CVS commit: src/sys/arch

["Maxime Villard" <maxv%netbsd.org@localhost>]

Module Name:    src
Committed By:   maxv
Date:           Sun Aug  2 06:58:16 UTC 2020

Modified Files:
        src/sys/arch/aarch64/aarch64: aarch64_machdep.c copyinout.S cpufunc.c
            db_interface.c fault.c fusu.S locore.S trap.c
        src/sys/arch/aarch64/include: armreg.h asm.h cpufunc.h
        src/sys/arch/arm/conf: files.arm
        src/sys/arch/evbarm/conf: GENERIC64

Log Message:
Add support for Privileged Access Never (ARMv8.1-PAN).

PAN provides the same functionality as SMAP on x86: it forbids kernel
access to userland pages when PSTATE.PAN=1, and allows such accesses when
PSTATE.PAN=0.

We clear SCTLR_SPAN, to guarantee that PAN=1 each time the kernel is
entered. We catch PAN faults and panic right away without further
processing. In copyin, copyout, etc, we temporarily authorize access to
userland pages.

PAN is a very useful exploit mitigation. Reviewed by ryo@, thanks. Tested
on Qemu. Enabled by default.


To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/sys/arch/aarch64/aarch64/aarch64_machdep.c
cvs rdiff -u -r1.10 -r1.11 src/sys/arch/aarch64/aarch64/copyinout.S
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/aarch64/aarch64/cpufunc.c
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/aarch64/aarch64/db_interface.c
cvs rdiff -u -r1.14 -r1.15 src/sys/arch/aarch64/aarch64/fault.c
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/aarch64/aarch64/fusu.S
cvs rdiff -u -r1.68 -r1.69 src/sys/arch/aarch64/aarch64/locore.S
cvs rdiff -u -r1.35 -r1.36 src/sys/arch/aarch64/aarch64/trap.c
cvs rdiff -u -r1.51 -r1.52 src/sys/arch/aarch64/include/armreg.h
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/aarch64/include/asm.h
cvs rdiff -u -r1.16 -r1.17 src/sys/arch/aarch64/include/cpufunc.h
cvs rdiff -u -r1.160 -r1.161 src/sys/arch/arm/conf/files.arm
cvs rdiff -u -r1.160 -r1.161 src/sys/arch/evbarm/conf/GENERIC64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.