Commit Graph

199 Commits

Author SHA1 Message Date
Konstantin Belousov
fd8d844f76 amd64 KPTI: add control from procctl(2).
Add the infrastructure to allow MD procctl(2) commands, and use it to
introduce amd64 PTI control and reporting.  PTI mode cannot be
modified for existing pmap, the knob controls PTI of the new vmspace
created on exec.

Requested by:	jhb
Reviewed by:	jhb, markj (previous version)
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D19514
2019-03-16 11:44:33 +00:00
Konstantin Belousov
e7a9df16e6 Add kernel support for Intel userspace protection keys feature on
Skylake Xeons.

See SDM rev. 68 Vol 3 4.6.2 Protection Keys and the description of the
RDPKRU and WRPKRU instructions.

Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D18893
2019-02-20 09:51:13 +00:00
David E. O'Brien
09efc56d66 Follow arm[32] and sparc64 KAPI and provide the FreeBSD standard spelling
across all architectures for this header.

Reviewed by:	stevek
Obtained from:	Juniper Networks
2019-01-29 20:10:27 +00:00
Olivier Houchard
9cd27257d5 Introduce cpu_icache_sync_range_checked(), that does the same thing as
cpu_icache_sync_range(), except that it sets pcb_onfault to catch any page
fault, as doing cache maintenance operations for non-mapped generates a
data abort, and use it in freebsd32_sysarch(), so that a userland program
attempting to sync the icache with unmapped addresses doesn't crash the
kernel.

Spotted out by:	andrew
2019-01-13 23:29:46 +00:00
Olivier Houchard
8c9c3144cc Impleent COMPAT_FREEBSD32 for arm64.
This is based on early work by andrew@.
2019-01-13 19:49:46 +00:00
Andrew Turner
9c871ab54a Fix a comment, pushed onto is two words.
While here make the comments sentences.

Sponsored by:	DARPA, AFRL
2019-01-10 16:31:07 +00:00
John Baldwin
4cbbb74888 Add a KPI for the delay while spinning on a spin lock.
Replace a call to DELAY(1) with a new cpu_lock_delay() KPI.  Currently
cpu_lock_delay() is defined to DELAY(1) on all platforms.  However,
platforms with a DELAY() implementation that uses spin locks should
implement a custom cpu_lock_delay() doesn't use locks.

Reviewed by:	kib
MFC after:	3 days
2018-11-05 21:34:17 +00:00
Andrew Turner
a9725b6332 Add the ARMv8.3 SCTLR_EL1 fields.
While here tag which architecture release fields were added and remove a
field that only existed in very early releases of the ARMv8 spec.

Sponsored by:	DARPA, AFRL
2018-11-01 17:43:28 +00:00
Andrew Turner
b4b90c1f4c Add the ARMv8.3 HCR_EL2 register fields.
MFC after:	1 month
Sponsored by:	DARPA, AFRL
2018-11-01 17:05:10 +00:00
Brooks Davis
c3adaa3305 Consolidate identical ELF auxargs type defintions.
All platforms except powerpc use the same values and powerpc shares a
majority of them.

Go ahead and declare AT_NOTELF, AT_UID, and AT_EUID in favor of the
unused AT_DCACHEBSIZE, AT_ICACHEBSIZE, and AT_UCACHEBSIZE for powerpc.

Reviewed by:	jhb, imp
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17397
2018-10-22 22:24:32 +00:00
Andrew Turner
5bb9cd6123 Fix the ID_AA64ISAR0_EL1 dot product field shift.
It's 44 in the documentation, use this correct value.

MFC after:	3 days
2018-10-22 15:06:14 +00:00
Andrew Turner
71374d5d99 Correctly set the DAIF bits in new threads
We should only unmask interrupts when creating a new thread and leave the
other exceptions in teh same state as before creating the thread.

Reported by:	jhibbits
Reviewed by:	jhibbits
MFC after:	1 month
Sponsored by:	https://reviews.freebsd.org/D17497
2018-10-22 14:58:59 +00:00
Andrew Turner
8696dcdacf Add kernel ifunc support on arm64.
Tested with ifunc resolvers in the kernel and module with calls from
kernel to kernel, module to kernel, and module to module.

Reviewed by:	kib (previous version)
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17370
2018-10-01 18:51:08 +00:00
Emmanuel Vadot
47d41ab50e arm64: Raise again L3 table for early devmap
The initial raise in r336519 wasn't enough for using big resolution
(1920 x 1200 for example). Raise it again.

Reported by:	bob prohaska <fbsd@www.zefox.net>
Tested by:	bob prohaska <fbsd@www.zefox.net>
Approved by:	re (gjb@)
2018-10-01 14:27:53 +00:00
Andrew Turner
c7637c4d19 Move the undefined instruction handler to identcpu.c so we have access
to the registers from boot.

Approved by:	re (kib)
Sponsored by:	ABT Systems Ltd
Differential Revision:	https://reviews.freebsd.org/D17301
2018-09-27 13:50:57 +00:00
Konstantin Belousov
50cd0be78f Catch exceptions during EFI RT calls on amd64.
This appeared to be required to have EFI RT support and EFI RTC
enabled by default, because there are too many reports of faulting
calls on many different machines.  The knob is added to leave the
exceptions unhandled to allow to debug the actual bugs.

Reviewed by:	kevans
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:    re (rgrimes)
Differential revision:	https://reviews.freebsd.org/D16972
2018-09-02 21:37:05 +00:00
Andrew Turner
100a6d1905 Use int for the pcpu_ssbd argument. This is included from userland and may
not include the needed headers to get the bool definition.

Reported by:	manu
Pointy hat to:	andrew
Sponsored by:	DARPA, AFRL
2018-07-31 15:08:02 +00:00
Andrew Turner
0594061ee6 Implement the SSBD (CVE-2018-3639) workaround on arm64
This calls into the Arm Trusted Firmware to enable and disable the
workaround for the Speculative Store Bypass Disable (SSBD) issue, also
known as Spectre Variant 4.

As this may have a large performance overhead, and how exploitable SSBD is
is unknown we follow the Linux lead of allowing the administrator to select
between always on, always off, or only enabled in the kernel, with the
latter being the default.

PR:		228955
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15819
2018-07-31 12:53:27 +00:00
Mark Johnston
398a929f42 Add support for pmap_enter(psind = 1) to the arm64 pmap.
See the commit log messages for r321378 and r336288 for descriptions of
this functionality.

Reviewed by:	alc
Differential Revision:	https://reviews.freebsd.org/D16303
2018-07-20 16:37:04 +00:00
Emmanuel Vadot
c54fe25dcb Raise the size of L3 table for early devmap on arm64
Some driver (like efifb) needs to map more than the current L2_SIZE
Raise the size so we can map the framebuffer setup by the bootloader.

Reviewed by:	cognet
2018-07-19 21:58:06 +00:00
Mark Johnston
1f15b0e6c0 Port r324665 and r325285 to arm64.
These changes ensure that reclaim_pv_chunk() can be safely be
executed concurrently by multiple threads.

Reviewed by:	alc
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16304
2018-07-18 17:58:17 +00:00
Warner Losh
9ecd7fdebe Remove VM_FREELIST_ISADMA. It's not needed on these architectures.
Differential Review: https://reviews.freebsd.org/D16290
2018-07-17 21:07:53 +00:00
Wojciech Macek
45e8acf71c ARM64: Add ThunderX2 CPU revision macro. Add ThunderX2 name in identcpu.c
Submitted by:          Patryk Duda <pdk@semihalf.com>
Obtained from:         Semihalf
Sponsored by:          Cavium
2018-07-09 08:41:54 +00:00
John Baldwin
a9c91abd3b Export a breakpoint() function to userland for arm and arm64.
Enable ptrace() tests using breakpoint() on these architectures.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D15191
2018-07-06 23:49:17 +00:00
Matt Macy
ab3059a8e7 Back pcpu zone with domain correct pages
- Change pcpu zone consumers to use a stride size of PAGE_SIZE.
  (defined as UMA_PCPU_ALLOC_SIZE to make future identification easier)

- Allocate page from the correct domain for a given cpu.

- Don't initialize pc_domain to non-zero value if NUMA is not defined
  There are some misconceptions surrounding this field. It is the
  _VM_ NUMA domain and should only ever correspond to valid domain
  values as understood by the VM.

The former slab size of sizeof(struct pcpu) was somewhat arbitrary.
The new value is PAGE_SIZE because that's the smallest granularity
which the VM can allocate a slab for a given domain. If you have
fewer than PAGE_SIZE/8 counters on your system there will be some
memory wasted, but this is obviously something where you want the
cache line to be coming from the correct domain.

Reviewed by: jeff
Sponsored by: Limelight Networks
Differential Revision:  https://reviews.freebsd.org/D15933
2018-07-06 02:06:03 +00:00
Emmanuel Vadot
78442297f5 Add pmap_mapdev_attr for arm64
This is needed for efifb.
arm and ricv pmap (the two arch with arm64 that uses subr_devmap) have very
different implementation so for now only add this for arm64.

Tested with efifb on Pine64 with a few other patches.

Reviewed by:	cognet
Differential Revision:	https://reviews.freebsd.org/D15294
2018-06-20 16:07:35 +00:00
Andrew Turner
8b47c1ae54 Rename the ThunderX CPU identification macros to include the X. This is the
name people know the product by, and is consistent with the later SoC ID
macros.

Sponsored by:	DARPA, AFRL
2018-06-13 12:17:11 +00:00
Andrew Turner
0014ef8a04 Add more Cavium CPU part numbers.
While here split the lists by vendor.

Sponsored by:	DARPA, AFRL
2018-06-13 11:58:41 +00:00
Emmanuel Vadot
44654b755d arm64: fix atomic_fcmpset_16
newval needs to be uint16_t

Reported by:	andrew
2018-05-28 21:05:00 +00:00
Emmanuel Vadot
e39ce4cafb arm64: Add atomic_fcmpset_8 and atomic_fcmpset_16
Reviewed by:	cognet
2018-05-28 20:29:03 +00:00
Andrew Turner
b50b5555ef Remove physmap from the arm64 machdep.h. This was missed in r334162. 2018-05-24 16:07:47 +00:00
Mark Johnston
6514b4f061 Add GET_STACK_USAGE() for arm64.
Its absence meant that GEOM direct dispatch was disabled (the service
routines check the current thread's stack usage to determine whether
to hand off the request to a dedicated thread), and this change is
sufficient to enable direct dispatch by default.

Reviewed by:	allanjude
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D15527
2018-05-23 15:43:35 +00:00
Andrew Turner
fd5b330b19 Bump MAXCPUS on arm64. We are starting to see hardware with more than 96
cores so increase it to the same as amd64.

Sponsored by:	DARPA, AFRL
Sponsored by:	Cavium (Hardware)
2018-03-07 13:54:44 +00:00
Andrew Turner
e0fe10600a Create macros for the ACPI interrupt cross references. This is considered a
band aid until a better solution to find the correct interrupt controller
can be found.

While here fix one place in the GICv3 ITS driver where the offset wasn't
correctly applied.

Sponsored by:	DARPA, AFRL
Sponsored by:	Cavium (Hardware)
2018-03-07 13:16:03 +00:00
Conrad Meyer
849ce31a82 Remove unused error return from API that cannot fail
No implementation of fpu_kern_enter() can fail, and it was causing needless
error checking boilerplate and confusion. Change the return code to void to
match reality.

(This trivial change took nine days to land because of the commit hook on
sys/dev/random.  Please consider removing the hook or otherwise lowering the
bar -- secteam never seems to have free time to review patches.)

Reported by:	Lachlan McIlroy <Lachlan.McIlroy AT isilon.com>
Reviewed by:	delphij
Approved by:	secteam (delphij)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D14380
2018-02-23 20:15:19 +00:00
Warner Losh
ef1fcaf0f5 Do not include float interfaces when using libsa.
We don't support float in the boot loaders, so don't include
interfaces for float or double in systems headers. In addition, take
the unusual step of spiking double and float to prevent any more
accidental seepage.
2018-02-23 04:04:25 +00:00
Warner Losh
62bca77843 Move __va_list and related defines to sys/sys/_types.h
__va_list and related defines are identical in all the
ARCH/include/_types.h files. Move them to sys/sys/_types.h

Sponsored by: Netflix
2018-02-12 14:48:20 +00:00
Nathan Whitehorn
9a8196ce19 Remove SFBUF_OPTIONAL_DIRECT_MAP and such hacks, replacing them across the
kernel by PHYS_TO_DMAP() as previously present on amd64, arm64, riscv, and
powerpc64. This introduces a new MI macro (PMAP_HAS_DMAP) that can be
evaluated at runtime to determine if the architecture has a direct map;
if it does not (or does) unconditionally and PMAP_HAS_DMAP is either 0 or
1, the compiler can remove the conditional logic.

As part of this, implement PHYS_TO_DMAP() on sparc64 and mips64, which had
similar things but spelled differently. 32-bit MIPS has a partial direct-map
that maps poorly to this concept and is unchanged.

Reviewed by:		kib
Suggestions from:	marius, alc, kib
Runtime tested on:	amd64, powerpc64, powerpc, mips64
2018-01-19 17:46:31 +00:00
Andrew Turner
7023544aec Workaround Spectre Variant 2 on arm64.
We need to handle two cases:

1. One process attacking another process.
2. A process attacking the kernel.

For the first case we clear the branch predictor state on context switch
between different processes. For the second we do this when taking an
instruction abort on a non-userspace address.

To clear the branch predictor state a per-CPU function pointer has been
added. This is set by the new cpu errata code based on if the CPU is
known to be affected.

On Cortex-A57, A72, A73, and A75 we call into the PSCI firmware as newer
versions of this will clear the branch predictor state for us.

It has been reported the ThunderX is unaffected, however the ThunderX2 is
vulnerable. The Qualcomm Falkor core is also affected. As FreeBSD doesn't
yet run on the ThunderX2 or Falkor no workaround is included for these CPUs.

MFC after:	3 days
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D13812
2018-01-12 14:01:38 +00:00
Andrew Turner
4bb409fb8d Add a framework to install CPU errata on arm64. Each erratum can encode
a mask and value to compare with the Main ID Register. If these match then a
function is called to handle the installation of the erratum workaround.

No errata are currently handled, however this will change soon in a future
commit.

MFC after:	1 week
Sponsored by:	DARPA, AFRL
2018-01-09 14:33:05 +00:00
Andrew Turner
45a91d4538 Move some of the common thread switching code into C. This will help with
future optimisations, e.g. using Address Space IDs (asid).

MFC after:	1 week
Sponsored by:	DARPA, AFRL
2018-01-08 10:23:31 +00:00
Poul-Henning Kamp
8ba749fbe3 Introduce an architecture-agnostic <sys/_stdarg.h> to reduce
platform divergence.

Only architectures which pass arguments in registers (mips)
and platforms which use really weird compilers (any?) would
need to augment the contents of <sys/_stdarg.h>

Convert x86, arm and arm64 architectures to use <sys/_stdarg.h>
2017-12-25 20:54:00 +00:00
Konstantin Belousov
30d4f9e888 Add atomic_load(9) and atomic_store(9) operations.
They provide relaxed-ordered atomic access semantic.  Due to the
FreeBSD memory model, the operations are syntaxical wrappers around
the volatile accesses.  The volatile qualifier is used to ensure that
the access not optimized out and in turn depends on the volatile
semantic as implemented by supported compilers.

The motivation for adding the operation is to help people coming from
other systems or knowing the C11/C++ standards where atomics have
special type and require use of the special access operations.  It is
still the case that FreeBSD requires plain load and stores of aligned
integer types to be atomic.

Suggested by:	jhb
Reviewed by:	alc, jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D13534
2017-12-19 09:59:20 +00:00
Pedro F. Giffuni
796df753f4 SPDX: Consider code from Carnegie-Mellon University.
Interesting cases, most likely from CMU Mach sources.
2017-11-30 15:48:35 +00:00
Ed Schouten
2b6a8dd52c Add a Saved Process Status Register bit for AArch32 execution mode.
The documentation on the Saved Process Status Register (SPSR) is a bit
weird; the M[4] bit is documented separately from M[3:0]. The M[4] bit
can be toggled to switch to 32-bit execution mode. This functionality is
orthogonal to M[3:0].

Change the definition of PSR_M_MASK to no longer include M[4]. Add a new
definition, PSR_AARCH32 that can be used to toggle 32-bit independently.
This bit will be used by the cloudabi32 code to force execution of
userspace code in 32-bit mode.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D13148
2017-11-26 14:56:23 +00:00
Ed Schouten
7af24ff710 Make 32-bit system calls end up in svc_handler().
The nice thing about ARM64 is that it's pretty elegant to install
separate trap/exception handlers for 32-bit and 64-bit processes. That
said, for all other architectures (e.g., i386 on amd64) we always let
32-bit counterparts go through the regular system call codepath. Let's
do the same on ARM64.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D13146
2017-11-26 14:28:27 +00:00
Ed Schouten
9dcf90f8ad Add rudimentary support for building FreeBSD/arm64 with COMPAT_FREEBSD32.
Right now I'm using two Raspberry Pi's (2 and 3) to test CloudABI
support for armv6, armv7 and aarch64. It would be nice if I could
restrict this to just a single instance when testing smaller changes.
This is why I'd like to get COMPAT_CLOUDABI32 to work on arm64.

As COMPAT_CLOUDABI32 depends on COMPAT_FREEBSD32, at least for the ELF
loading, this change adds all of the bits necessary to at least build a
kernel with COMPAT_FREEBSD32. All of the machine dependent system calls
are still stubbed out, for the reason that implementations for these are
only useful if actual support for running FreeBSD binaries is added.
This is outside the scope of this work.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D13144
2017-11-24 13:50:53 +00:00
Andrew Turner
521018d379 Ensure we check the program state set in the trap frame on arm and arm64.
This value may be set by userspace so we need to check it before using it.
If this is not done correctly on exception return the kernel may continue
in kernel mode with all registers set to a userspace controlled value. Fix
this by moving the check into set_mcontext, and also add the missing
sanitisation from the arm64 set_regs.

Discussed with:	security-officer@
MFC after:	3 days
Sponsored by:	DARPA, AFRL
2017-11-23 17:40:40 +00:00
Emmanuel Vadot
7562d7ddbd loader.efi: Make framebuffer commands available for arm64
Move framebuffer.{c,h} to sys/boot/efi/loader and add the efifb
related metadata and pass it to the kernel

Reviewed by:	imp, andrew
Differential Revision:	https://reviews.freebsd.org/D12757
2017-10-25 18:55:04 +00:00
Michal Meloun
904d8c492f Add AT_HWCAP2 ELF auxiliary vector.
- allocate value for new AT_HWCAP2 auxiliary vector on all platforms.
 - expand 'struct sysentvec' by new 'u_long *sv_hwcap2', in exactly
   same way as for AT_HWCAP.

MFC after:	1 month
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D12699
2017-10-21 12:05:01 +00:00