git: 4b39a12830fe - main - arm64: Disable PAC when booting on a Windows Dev Kit 2023

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Sun, 23 Apr 2023 17:56:07 UTC
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=4b39a12830feaf2ac49b157ed079c04114b1a3ca

commit 4b39a12830feaf2ac49b157ed079c04114b1a3ca
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-04-23 17:32:45 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-04-23 17:55:57 +0000

    arm64: Disable PAC when booting on a Windows Dev Kit 2023
    
    It appears that PAC registers are configured to trap upon access, but
    since the kernel starts in EL1 on this platform it has no ability to
    inspect or modify this configuration.  Simply disable PAC on this
    platform for now, since the kernel otherwise hangs during boot.
    
    PR:             270472
    Reviewed by:    andrew, emaste
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D39748
---
 sys/arm64/arm64/ptrauth.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c
index 5c129820cd37..f7bba82ab9d1 100644
--- a/sys/arm64/arm64/ptrauth.c
+++ b/sys/arm64/arm64/ptrauth.c
@@ -59,6 +59,31 @@ struct thread *ptrauth_switch(struct thread *);
 void ptrauth_exit_el0(struct thread *);
 void ptrauth_enter_el0(struct thread *);
 
+static bool
+ptrauth_disable(void)
+{
+	const char *family, *maker, *product;
+
+	family = kern_getenv("smbios.system.family");
+	maker = kern_getenv("smbios.system.maker");
+	product = kern_getenv("smbios.system.product");
+	if (family == NULL || maker == NULL || product == NULL)
+		return (false);
+
+	/*
+	 * The Dev Kit appears to be configured to trap upon access to PAC
+	 * registers, but the kernel boots at EL1 and so we have no way to
+	 * inspect or change this configuration.  As a workaround, simply
+	 * disable PAC on this platform.
+	 */
+	if (strcmp(maker, "Microsoft Corporation") == 0 &&
+	    strcmp(family, "Surface") == 0 &&
+	    strcmp(product, "Windows Dev Kit 2023") == 0)
+		return (true);
+
+	return (false);
+}
+
 void
 ptrauth_init(void)
 {
@@ -77,7 +102,11 @@ ptrauth_init(void)
 		return;
 	}
 
-	get_kernel_reg(ID_AA64ISAR1_EL1, &isar1);
+	if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1))
+		return;
+
+	if (ptrauth_disable())
+		return;
 
 	/*
 	 * This assumes if there is pointer authentication on the boot CPU