git: fe55780e5f10 - main - arm64: Enable pointer authentication with QARMA3

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Andrew Turner <andrew_at_FreeBSD.org>
Date: Mon, 23 Jun 2025 16:34:24 UTC
The branch main has been updated by andrew:

URL: https://cgit.FreeBSD.org/src/commit/?id=fe55780e5f104d05475726eba0b05236358a9864

commit fe55780e5f104d05475726eba0b05236358a9864
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2025-06-21 00:28:56 +0000
Commit:     Andrew Turner <andrew@FreeBSD.org>
CommitDate: 2025-06-21 00:28:56 +0000

    arm64: Enable pointer authentication with QARMA3
    
    When the QARMA3 algorithm is used the ID_AA64ISAR2_EL1.APA3 field is
    non-zero. Include this in the check for enabling pointer auth.
    
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D49710
---
 sys/arm64/arm64/ptrauth.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c
index dd36e66c85bb..a943220d66cd 100644
--- a/sys/arm64/arm64/ptrauth.c
+++ b/sys/arm64/arm64/ptrauth.c
@@ -85,7 +85,7 @@ ptrauth_disable(void)
 static bool
 ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused)
 {
-	uint64_t isar1;
+	uint64_t isar;
 	int pac_enable;
 
 	/*
@@ -100,9 +100,6 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused)
 		goto out;
 	}
 
-	if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1))
-		goto out;
-
 	if (ptrauth_disable())
 		goto out;
 
@@ -111,13 +108,36 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused)
 	 * it will also be available on any non-boot CPUs. If this is ever
 	 * not the case we will have to add a quirk.
 	 */
-	return (ID_AA64ISAR1_APA_VAL(isar1) > 0 ||
-	    ID_AA64ISAR1_API_VAL(isar1) > 0);
+
+	/*
+	 * The QARMA5 or implementation efined algorithms are reported in
+	 * ID_AA64ISAR1_EL1.
+	 */
+	if (get_kernel_reg(ID_AA64ISAR1_EL1, &isar)) {
+		if (ID_AA64ISAR1_APA_VAL(isar) > 0 ||
+		    ID_AA64ISAR1_API_VAL(isar) > 0) {
+			return (true);
+		}
+	}
+
+	/* The QARMA3 algorithm is reported in ID_AA64ISAR2_EL1. */
+	if (get_kernel_reg(ID_AA64ISAR2_EL1, &isar)) {
+		if (ID_AA64ISAR2_APA3_VAL(isar) > 0) {
+			return (true);
+		}
+	}
 
 out:
+	/*
+	 * Pointer authentication may be disabled, mask out the ID fields we
+	 * expose to userspace and the rest of the kernel so they don't try
+	 * to use it.
+	 */
 	update_special_reg(ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_MASK |
 	    ID_AA64ISAR1_APA_MASK | ID_AA64ISAR1_GPA_MASK |
 	    ID_AA64ISAR1_GPI_MASK, 0);
+	update_special_reg(ID_AA64ISAR2_EL1, ID_AA64ISAR2_APA3_MASK, 0);
+
 	return (false);
 }