xref: /freebsd/sys/arm64/include/asm.h (revision db33c6f3ae9d1231087710068ee4ea5398aacca7)
1 /*-
2  * Copyright (c) 2014 Andrew Turner
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #ifdef __arm__
28 #include <arm/asm.h>
29 #else /* !__arm__ */
30 
31 #ifndef _MACHINE_ASM_H_
32 #define	_MACHINE_ASM_H_
33 
34 #undef __FBSDID
35 #if !defined(lint) && !defined(STRIP_FBSDID)
36 #define	__FBSDID(s)     .ident s
37 #else
38 #define	__FBSDID(s)     /* nothing */
39 #endif
40 
41 #define	_C_LABEL(x)	x
42 
43 #ifdef KDTRACE_HOOKS
44 #define	DTRACE_NOP	nop
45 #else
46 #define	DTRACE_NOP
47 #endif
48 
49 #define	LENTRY(sym)						\
50 	.text; .align 2; .type sym,#function; sym:		\
51 	.cfi_startproc; BTI_C; DTRACE_NOP
52 #define	ENTRY(sym)						\
53 	.globl sym; LENTRY(sym)
54 #define	EENTRY(sym)						\
55 	.globl	sym; .text; .align 2; .type sym,#function; sym:
56 #define	LEND(sym) .ltorg; .cfi_endproc; .size sym, . - sym
57 #define	END(sym) LEND(sym)
58 #define	EEND(sym)
59 
60 #define	WEAK_REFERENCE(sym, alias)				\
61 	.weak alias;						\
62 	.set alias,sym
63 
64 #define	UINT64_C(x)	(x)
65 
66 #if defined(PIC)
67 #define	PIC_SYM(x,y)	x ## @ ## y
68 #else
69 #define	PIC_SYM(x,y)	x
70 #endif
71 
72 /* Alias for link register x30 */
73 #define	lr		x30
74 
75 /*
76  * Sets the trap fault handler. The exception handler will return to the
77  * address in the handler register on a data abort or the xzr register to
78  * clear the handler. The tmp parameter should be a register able to hold
79  * the temporary data.
80  */
81 #define	SET_FAULT_HANDLER(handler, tmp)					\
82 	ldr	tmp, [x18, #PC_CURTHREAD];	/* Load curthread */	\
83 	ldr	tmp, [tmp, #TD_PCB];		/* Load the pcb */	\
84 	str	handler, [tmp, #PCB_ONFAULT]	/* Set the handler */
85 
86 #define	ENTER_USER_ACCESS(reg, tmp)					\
87 	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
88 	ldr	reg, [tmp];			/* Read it */		\
89 	cbz	reg, 997f;			/* If no PAN skip */	\
90 	.arch_extension pan;						\
91 	msr pan, #0;				/* Disable PAN checks */ \
92 	.arch_extension nopan;						\
93 	997:
94 
95 #define	EXIT_USER_ACCESS(reg)						\
96 	cbz	reg, 998f;			/* If no PAN skip */	\
97 	.arch_extension pan;						\
98 	msr pan, #1;				/* Enable PAN checks */ \
99 	.arch_extension nopan;						\
100 	998:
101 
102 #define	EXIT_USER_ACCESS_CHECK(reg, tmp)				\
103 	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
104 	ldr	reg, [tmp];			/* Read it */		\
105 	cbz	reg, 999f;			/* If no PAN skip */	\
106 	.arch_extension pan;						\
107 	msr pan, #1;				/* Enable PAN checks */ \
108 	.arch_extension nopan;						\
109 	999:
110 
111 /*
112  * Some AArch64 CPUs speculate past an eret instruction. As the user may
113  * control the registers at this point add a speculation barrier usable on
114  * all AArch64 CPUs after the eret instruction.
115  * TODO: ARMv8.5 adds a specific instruction for this, we could use that
116  * if we know we are running on something that supports it.
117  */
118 #define	ERET								\
119 	eret;								\
120 	dsb	sy;							\
121 	isb
122 
123 /*
124  * When a CPU that implements FEAT_BTI uses a BR/BLR instruction (or the
125  * pointer authentication variants, e.g. BLRAA) and the target location
126  * has the GP attribute in its page table, then the target of the BR/BLR
127  * needs to be a valid BTI landing pad.
128  *
129  * BTI_C should be used at the start of a function and is used in the
130  * ENTRY macro. It can be replaced by PACIASP or PACIBSP, however these
131  * also need an appropriate authenticate instruction before returning.
132  *
133  * BTI_J should be used as the target instruction when branching with a
134  * BR instruction within a function.
135  *
136  * When using a BR to branch to a new function, e.g. a tail call, then
137  * the target register should be x16 or x17 so it is compatible with
138  * the BRI_C instruction.
139  *
140  * As these instructions are in the hint space they are a NOP when
141  * the CPU doesn't implement FEAT_BTI so are safe to use.
142  */
143 #ifdef __ARM_FEATURE_BTI_DEFAULT
144 #define	BTI_C	hint	#34
145 #define	BTI_J	hint	#36
146 #else
147 #define	BTI_C
148 #define	BTI_J
149 #endif
150 
151 /*
152  * To help protect against ROP attacks we can use Pointer Authentication
153  * to sign the return address before pushing it to the stack.
154  *
155  * PAC_LR_SIGN can be used at the start of a function to sign the link
156  * register with the stack pointer as the modifier. As this is in the hint
157  * space it is safe to use on CPUs that don't implement pointer
158  * authentication. It can be used in place of the BTI_C instruction above as
159  * a valid BTI landing pad instruction.
160  *
161  * PAC_LR_AUTH is used to authenticate the link register using the stack
162  * pointer as the modifier. It should be used in any function that uses
163  * PAC_LR_SIGN. The stack pointer must be identical in each case.
164  */
165 #ifdef __ARM_FEATURE_PAC_DEFAULT
166 #define	PAC_LR_SIGN	hint	#25	/* paciasp */
167 #define	PAC_LR_AUTH	hint	#29	/* autiasp */
168 #else
169 #define	PAC_LR_SIGN
170 #define	PAC_LR_AUTH
171 #endif
172 
173 /*
174  * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE can be used to insert a note that
175  * the current assembly file is built with Pointer Authentication (PAC) or
176  * Branch Target Identification support (BTI). As the linker requires all
177  * object files in an executable or library to have the GNU property
178  * note to emit it in the created elf file we need to add a note to all
179  * assembly files that support BTI so the kernel and dynamic linker can
180  * mark memory used by the file as guarded.
181  *
182  * The GNU_PROPERTY_AARCH64_FEATURE_1_VAL macro encodes the combination
183  * of PAC and BTI that have been enabled. It can be used as follows:
184  * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL);
185  *
186  * To use this you need to include <sys/elf_common.h> for
187  * GNU_PROPERTY_AARCH64_FEATURE_1_*
188  */
189 #if defined(__ARM_FEATURE_BTI_DEFAULT)
190 #if defined(__ARM_FEATURE_PAC_DEFAULT)
191 /* BTI, PAC */
192 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
193     (GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
194 #else
195 /* BTI, no PAC */
196 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
197     (GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
198 #endif
199 #elif defined(__ARM_FEATURE_PAC_DEFAULT)
200 /* No BTI, PAC */
201 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
202     (GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
203 #else
204 /* No BTI, no PAC */
205 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL	0
206 #endif
207 
208 #if defined(__ARM_FEATURE_BTI_DEFAULT) || defined(__ARM_FEATURE_PAC_DEFAULT)
209 #define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)				\
210     .section .note.gnu.property, "a";					\
211     .balign 8;								\
212     .4byte 0x4;				/* sizeof(vendor) */		\
213     .4byte 0x10;			/* sizeof(note data) */		\
214     .4byte (NT_GNU_PROPERTY_TYPE_0);					\
215     .asciz "GNU";			/* vendor */			\
216     /* note data: */							\
217     .4byte (GNU_PROPERTY_AARCH64_FEATURE_1_AND);			\
218     .4byte 0x4;				/* sizeof(property) */		\
219     .4byte (x);				/* property */			\
220     .4byte 0
221 #else
222 #define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)
223 #endif
224 
225 #endif /* _MACHINE_ASM_H_ */
226 
227 #endif /* !__arm__ */
228