arm64/include/asm.h

412042e2SAndrew Turner/*-
412042e2SAndrew Turner * Copyright (c) 2014 Andrew Turner
412042e2SAndrew Turner * All rights reserved.
412042e2SAndrew Turner *
412042e2SAndrew Turner * Redistribution and use in source and binary forms, with or without
412042e2SAndrew Turner * modification, are permitted provided that the following conditions
412042e2SAndrew Turner * are met:
412042e2SAndrew Turner * 1. Redistributions of source code must retain the above copyright
412042e2SAndrew Turner *    notice, this list of conditions and the following disclaimer.
412042e2SAndrew Turner * 2. Redistributions in binary form must reproduce the above copyright
412042e2SAndrew Turner *    notice, this list of conditions and the following disclaimer in the
412042e2SAndrew Turner *    documentation and/or other materials provided with the distribution.
412042e2SAndrew Turner *
412042e2SAndrew Turner * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
412042e2SAndrew Turner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
412042e2SAndrew Turner * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
412042e2SAndrew Turner * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
412042e2SAndrew Turner * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
412042e2SAndrew Turner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
412042e2SAndrew Turner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
412042e2SAndrew Turner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
412042e2SAndrew Turner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
412042e2SAndrew Turner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
412042e2SAndrew Turner * SUCH DAMAGE.
412042e2SAndrew Turner */
412042e2SAndrew Turner
d5d97bedSMike Karels#ifdef __arm__
d5d97bedSMike Karels#include <arm/asm.h>
d5d97bedSMike Karels#else /* !__arm__ */
d5d97bedSMike Karels
412042e2SAndrew Turner#ifndef _MACHINE_ASM_H_
412042e2SAndrew Turner#define	_MACHINE_ASM_H_
412042e2SAndrew Turner
412042e2SAndrew Turner#undef __FBSDID
412042e2SAndrew Turner#if !defined(lint) && !defined(STRIP_FBSDID)
412042e2SAndrew Turner#define	__FBSDID(s)     .ident s
412042e2SAndrew Turner#else
412042e2SAndrew Turner#define	__FBSDID(s)     /* nothing */
412042e2SAndrew Turner#endif
412042e2SAndrew Turner
412042e2SAndrew Turner#define	_C_LABEL(x)	x
412042e2SAndrew Turner
28d94520SAndrew Turner#ifdef KDTRACE_HOOKS
28d94520SAndrew Turner#define	DTRACE_NOP	nop
28d94520SAndrew Turner#else
28d94520SAndrew Turner#define	DTRACE_NOP
28d94520SAndrew Turner#endif
28d94520SAndrew Turner
6f8866afSAndrew Turner#define	LENTRY(sym)						\
6f8866afSAndrew Turner	.text; .align 2; .type sym,#function; sym:		\
e340882dSAndrew Turner	.cfi_startproc; BTI_C; DTRACE_NOP
6f8866afSAndrew Turner#define	ENTRY(sym)						\
6f8866afSAndrew Turner	.globl sym; LENTRY(sym)
412042e2SAndrew Turner#define	EENTRY(sym)						\
04b46559SAndrew Turner	.globl	sym; .text; .align 2; .type sym,#function; sym:
449ebf13SAndrew Turner#define	LEND(sym) .ltorg; .cfi_endproc; .size sym, . - sym
6f8866afSAndrew Turner#define	END(sym) LEND(sym)
412042e2SAndrew Turner#define	EEND(sym)
412042e2SAndrew Turner
412042e2SAndrew Turner#define	WEAK_REFERENCE(sym, alias)				\
412042e2SAndrew Turner	.weak alias;						\
412042e2SAndrew Turner	.set alias,sym
412042e2SAndrew Turner
412042e2SAndrew Turner#define	UINT64_C(x)	(x)
412042e2SAndrew Turner
412042e2SAndrew Turner#if defined(PIC)
412042e2SAndrew Turner#define	PIC_SYM(x,y)	x ## @ ## y
412042e2SAndrew Turner#else
412042e2SAndrew Turner#define	PIC_SYM(x,y)	x
412042e2SAndrew Turner#endif
412042e2SAndrew Turner
8b609ea5SAlexander Kabaev/* Alias for link register x30 */
8b609ea5SAlexander Kabaev#define	lr		x30
8b609ea5SAlexander Kabaev
412042e2SAndrew Turner/*
*05f6f65cSHarry Moulton * Check whether a given cpu feature is present, in the case it is not we jump
*05f6f65cSHarry Moulton * to the given label. The tmp register should be a register able to hold the
*05f6f65cSHarry Moulton * temporary data.
*05f6f65cSHarry Moulton */
*05f6f65cSHarry Moulton#define CHECK_CPU_FEAT(tmp, feat_reg, feat, label)	\
*05f6f65cSHarry Moulton	mrs tmp, ##feat_reg##_el1;	\
*05f6f65cSHarry Moulton	ubfx tmp, tmp, ##feat_reg##_##feat##_SHIFT, ##feat_reg##_##feat##_WIDTH; \
*05f6f65cSHarry Moulton	cbz tmp, label
*05f6f65cSHarry Moulton
*05f6f65cSHarry Moulton/*
412042e2SAndrew Turner * Sets the trap fault handler. The exception handler will return to the
412042e2SAndrew Turner * address in the handler register on a data abort or the xzr register to
412042e2SAndrew Turner * clear the handler. The tmp parameter should be a register able to hold
412042e2SAndrew Turner * the temporary data.
412042e2SAndrew Turner */
412042e2SAndrew Turner#define	SET_FAULT_HANDLER(handler, tmp)					\
412042e2SAndrew Turner	ldr	tmp, [x18, #PC_CURTHREAD];	/* Load curthread */	\
412042e2SAndrew Turner	ldr	tmp, [tmp, #TD_PCB];		/* Load the pcb */	\
412042e2SAndrew Turner	str	handler, [tmp, #PCB_ONFAULT]	/* Set the handler */
412042e2SAndrew Turner
d6a0af23SAndrew Turner#define	ENTER_USER_ACCESS(reg, tmp)					\
d6a0af23SAndrew Turner	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
d6a0af23SAndrew Turner	ldr	reg, [tmp];			/* Read it */		\
d6a0af23SAndrew Turner	cbz	reg, 997f;			/* If no PAN skip */	\
938e4b13SAndrew Turner	.arch_extension pan;						\
938e4b13SAndrew Turner	msr pan, #0;				/* Disable PAN checks */ \
938e4b13SAndrew Turner	.arch_extension nopan;						\
d6a0af23SAndrew Turner	997:
d6a0af23SAndrew Turner
d6a0af23SAndrew Turner#define	EXIT_USER_ACCESS(reg)						\
d6a0af23SAndrew Turner	cbz	reg, 998f;			/* If no PAN skip */	\
938e4b13SAndrew Turner	.arch_extension pan;						\
938e4b13SAndrew Turner	msr pan, #1;				/* Enable PAN checks */ \
938e4b13SAndrew Turner	.arch_extension nopan;						\
d6a0af23SAndrew Turner	998:
d6a0af23SAndrew Turner
d6a0af23SAndrew Turner#define	EXIT_USER_ACCESS_CHECK(reg, tmp)				\
d6a0af23SAndrew Turner	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
d6a0af23SAndrew Turner	ldr	reg, [tmp];			/* Read it */		\
d6a0af23SAndrew Turner	cbz	reg, 999f;			/* If no PAN skip */	\
938e4b13SAndrew Turner	.arch_extension pan;						\
938e4b13SAndrew Turner	msr pan, #1;				/* Enable PAN checks */ \
938e4b13SAndrew Turner	.arch_extension nopan;						\
d6a0af23SAndrew Turner	999:
d6a0af23SAndrew Turner
494278bbSAndrew Turner/*
494278bbSAndrew Turner * Some AArch64 CPUs speculate past an eret instruction. As the user may
494278bbSAndrew Turner * control the registers at this point add a speculation barrier usable on
494278bbSAndrew Turner * all AArch64 CPUs after the eret instruction.
494278bbSAndrew Turner * TODO: ARMv8.5 adds a specific instruction for this, we could use that
494278bbSAndrew Turner * if we know we are running on something that supports it.
494278bbSAndrew Turner */
494278bbSAndrew Turner#define	ERET								\
494278bbSAndrew Turner	eret;								\
494278bbSAndrew Turner	dsb	sy;							\
494278bbSAndrew Turner	isb
494278bbSAndrew Turner
e340882dSAndrew Turner/*
e340882dSAndrew Turner * When a CPU that implements FEAT_BTI uses a BR/BLR instruction (or the
e340882dSAndrew Turner * pointer authentication variants, e.g. BLRAA) and the target location
e340882dSAndrew Turner * has the GP attribute in its page table, then the target of the BR/BLR
e340882dSAndrew Turner * needs to be a valid BTI landing pad.
e340882dSAndrew Turner *
e340882dSAndrew Turner * BTI_C should be used at the start of a function and is used in the
e340882dSAndrew Turner * ENTRY macro. It can be replaced by PACIASP or PACIBSP, however these
e340882dSAndrew Turner * also need an appropriate authenticate instruction before returning.
e340882dSAndrew Turner *
e340882dSAndrew Turner * BTI_J should be used as the target instruction when branching with a
e340882dSAndrew Turner * BR instruction within a function.
e340882dSAndrew Turner *
e340882dSAndrew Turner * When using a BR to branch to a new function, e.g. a tail call, then
e340882dSAndrew Turner * the target register should be x16 or x17 so it is compatible with
e340882dSAndrew Turner * the BRI_C instruction.
e340882dSAndrew Turner *
e340882dSAndrew Turner * As these instructions are in the hint space they are a NOP when
e340882dSAndrew Turner * the CPU doesn't implement FEAT_BTI so are safe to use.
e340882dSAndrew Turner */
e340882dSAndrew Turner#ifdef __ARM_FEATURE_BTI_DEFAULT
e340882dSAndrew Turner#define	BTI_C	hint	#34
e340882dSAndrew Turner#define	BTI_J	hint	#36
e340882dSAndrew Turner#else
e340882dSAndrew Turner#define	BTI_C
e340882dSAndrew Turner#define	BTI_J
e340882dSAndrew Turner#endif
e340882dSAndrew Turner
82597d21SAndrew Turner/*
2b39a6f6SAndrew Turner * To help protect against ROP attacks we can use Pointer Authentication
2b39a6f6SAndrew Turner * to sign the return address before pushing it to the stack.
2b39a6f6SAndrew Turner *
2b39a6f6SAndrew Turner * PAC_LR_SIGN can be used at the start of a function to sign the link
2b39a6f6SAndrew Turner * register with the stack pointer as the modifier. As this is in the hint
2b39a6f6SAndrew Turner * space it is safe to use on CPUs that don't implement pointer
2b39a6f6SAndrew Turner * authentication. It can be used in place of the BTI_C instruction above as
2b39a6f6SAndrew Turner * a valid BTI landing pad instruction.
2b39a6f6SAndrew Turner *
2b39a6f6SAndrew Turner * PAC_LR_AUTH is used to authenticate the link register using the stack
2b39a6f6SAndrew Turner * pointer as the modifier. It should be used in any function that uses
2b39a6f6SAndrew Turner * PAC_LR_SIGN. The stack pointer must be identical in each case.
2b39a6f6SAndrew Turner */
2b39a6f6SAndrew Turner#ifdef __ARM_FEATURE_PAC_DEFAULT
2b39a6f6SAndrew Turner#define	PAC_LR_SIGN	hint	#25	/* paciasp */
2b39a6f6SAndrew Turner#define	PAC_LR_AUTH	hint	#29	/* autiasp */
2b39a6f6SAndrew Turner#else
2b39a6f6SAndrew Turner#define	PAC_LR_SIGN
2b39a6f6SAndrew Turner#define	PAC_LR_AUTH
2b39a6f6SAndrew Turner#endif
2b39a6f6SAndrew Turner
2b39a6f6SAndrew Turner/*
82597d21SAndrew Turner * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE can be used to insert a note that
82597d21SAndrew Turner * the current assembly file is built with Pointer Authentication (PAC) or
82597d21SAndrew Turner * Branch Target Identification support (BTI). As the linker requires all
82597d21SAndrew Turner * object files in an executable or library to have the GNU property
82597d21SAndrew Turner * note to emit it in the created elf file we need to add a note to all
82597d21SAndrew Turner * assembly files that support BTI so the kernel and dynamic linker can
82597d21SAndrew Turner * mark memory used by the file as guarded.
82597d21SAndrew Turner *
82597d21SAndrew Turner * The GNU_PROPERTY_AARCH64_FEATURE_1_VAL macro encodes the combination
82597d21SAndrew Turner * of PAC and BTI that have been enabled. It can be used as follows:
82597d21SAndrew Turner * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL);
82597d21SAndrew Turner *
82597d21SAndrew Turner * To use this you need to include <sys/elf_common.h> for
82597d21SAndrew Turner * GNU_PROPERTY_AARCH64_FEATURE_1_*
82597d21SAndrew Turner */
82597d21SAndrew Turner#if defined(__ARM_FEATURE_BTI_DEFAULT)
82597d21SAndrew Turner#if defined(__ARM_FEATURE_PAC_DEFAULT)
82597d21SAndrew Turner/* BTI, PAC */
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
82597d21SAndrew Turner    (GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
82597d21SAndrew Turner#else
82597d21SAndrew Turner/* BTI, no PAC */
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
82597d21SAndrew Turner    (GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
82597d21SAndrew Turner#endif
82597d21SAndrew Turner#elif defined(__ARM_FEATURE_PAC_DEFAULT)
82597d21SAndrew Turner/* No BTI, PAC */
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
82597d21SAndrew Turner    (GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
82597d21SAndrew Turner#else
82597d21SAndrew Turner/* No BTI, no PAC */
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL	0
82597d21SAndrew Turner#endif
82597d21SAndrew Turner
82597d21SAndrew Turner#if defined(__ARM_FEATURE_BTI_DEFAULT) || defined(__ARM_FEATURE_PAC_DEFAULT)
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)				\
82597d21SAndrew Turner    .section .note.gnu.property, "a";					\
82597d21SAndrew Turner    .balign 8;								\
82597d21SAndrew Turner    .4byte 0x4;				/* sizeof(vendor) */		\
82597d21SAndrew Turner    .4byte 0x10;			/* sizeof(note data) */		\
82597d21SAndrew Turner    .4byte (NT_GNU_PROPERTY_TYPE_0);					\
82597d21SAndrew Turner    .asciz "GNU";			/* vendor */			\
82597d21SAndrew Turner    /* note data: */							\
82597d21SAndrew Turner    .4byte (GNU_PROPERTY_AARCH64_FEATURE_1_AND);			\
82597d21SAndrew Turner    .4byte 0x4;				/* sizeof(property) */		\
82597d21SAndrew Turner    .4byte (x);				/* property */			\
82597d21SAndrew Turner    .4byte 0
82597d21SAndrew Turner#else
82597d21SAndrew Turner#define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)
82597d21SAndrew Turner#endif
82597d21SAndrew Turner
412042e2SAndrew Turner#endif /* _MACHINE_ASM_H_ */
d5d97bedSMike Karels
d5d97bedSMike Karels#endif /* !__arm__ */