CVS commit: src/sys/arch

["Maxime Villard" <maxv%netbsd.org@localhost>]

Module Name:    src
Committed By:   maxv
Date:           Mon Apr 13 05:40:26 UTC 2020

Modified Files:
        src/sys/arch/aarch64/aarch64: aarch64_machdep.c cpuswitch.S pmap.c
            pmapboot.c trap.c vectors.S
        src/sys/arch/aarch64/conf: Makefile.aarch64
        src/sys/arch/arm/conf: files.arm
        src/sys/arch/arm/include: asm.h
        src/sys/arch/evbarm/conf: GENERIC64

Log Message:
Add support for Branch Target Identification (BTI).

On the executable pages that have the GP (Guarded Page) bit, the semantic
of the "br" and "blr" instructions is changed: the CPU expects the first
instruction of the jump/call target to be "bti", and faults if it isn't.

We add the GP bit on the kernel .text pages (and incidentally the .rodata
pages, but we don't care). The compiler adds a "bti c" instruction at the
beginning of each C function. We modify the ENTRY() macros to manually add
"bti c" in the asm functions.

cpuswitch.S needs a specific change: with "br x27" the CPU expects "bti j",
which is bad because the functions begin with "bti c"; switch to "br x16",
for the CPU to accept "bti c".

BTI helps defend against JOP/COP. Tested on Qemu.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/sys/arch/aarch64/aarch64/aarch64_machdep.c
cvs rdiff -u -r1.16 -r1.17 src/sys/arch/aarch64/aarch64/cpuswitch.S
cvs rdiff -u -r1.69 -r1.70 src/sys/arch/aarch64/aarch64/pmap.c
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/aarch64/aarch64/pmapboot.c
cvs rdiff -u -r1.26 -r1.27 src/sys/arch/aarch64/aarch64/trap.c
cvs rdiff -u -r1.13 -r1.14 src/sys/arch/aarch64/aarch64/vectors.S
cvs rdiff -u -r1.18 -r1.19 src/sys/arch/aarch64/conf/Makefile.aarch64
cvs rdiff -u -r1.154 -r1.155 src/sys/arch/arm/conf/files.arm
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/arm/include/asm.h
cvs rdiff -u -r1.150 -r1.151 src/sys/arch/evbarm/conf/GENERIC64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.