| History log of /src/sys/arch/aarch64/include/asm.h |
| Revision | | Date | Author | Comments |
| 1.9 |
| 02-Aug-2020 |
maxv | Add support for Privileged Access Never (ARMv8.1-PAN).
PAN provides the same functionality as SMAP on x86: it forbids kernel
access to userland pages when PSTATE.PAN=1, and allows such accesses when
PSTATE.PAN=0.
We clear SCTLR_SPAN, to guarantee that PAN=1 each time the kernel is
entered. We catch PAN faults and panic right away without further
processing. In copyin, copyout, etc, we temporarily authorize access to
userland pages.
PAN is a very useful exploit mitigation. Reviewed by ryo@, thanks. Tested
on Qemu. Enabled by default.
|
| 1.8 |
| 11-May-2020 |
ryo | "options ARMV83_PAC" is now supported for gcc as well.
- add "-msign-return-address=all" to CFLAGS for gcc when specified options ARMV83_PAC
- AARCH64REG_{READ,WRITE}_INLINE3 macro can now use the APIAKey registers in both gcc and llvm.
llvm requires asm(".arch armv8.3-a"), whereas gcc requires __attribute__((target("arch=armv8.3-a"))).
- use ".arch armv8.3-a" rather than ".arch armv8.3-a+pac" in *.S for llvm.
|
| 1.7 |
| 12-Apr-2020 |
maxv | Add support for Pointer Authentication (PAC).
We use the "pac-ret" option, to sign the return instruction pointer on
function entry, and authenticate it on function exit. This acts as a
mitigation against ROP.
The authentication uses a per-lwp (secret) I-A key stored in the 128bit
APIAKey register and part of the lwp context. During lwp creation, the
kernel generates a random key, and during context switches, it installs
the key of the target lwp on the CPU.
Userland cannot read the APIAKey register directly. However, it can sign
its pointers with it, because the register is architecturally shared
between userland and the kernel. Although part of the CPU design, it is
a bit of an undesired behavior, because it allows to forge valid kernel
pointers from userland. To avoid that, we don't share the key with
userland, and rather switch it in EL0<->EL1 transitions. This means that
when userland executes, a different key is loaded in APIAKey than the one
the kernel uses. For now the userland key is a fixed 128bit zero value.
The DDB stack unwinder is changed to strip the authentication code from
the pointers in lr.
Two problems are known:
* Currently the idlelwps' keys are not really secret. This is because
the RNG is not yet available when we spawn these lwps. Not overly
important, but would be nice to fix with UEFI RNG.
* The key switching in EL0<->EL1 transitions is not the most optimized
code on the planet. Instead of checking aarch64_pac_enabled, it would
be better to hot-patch the code at boot time, but there currently is
no hot-patch support on aarch64.
Tested on Qemu.
|
| 1.6 |
| 19-Jan-2020 |
skrll | branches: 1.6.4;
Replace the two copies of the ADDR macro with a centralised adrl macro.
The adrl name matches the one used by armasm.
|
| 1.5 |
| 20-Dec-2019 |
ryo | branches: 1.5.2;
Add a speculation barrier after the 'eret'.
Some aarch64 cpus speculatively execute instructions after 'eret',
and this potentiates side-channel attack.
from
https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
|
| 1.4 |
| 05-Aug-2019 |
joerg | Don't define register replacements when targetting 32bit ARM.
|
| 1.3 |
| 17-Jul-2018 |
christos | branches: 1.3.4;
centralize fp,lr definitions
|
| 1.2 |
| 01-Apr-2018 |
ryo | branches: 1.2.2;
Add initial support for ARMv8 (AARCH64) (by nisimura@ and ryo@)
- sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. (by skrll@)
- add support fdt. evbarm/conf/GENERIC64 fdt (bcm2837,sunxi,tegra) based generic 64bit kernel config. (by skrll@, jmcneill@)
|
| 1.1 |
| 10-Aug-2014 |
matt | branches: 1.1.4; 1.1.28;
Preliminary files for AARCH64 (64-bit ARM) support.
Enough for a distribution build.
|
| 1.1.28.2 |
| 28-Jul-2018 |
pgoyette | Sync with HEAD
|
| 1.1.28.1 |
| 07-Apr-2018 |
pgoyette | Sync with HEAD. 77 conflicts resolved - all of them $NetBSD$
|
| 1.1.4.2 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.1.4.1 |
| 10-Aug-2014 |
tls | file asm.h was added on branch tls-maxphys on 2014-08-20 00:02:39 +0000
|
| 1.2.2.3 |
| 21-Apr-2020 |
martin | Sync with HEAD
|
| 1.2.2.2 |
| 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.2.2.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.3.4.1 |
| 24-Dec-2019 |
martin | Pull up following revision(s) (requested by ryo in ticket #574):
sys/arch/aarch64/include/asm.h: revision 1.5
sys/arch/aarch64/aarch64/cpuswitch.S: revision 1.13
Add a speculation barrier after the 'eret'.
Some aarch64 cpus speculatively execute instructions after 'eret',
and this potentiates side-channel attack.
from
https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
|
| 1.5.2.1 |
| 25-Jan-2020 |
ad | Sync with head.
|
| 1.6.4.1 |
| 20-Apr-2020 |
bouyer | Sync with HEAD
|
