xref: /freebsd/sys/arm64/include/asm.h (revision e51b3d8e53cee7d6a36e34e1cd4d588593d71b40)
1 /*-
2  * Copyright (c) 2014 Andrew Turner
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #ifdef __arm__
28 #include <arm/asm.h>
29 #else /* !__arm__ */
30 
31 #ifndef _MACHINE_ASM_H_
32 #define	_MACHINE_ASM_H_
33 
34 #undef __FBSDID
35 #if !defined(lint) && !defined(STRIP_FBSDID)
36 #define	__FBSDID(s)     .ident s
37 #else
38 #define	__FBSDID(s)     /* nothing */
39 #endif
40 
41 #define	_C_LABEL(x)	x
42 
43 #ifdef KDTRACE_HOOKS
44 #define	DTRACE_NOP	nop
45 #else
46 #define	DTRACE_NOP
47 #endif
48 
49 #define	LENTRY(sym)						\
50 	.text; .align 2; .type sym,#function; sym:		\
51 	.cfi_startproc; BTI_C; DTRACE_NOP
52 #define	ENTRY(sym)						\
53 	.globl sym; LENTRY(sym)
54 #define	EENTRY(sym)						\
55 	.globl	sym; .text; .align 2; .type sym,#function; sym:
56 #define	LEND(sym) .ltorg; .cfi_endproc; .size sym, . - sym
57 #define	END(sym) LEND(sym)
58 #define	EEND(sym)
59 
60 #define	WEAK_REFERENCE(sym, alias)				\
61 	.weak alias;						\
62 	.set alias,sym
63 
64 #define	UINT64_C(x)	(x)
65 
66 #if defined(PIC)
67 #define	PIC_SYM(x,y)	x ## @ ## y
68 #else
69 #define	PIC_SYM(x,y)	x
70 #endif
71 
72 /* Alias for link register x30 */
73 #define	lr		x30
74 
75 /*
76  * Sets the trap fault handler. The exception handler will return to the
77  * address in the handler register on a data abort or the xzr register to
78  * clear the handler. The tmp parameter should be a register able to hold
79  * the temporary data.
80  */
81 #define	SET_FAULT_HANDLER(handler, tmp)					\
82 	ldr	tmp, [x18, #PC_CURTHREAD];	/* Load curthread */	\
83 	ldr	tmp, [tmp, #TD_PCB];		/* Load the pcb */	\
84 	str	handler, [tmp, #PCB_ONFAULT]	/* Set the handler */
85 
86 #define	ENTER_USER_ACCESS(reg, tmp)					\
87 	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
88 	ldr	reg, [tmp];			/* Read it */		\
89 	cbz	reg, 997f;			/* If no PAN skip */	\
90 	.inst	0xd500409f | (0 << 8);		/* Clear PAN */		\
91 	997:
92 
93 #define	EXIT_USER_ACCESS(reg)						\
94 	cbz	reg, 998f;			/* If no PAN skip */	\
95 	.inst	0xd500409f | (1 << 8);		/* Set PAN */		\
96 	998:
97 
98 #define	EXIT_USER_ACCESS_CHECK(reg, tmp)				\
99 	ldr	tmp, =has_pan;			/* Get the addr of has_pan */ \
100 	ldr	reg, [tmp];			/* Read it */		\
101 	cbz	reg, 999f;			/* If no PAN skip */	\
102 	.inst	0xd500409f | (1 << 8);		/* Set PAN */		\
103 	999:
104 
105 /*
106  * Some AArch64 CPUs speculate past an eret instruction. As the user may
107  * control the registers at this point add a speculation barrier usable on
108  * all AArch64 CPUs after the eret instruction.
109  * TODO: ARMv8.5 adds a specific instruction for this, we could use that
110  * if we know we are running on something that supports it.
111  */
112 #define	ERET								\
113 	eret;								\
114 	dsb	sy;							\
115 	isb
116 
117 /*
118  * When a CPU that implements FEAT_BTI uses a BR/BLR instruction (or the
119  * pointer authentication variants, e.g. BLRAA) and the target location
120  * has the GP attribute in its page table, then the target of the BR/BLR
121  * needs to be a valid BTI landing pad.
122  *
123  * BTI_C should be used at the start of a function and is used in the
124  * ENTRY macro. It can be replaced by PACIASP or PACIBSP, however these
125  * also need an appropriate authenticate instruction before returning.
126  *
127  * BTI_J should be used as the target instruction when branching with a
128  * BR instruction within a function.
129  *
130  * When using a BR to branch to a new function, e.g. a tail call, then
131  * the target register should be x16 or x17 so it is compatible with
132  * the BRI_C instruction.
133  *
134  * As these instructions are in the hint space they are a NOP when
135  * the CPU doesn't implement FEAT_BTI so are safe to use.
136  */
137 #ifdef __ARM_FEATURE_BTI_DEFAULT
138 #define	BTI_C	hint	#34
139 #define	BTI_J	hint	#36
140 #else
141 #define	BTI_C
142 #define	BTI_J
143 #endif
144 
145 /*
146  * To help protect against ROP attacks we can use Pointer Authentication
147  * to sign the return address before pushing it to the stack.
148  *
149  * PAC_LR_SIGN can be used at the start of a function to sign the link
150  * register with the stack pointer as the modifier. As this is in the hint
151  * space it is safe to use on CPUs that don't implement pointer
152  * authentication. It can be used in place of the BTI_C instruction above as
153  * a valid BTI landing pad instruction.
154  *
155  * PAC_LR_AUTH is used to authenticate the link register using the stack
156  * pointer as the modifier. It should be used in any function that uses
157  * PAC_LR_SIGN. The stack pointer must be identical in each case.
158  */
159 #ifdef __ARM_FEATURE_PAC_DEFAULT
160 #define	PAC_LR_SIGN	hint	#25	/* paciasp */
161 #define	PAC_LR_AUTH	hint	#29	/* autiasp */
162 #else
163 #define	PAC_LR_SIGN
164 #define	PAC_LR_AUTH
165 #endif
166 
167 /*
168  * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE can be used to insert a note that
169  * the current assembly file is built with Pointer Authentication (PAC) or
170  * Branch Target Identification support (BTI). As the linker requires all
171  * object files in an executable or library to have the GNU property
172  * note to emit it in the created elf file we need to add a note to all
173  * assembly files that support BTI so the kernel and dynamic linker can
174  * mark memory used by the file as guarded.
175  *
176  * The GNU_PROPERTY_AARCH64_FEATURE_1_VAL macro encodes the combination
177  * of PAC and BTI that have been enabled. It can be used as follows:
178  * GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(GNU_PROPERTY_AARCH64_FEATURE_1_VAL);
179  *
180  * To use this you need to include <sys/elf_common.h> for
181  * GNU_PROPERTY_AARCH64_FEATURE_1_*
182  */
183 #if defined(__ARM_FEATURE_BTI_DEFAULT)
184 #if defined(__ARM_FEATURE_PAC_DEFAULT)
185 /* BTI, PAC */
186 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
187     (GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
188 #else
189 /* BTI, no PAC */
190 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
191     (GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
192 #endif
193 #elif defined(__ARM_FEATURE_PAC_DEFAULT)
194 /* No BTI, PAC */
195 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL				\
196     (GNU_PROPERTY_AARCH64_FEATURE_1_PAC)
197 #else
198 /* No BTI, no PAC */
199 #define	GNU_PROPERTY_AARCH64_FEATURE_1_VAL	0
200 #endif
201 
202 #if defined(__ARM_FEATURE_BTI_DEFAULT) || defined(__ARM_FEATURE_PAC_DEFAULT)
203 #define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)				\
204     .section .note.gnu.property, "a";					\
205     .balign 8;								\
206     .4byte 0x4;				/* sizeof(vendor) */		\
207     .4byte 0x10;			/* sizeof(note data) */		\
208     .4byte (NT_GNU_PROPERTY_TYPE_0);					\
209     .asciz "GNU";			/* vendor */			\
210     /* note data: */							\
211     .4byte (GNU_PROPERTY_AARCH64_FEATURE_1_AND);			\
212     .4byte 0x4;				/* sizeof(property) */		\
213     .4byte (x);				/* property */			\
214     .4byte 0
215 #else
216 #define	GNU_PROPERTY_AARCH64_FEATURE_1_NOTE(x)
217 #endif
218 
219 #endif /* _MACHINE_ASM_H_ */
220 
221 #endif /* !__arm__ */
222