT1 | SCTLR_BT0)
 sctlr_clear:
 	/* Bits to clear */
 	.quad (SCTLR_EE | SCTLR_E0E | SCTLR_IESB | SCTLR_WXN | SCTLR_UMA | \
diff --git a/sys/arm64/arm64/trap.c b/sys/arm64/arm64/trap.c
index d1a48a2fd9f4..c3221e9faf9f 100644
--- a/sys/arm64/arm64/trap.c
+++ b/sys/arm64/arm64/trap.c
@@ -559,6 +559,11 @@ do_el1h_sync(struct thread *td, struct trapframe *frame)
 		panic("Undefined instruction: %08x",
 		    *(uint32_t *)frame->tf_elr);
 		break;
+	case EXCP_BTI:
+		print_registers(frame);
+		print_gp_register("far", far);
+		panic("Branch Target exception");
+		break;
 	default:
 		print_registers(frame);
 		print_gp_register("far", far);
@@ -699,6 +704,11 @@ do_el0_sync(struct thread *td, struct trapframe *frame)
 		    (void *)frame->tf_elr, exception);
 		userret(td, frame);
 		break;
+	case EXCP_BTI:
+		call_trapsignal(td, SIGILL, ILL_ILLOPC, (void *)frame->tf_elr,
+		    exception);
+		userret(td, frame);
+		break;
 	default:
 		call_trapsignal(td, SIGBUS, BUS_OBJERR, (void *)frame->tf_elr,
 		    exception);
diff --git a/sys/arm64/include/armreg.h b/sys/arm64/include/armreg.h
index 8251a687a5d1..953c9af220b9 100644
--- a/sys/arm64/include/armreg.h
+++ b/sys/arm64/include/armreg.h
@@ -408,6 +408,7 @@
 #define	 EXCP_UNKNOWN		0x00	/* Unkwn exception */
 #define	 EXCP_TRAP_WFI_WFE	0x01	/* Trapped WFI or WFE */
 #define	 EXCP_FP_SIMD		0x07	/* VFP/SIMD trap */
+#define	 EXCP_BTI		0x0d	/* Branch Target Exception */
 #define	 EXCP_ILL_STATE		0x0e	/* Illegal execution state */
 #define	 EXCP_SVC32		0x11	/* SVC trap for AArch32 */
 #define	 EXCP_SVC64		0x15	/* SVC trap for AArch64 */