git: fe55780e5f10 - main - arm64: Enable pointer authentication with QARMA3

Mon, 23 Jun 2025 09:34:49 -0700 

The branch main has been updated by andrew:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=fe55780e5f104d05475726eba0b05236358a9864

commit fe55780e5f104d05475726eba0b05236358a9864
Author:     Andrew Turner <and...@freebsd.org>
AuthorDate: 2025-06-21 00:28:56 +0000
Commit:     Andrew Turner <and...@freebsd.org>
CommitDate: 2025-06-21 00:28:56 +0000

    arm64: Enable pointer authentication with QARMA3
    
    When the QARMA3 algorithm is used the ID_AA64ISAR2_EL1.APA3 field is
    non-zero. Include this in the check for enabling pointer auth.
    
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D49710
---
 sys/arm64/arm64/ptrauth.c | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/sys/arm64/arm64/ptrauth.c b/sys/arm64/arm64/ptrauth.c
index dd36e66c85bb..a943220d66cd 100644
--- a/sys/arm64/arm64/ptrauth.c
+++ b/sys/arm64/arm64/ptrauth.c
@@ -85,7 +85,7 @@ ptrauth_disable(void)
 static bool
 ptrauth_check(const struct cpu_feat *feat __unused, u_int midr __unused)
 {
-       uint64_t isar1;
+       uint64_t isar;
        int pac_enable;
 
        /*
@@ -100,9 +100,6 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int 
midr __unused)
                goto out;
        }
 
-       if (!get_kernel_reg(ID_AA64ISAR1_EL1, &isar1))
-               goto out;
-
        if (ptrauth_disable())
                goto out;
 
@@ -111,13 +108,36 @@ ptrauth_check(const struct cpu_feat *feat __unused, u_int 
midr __unused)
         * it will also be available on any non-boot CPUs. If this is ever
         * not the case we will have to add a quirk.
         */
-       return (ID_AA64ISAR1_APA_VAL(isar1) > 0 ||
-           ID_AA64ISAR1_API_VAL(isar1) > 0);
+
+       /*
+        * The QARMA5 or implementation efined algorithms are reported in
+        * ID_AA64ISAR1_EL1.
+        */
+       if (get_kernel_reg(ID_AA64ISAR1_EL1, &isar)) {
+               if (ID_AA64ISAR1_APA_VAL(isar) > 0 ||
+                   ID_AA64ISAR1_API_VAL(isar) > 0) {
+                       return (true);
+               }
+       }
+
+       /* The QARMA3 algorithm is reported in ID_AA64ISAR2_EL1. */
+       if (get_kernel_reg(ID_AA64ISAR2_EL1, &isar)) {
+               if (ID_AA64ISAR2_APA3_VAL(isar) > 0) {
+                       return (true);
+               }
+       }
 
 out:
+       /*
+        * Pointer authentication may be disabled, mask out the ID fields we
+        * expose to userspace and the rest of the kernel so they don't try
+        * to use it.
+        */
        update_special_reg(ID_AA64ISAR1_EL1, ID_AA64ISAR1_API_MASK |
            ID_AA64ISAR1_APA_MASK | ID_AA64ISAR1_GPA_MASK |
            ID_AA64ISAR1_GPI_MASK, 0);
+       update_special_reg(ID_AA64ISAR2_EL1, ID_AA64ISAR2_APA3_MASK, 0);
+
        return (false);
 }

Reply via email to