git: c2e0d56f5e49 - main - arm64: Support BTI checking in most of the kernel
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 05 Jun 2024 09:29:13 UTC
The branch main has been updated by andrew:
URL: https://cgit.FreeBSD.org/src/commit/?id=c2e0d56f5e493a8514324fd5e062ddc99a68b599
commit c2e0d56f5e493a8514324fd5e062ddc99a68b599
Author: Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-06-04 12:46:46 +0000
Commit: Andrew Turner <andrew@FreeBSD.org>
CommitDate: 2024-06-05 09:23:40 +0000
arm64: Support BTI checking in most of the kernel
LLD has the -zbti-report=error argument to check if the BTI note is
present when linking. To allow for this to be used when linking the
kernel and modules:
- Add the BTI note to the remaining assembly files
- Mark ptrauth.c as protected by BTI
- Disable -zbti-report for vmm hypervisor switching code as it's not
used there.
The linux64 module doesn't build with the flag as it includes vdso code
that doesn't include the note.
Reviewed by: imp, kib, emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45466
---
sys/arm64/arm64/bus_space_asm.S | 4 ++++
sys/arm64/arm64/copyinout.S | 5 ++++-
sys/arm64/arm64/cpufunc_asm.S | 4 ++++
sys/arm64/arm64/exception.S | 3 +++
sys/arm64/arm64/hyp_stub.S | 4 ++++
sys/arm64/arm64/locore.S | 3 +++
sys/arm64/arm64/memcmp.S | 3 +++
sys/arm64/arm64/memcpy.S | 3 +++
sys/arm64/arm64/memset.S | 4 ++++
sys/arm64/arm64/sigtramp.S | 3 +++
sys/arm64/arm64/strcmp.S | 3 +++
sys/arm64/arm64/strncmp.S | 3 +++
sys/arm64/arm64/support.S | 4 ++++
sys/arm64/arm64/swtch.S | 3 +++
sys/arm64/vmm/vmm_call.S | 3 +++
sys/arm64/vmm/vmm_hyp_el2.S | 5 +++++
sys/cddl/dev/dtrace/aarch64/dtrace_asm.S | 3 +++
sys/conf/files.arm64 | 2 +-
sys/dev/psci/smccc_arm64.S | 5 +++++
sys/kern/firmw.S | 6 ++++++
sys/modules/vmm/Makefile | 2 +-
21 files changed, 72 insertions(+), 3 deletions(-)
diff --git a/sys/arm64/arm64/bus_space_asm.S b/sys/arm64/arm64/bus_space_asm.S
index bc9b41f96952..699a27bedab4 100644
--- a/sys/arm64/arm64/bus_space_asm.S
+++ b/sys/arm64/arm64/bus_space_asm.S
@@ -25,7 +25,9 @@
*
*/
+#include <sys/elf_common.h>
#include <machine/asm.h>
+
ENTRY(generic_bs_r_1)
ldrb w0, [x1, x2]
ret
@@ -475,3 +477,5 @@ generic_bs_poke_8f:
mov x0, #0
ret
END(generic_bs_poke_8)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/copyinout.S b/sys/arm64/arm64/copyinout.S
index 23f56ae85daa..26dd0b4cf14f 100644
--- a/sys/arm64/arm64/copyinout.S
+++ b/sys/arm64/arm64/copyinout.S
@@ -27,9 +27,10 @@
*
*/
-#include <machine/asm.h>
+#include <sys/elf_common.h>
#include <sys/errno.h>
+#include <machine/asm.h>
#include <machine/param.h>
#include <machine/vmparam.h>
@@ -220,3 +221,5 @@ ending:
mov x0, xzr /* return 0 */
ret
.size copycommon, . - copycommon
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/cpufunc_asm.S b/sys/arm64/arm64/cpufunc_asm.S
index 5a668aeb542e..a13b97c2cdee 100644
--- a/sys/arm64/arm64/cpufunc_asm.S
+++ b/sys/arm64/arm64/cpufunc_asm.S
@@ -29,7 +29,9 @@
*
*/
+#include <sys/elf_common.h>
#include <sys/errno.h>
+
#include <machine/asm.h>
#include <machine/param.h>
@@ -190,3 +192,5 @@ ENTRY(cache_maint_fault)
mov x0, #EFAULT
ret
END(cache_maint_fault)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/exception.S b/sys/arm64/arm64/exception.S
index 41d7e7f7ae1f..662684588e0c 100644
--- a/sys/arm64/arm64/exception.S
+++ b/sys/arm64/arm64/exception.S
@@ -25,6 +25,8 @@
*
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#include <machine/armreg.h>
#include "assym.inc"
@@ -324,3 +326,4 @@ exception_vectors:
vempty 0 /* FIQ 32-bit EL0 */
vector el0_serror 0 /* Error 32-bit EL0 */
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/hyp_stub.S b/sys/arm64/arm64/hyp_stub.S
index 42f76da95062..ee486edf67a0 100644
--- a/sys/arm64/arm64/hyp_stub.S
+++ b/sys/arm64/arm64/hyp_stub.S
@@ -24,6 +24,8 @@
* SUCH DAMAGE.
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
.macro vempty
@@ -63,3 +65,5 @@ hyp_stub_vectors:
vempty /* IRQ 32-bit EL1 */
vempty /* FIQ 32-bit EL1 */
vempty /* SError 32-bit EL1 */
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/locore.S b/sys/arm64/arm64/locore.S
index fffebe8f2b02..d1120e0476a2 100644
--- a/sys/arm64/arm64/locore.S
+++ b/sys/arm64/arm64/locore.S
@@ -26,6 +26,7 @@
#include "assym.inc"
#include "opt_kstack_pages.h"
+#include <sys/elf_common.h>
#include <sys/syscall.h>
#include <machine/asm.h>
#include <machine/armreg.h>
@@ -1006,3 +1007,5 @@ aarch32_esigcode:
.global sz_aarch32_sigcode
sz_aarch32_sigcode:
.quad aarch32_esigcode - aarch32_sigcode
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/memcmp.S b/sys/arm64/arm64/memcmp.S
index 8517a181f3f3..19f577f218e0 100644
--- a/sys/arm64/arm64/memcmp.S
+++ b/sys/arm64/arm64/memcmp.S
@@ -9,6 +9,8 @@
* ARMv8-a, AArch64, unaligned accesses.
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#define L(l) .L ## l
@@ -134,3 +136,4 @@ L(byte_loop):
END (memcmp)
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/memcpy.S b/sys/arm64/arm64/memcpy.S
index b394d6c1d30a..01daa8e1c228 100644
--- a/sys/arm64/arm64/memcpy.S
+++ b/sys/arm64/arm64/memcpy.S
@@ -11,6 +11,8 @@
*
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#define L(l) .L ## l
@@ -240,3 +242,4 @@ L(copy64_from_start):
END(memcpy)
EEND(memmove)
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/memset.S b/sys/arm64/arm64/memset.S
index ec434493ce13..f52bfd62cc54 100644
--- a/sys/arm64/arm64/memset.S
+++ b/sys/arm64/arm64/memset.S
@@ -31,6 +31,8 @@
*
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#define dstin x0
@@ -195,3 +197,5 @@ ENTRY(memset)
b.ne .Ltail_maybe_long
ret
END(memset)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/sigtramp.S b/sys/arm64/arm64/sigtramp.S
index f1936e695f33..3f1bb42c269f 100644
--- a/sys/arm64/arm64/sigtramp.S
+++ b/sys/arm64/arm64/sigtramp.S
@@ -27,6 +27,7 @@
*/
#include "assym.inc"
+#include <sys/elf_common.h>
#include <sys/syscall.h>
#include <machine/asm.h>
@@ -57,3 +58,5 @@ esigcode:
.global szsigcode
szsigcode:
.quad esigcode - sigcode
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/strcmp.S b/sys/arm64/arm64/strcmp.S
index 0d66aae07d9e..d31576bbcf34 100644
--- a/sys/arm64/arm64/strcmp.S
+++ b/sys/arm64/arm64/strcmp.S
@@ -12,6 +12,8 @@
* MTE compatible.
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#define L(l) .L ## l
@@ -187,3 +189,4 @@ L(done):
END (strcmp)
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/strncmp.S b/sys/arm64/arm64/strncmp.S
index 595de0312678..1b475b4ce449 100644
--- a/sys/arm64/arm64/strncmp.S
+++ b/sys/arm64/arm64/strncmp.S
@@ -11,6 +11,8 @@
* MTE compatible.
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#define L(l) .L ## l
@@ -305,3 +307,4 @@ L(ret0):
ret
END(strncmp)
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/support.S b/sys/arm64/arm64/support.S
index bb93cfd521e1..2d067c7f7730 100644
--- a/sys/arm64/arm64/support.S
+++ b/sys/arm64/arm64/support.S
@@ -29,6 +29,8 @@
*
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#include <machine/setjmp.h>
#include <machine/param.h>
@@ -387,3 +389,5 @@ ENTRY(pagezero_cache)
ret
END(pagezero_cache)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/arm64/swtch.S b/sys/arm64/arm64/swtch.S
index 9c43de3a9eae..ca00d473fd47 100644
--- a/sys/arm64/arm64/swtch.S
+++ b/sys/arm64/arm64/swtch.S
@@ -33,6 +33,8 @@
#include "opt_kstack_pages.h"
#include "opt_sched.h"
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
#include <machine/armreg.h>
.macro clear_step_flag pcbflags, tmp
@@ -277,3 +279,4 @@ ENTRY(savectx)
ret
END(savectx)
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/vmm/vmm_call.S b/sys/arm64/vmm/vmm_call.S
index fc28e3f173eb..8caf0465f938 100644
--- a/sys/arm64/vmm/vmm_call.S
+++ b/sys/arm64/vmm/vmm_call.S
@@ -28,6 +28,7 @@
* SUCH DAMAGE.
*/
+#include <sys/elf_common.h>
#include <machine/asm.h>
@@ -37,3 +38,5 @@ ENTRY(vmm_call_hyp)
hvc #0
ret
END(vmm_call_hyp)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/arm64/vmm/vmm_hyp_el2.S b/sys/arm64/vmm/vmm_hyp_el2.S
index 7012e238c9c8..0ba040ee7bad 100644
--- a/sys/arm64/vmm/vmm_hyp_el2.S
+++ b/sys/arm64/vmm/vmm_hyp_el2.S
@@ -28,6 +28,9 @@
* SUCH DAMAGE.
*/
+#include <sys/elf_common.h>
+
+#include <machine/asm.h>
#include <machine/param.h>
.section .rodata
@@ -37,3 +40,5 @@ vmm_hyp_code:
.incbin "vmm_hyp_blob.bin"
.globl vmm_hyp_code_end
vmm_hyp_code_end:
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/cddl/dev/dtrace/aarch64/dtrace_asm.S b/sys/cddl/dev/dtrace/aarch64/dtrace_asm.S
index 3984d12bf67b..a934733251a3 100644
--- a/sys/cddl/dev/dtrace/aarch64/dtrace_asm.S
+++ b/sys/cddl/dev/dtrace/aarch64/dtrace_asm.S
@@ -29,6 +29,7 @@
#include <sys/cpuvar_defs.h>
#include <sys/dtrace.h>
+#include <sys/elf_common.h>
#include <machine/armreg.h>
#include <machine/asm.h>
@@ -172,3 +173,5 @@ ENTRY(dtrace_casptr)
2: mov x0, x3 /* Return the value loaded from target */
RET
END(dtrace_casptr)
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index 8139a7af8ed3..26f9eaf193af 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64
@@ -65,7 +65,7 @@ arm64/arm64/nexus.c standard
arm64/arm64/ofw_machdep.c optional fdt
arm64/arm64/pl031_rtc.c optional fdt pl031
arm64/arm64/ptrauth.c standard \
- compile-with "${NORMAL_C:N-mbranch-protection*}"
+ compile-with "${NORMAL_C:N-mbranch-protection*} -mbranch-protection=bti"
arm64/arm64/pmap.c standard
arm64/arm64/ptrace_machdep.c standard
arm64/arm64/sigtramp.S standard
diff --git a/sys/dev/psci/smccc_arm64.S b/sys/dev/psci/smccc_arm64.S
index 25a64669fab3..2a3c09ec26b2 100644
--- a/sys/dev/psci/smccc_arm64.S
+++ b/sys/dev/psci/smccc_arm64.S
@@ -30,7 +30,10 @@
* SUCH DAMAGE.
*/
+#include <sys/elf_common.h>
+
#include <machine/asm.h>
+
.macro arm_smccc_1_0 insn
ENTRY(arm_smccc_\insn)
\insn #0
@@ -84,3 +87,5 @@ END(arm_smccc_1_2_\insn)
*/
arm_smccc_1_2 hvc
arm_smccc_1_2 smc
+
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
diff --git a/sys/kern/firmw.S b/sys/kern/firmw.S
index f0377c4e0584..cd808d4a9396 100644
--- a/sys/kern/firmw.S
+++ b/sys/kern/firmw.S
@@ -45,3 +45,9 @@ FIRMW_START(FIRMW_SYMBOL):
.type FIRMW_END(FIRMW_SYMBOL), %object
FIRMW_END(FIRMW_SYMBOL):
.size FIRMW_END(FIRMW_SYMBOL), . - FIRMW_END(FIRMW_SYMBOL)
+
+#if defined(__aarch64__)
+#include <machine/asm.h>
+#include <sys/elf_common.h>
+GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL)
+#endif
diff --git a/sys/modules/vmm/Makefile b/sys/modules/vmm/Makefile
index a98f0f27e25b..6737d868f2ea 100644
--- a/sys/modules/vmm/Makefile
+++ b/sys/modules/vmm/Makefile
@@ -50,7 +50,7 @@ vmm_hyp.o: vmm_hyp.c
vmm_hyp_blob.elf.full: vmm_hyp_exception.o vmm_hyp.o
${LD} -m ${LD_EMULATION} -Bdynamic -T ${SYSDIR}/conf/ldscript.arm64 \
- ${_LDFLAGS} --no-warn-mismatch --warn-common --export-dynamic \
+ ${_LDFLAGS:N-zbti-report*} --no-warn-mismatch --warn-common --export-dynamic \
--dynamic-linker /red/herring -X -o ${.TARGET} ${.ALLSRC} \
--defsym=_start='0x0' --defsym=text_start='0x0'