From nobody Thu Feb 22 16:28:06 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TgdqB4cTkz59wR4; Thu, 22 Feb 2024 16:28:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TgdqB2B4Pz4Jyh; Thu, 22 Feb 2024 16:28:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708619286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Viie4LC0ZWcna1gZRzOxnQoW7kid327RVGsU/oSwoZc=; b=rtZ0yQEROHp6fj6qpf2cT/my8TNnrHvdy6TpQ8YE87Temtt+/CxhmTGyxcxd9kRBnXTs7R EIxjc6MUAx8j4JuleRKr23GClY1fs4T43Lg2WYVV7m23mg9XdtWsBwfFOWtSiirNEEh0pW mUwOt4N4t8Ay7li+0Cs2PVJfSMtEXWoawlzh7AE6w14JdSkRjaR9R44VAzODGu+Ot3ZAn/ A5cKdugTom9wegwogdTeqd8C6TJfjV09+IYAL5uSuj0BE7mMDpIQ/agMdQ3mWIl2fas6DK AaJxeB3UKsgt2Cr7aEByH/n8eJTUcN9aTyIIyqURM5a602d6jv5NyYaPKcnyrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708619286; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Viie4LC0ZWcna1gZRzOxnQoW7kid327RVGsU/oSwoZc=; b=JTxS0sfE3EPN+UJPg9zLMe/t6Q8jPWERPFACKqXNX5YJaqUsdCsSteNX36aDhZZwhLUFug NpzhtmRfoqz48nKDsSgKHbRWPG4GIDw2Tc+s6J2evwQPGkCBdX5mXaBXGhQLFE82Q/VlXe C6aXWhfGNzx+DaIlnWwWC0w38qKIWcb8k/poCjAPvhDCw9fHenxIDIV1P2uCayR4sHsZRB FhZH8X/859m+BWV3zCSiEDjbahSHFt7U+R7tWa9NrtFK3/CEjNlyrv6qxCBcx7d21I22K6 51DU16C7ZYjCv9je/npyR/7GJpMeZUSKUNI/Z5yfhlZSmySCeEFjo2V7bEC8Hg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708619286; a=rsa-sha256; cv=none; b=NIx4ujkNHaeE5gJFyGIWwk4uxsh98k6KUDM9XXLq7MofveCueYz1MufuNjSH8X9kAej4Y5 8xso8tTCwuqigoE597Ny9emyikwpDvmQluGOLQ6GLx08fnppyyGI2uw9bLea4gBUGx7DV6 k0+5FYZi3wCjdC1Zbw4PDRYUnDReJ/qtwBr9VIILqAL6bpMjQ+e/9GhDFWUZjsq4C4rNhH DOT4QdcvMT0jpFTxWo91xKYO8WM5meG1g91NGW2ZDgUXaq7emnYKhJPXBb+DnBbBjiXb+c GG1v/Oue2Pa3OkVkahNkTa4kzx6KRYUDJVGwNIdZMJkYJLi4uNOCTzdn4gEiJw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TgdqB13XkzfVP; Thu, 22 Feb 2024 16:28:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41MGS6T8015422; Thu, 22 Feb 2024 16:28:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41MGS6hh015419; Thu, 22 Feb 2024 16:28:06 GMT (envelope-from git) Date: Thu, 22 Feb 2024 16:28:06 GMT Message-Id: <202402221628.41MGS6hh015419@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Andrew Turner Subject: git: 670af174e27b - main - arm64: Enable BTI in the kernel ELF loader List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: andrew X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 670af174e27b4f42f6e17521f18508ec78d5a776 Auto-Submitted: auto-generated The branch main has been updated by andrew: URL: https://cgit.FreeBSD.org/src/commit/?id=670af174e27b4f42f6e17521f18508ec78d5a776 commit 670af174e27b4f42f6e17521f18508ec78d5a776 Author: Andrew Turner AuthorDate: 2023-11-02 09:56:09 +0000 Commit: Andrew Turner CommitDate: 2024-02-22 16:27:47 +0000 arm64: Enable BTI in the kernel ELF loader Enable BTI in binaries loaded by the kernel. When the ELF file contains the needed note indicating BTI is supported set the guarded page flag for all segments. Reviewed by: markj Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D42441 --- sys/arm64/arm64/elf_machdep.c | 73 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/sys/arm64/arm64/elf_machdep.c b/sys/arm64/arm64/elf_machdep.c index 29427d04ee54..350651c42723 100644 --- a/sys/arm64/arm64/elf_machdep.c +++ b/sys/arm64/arm64/elf_machdep.c @@ -46,7 +46,9 @@ #include #include +#include #include +#include #include #include @@ -61,6 +63,8 @@ u_long __read_frequently linux_elf_hwcap2; struct arm64_addr_mask elf64_addr_mask; +static void arm64_exec_protect(struct image_params *, int); + static struct sysentvec elf64_freebsd_sysvec = { .sv_size = SYS_MAXSYSCALL, .sv_table = sysent, @@ -98,6 +102,7 @@ static struct sysentvec elf64_freebsd_sysvec = { .sv_hwcap = &elf_hwcap, .sv_hwcap2 = &elf_hwcap2, .sv_onexec_old = exec_onexec_old, + .sv_protect = arm64_exec_protect, .sv_onexit = exit_onexit, .sv_regset_begin = SET_BEGIN(__elfN(regset)), .sv_regset_end = SET_LIMIT(__elfN(regset)), @@ -311,3 +316,71 @@ elf_cpu_parse_dynamic(caddr_t loadbase __unused, Elf_Dyn *dynamic __unused) return (0); } + +static Elf_Note gnu_property_note = { + .n_namesz = sizeof(GNU_ABI_VENDOR), + .n_descsz = 16, + .n_type = NT_GNU_PROPERTY_TYPE_0, +}; + +static bool +gnu_property_cb(const Elf_Note *note, void *arg0, bool *res) +{ + const uint32_t *data; + uintptr_t p; + + *res = false; + p = (uintptr_t)(note + 1); + p += roundup2(note->n_namesz, 4); + data = (const uint32_t *)p; + if (data[0] != GNU_PROPERTY_AARCH64_FEATURE_1_AND) + return (false); + /* + * The data length should be at least the size of a uint32, and be + * a multiple of uint32_t's + */ + if (data[1] < sizeof(uint32_t) || (data[1] % sizeof(uint32_t)) != 0) + return (false); + if ((data[2] & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) != 0) + *res = true; + + return (true); +} + +static void +arm64_exec_protect(struct image_params *imgp, int flags __unused) +{ + const Elf_Ehdr *hdr; + const Elf_Phdr *phdr; + vm_offset_t sva, eva; + int i; + bool found; + + /* Skip if BTI is not supported */ + if ((elf_hwcap2 & HWCAP2_BTI) == 0) + return; + + hdr = (const Elf_Ehdr *)imgp->image_header; + phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff); + + found = false; + for (i = 0; i < hdr->e_phnum; i++) { + if (phdr[i].p_type == PT_NOTE && __elfN(parse_notes)(imgp, + &gnu_property_note, GNU_ABI_VENDOR, &phdr[i], + gnu_property_cb, NULL)) { + found = true; + break; + } + } + if (!found) + return; + + for (i = 0; i < hdr->e_phnum; i++) { + if (phdr[i].p_type != PT_LOAD || phdr[i].p_memsz == 0) + continue; + + sva = phdr[i].p_vaddr + imgp->et_dyn_addr; + eva = sva + phdr[i].p_memsz; + pmap_bti_set(vmspace_pmap(imgp->proc->p_vmspace), sva, eva); + } +}