d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
271,615 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
85b7c566f1
Go to file
Andrew Turner 85b7c566f1 Add arm64 pointer authentication support 
Pointer authentication allows userspace to add instructions to insert
a Pointer Authentication Code (PAC) into a register based on an address
and modifier and check if the PAC is correct. If the check fails it will
either return an invalid address or fault to the kernel.

As many of these instructions are a NOP when disabled and in earlier
revisions of the architecture this can be used, for example, to sign
the return address before pushing it to the stack making Return-oriented
programming (ROP) attack more difficult on hardware that supports them.

The kernel manages five 128 bit signing keys: 2 instruction keys, 2 data
keys, and a generic key. The instructions then use one of these when
signing the registers. Instructions that use the first four store the
PAC in the register being signed, however the instructions that use the
generic key store the PAC in a separate register.

Currently all userspace threads share all the keys within a process
with a new set of userspace keys being generated when executing a new
process. This means a forked child will share its keys with its parent
until it calls an appropriate exec system call.

In the kernel we allow the use of one of the instruction keys, the ia
key. This will be used to sign return addresses in function calls.
Unlike userspace each kernel thread has its own randomly generated.

Thread0 has a static key as does the early code on secondary CPUs.
This should be safe as there is minimal user interaction with these
threads, however we could generate random keys when the Armv8.5
Random number generation instructions are present.

Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31261
2022-01-12 15:27:17 +00:00
.cirrus-ci Cirrus-CI: add some timing info on pkg install failure 2021-08-04 15:02:00 -04:00
.github [skip ci] fix syntax in CODEOWNERS 2021-07-22 10:58:54 -06:00
bin pkgbase: Create a FreeBSD-csh package 2021-12-21 10:17:50 +01:00
cddl dt_unring_buf: set dtbd_oldest to the start of the first record 2022-01-11 15:44:04 +02:00
contrib sqlite3: Vendor import of sqlite3 3.37.2 2022-01-11 08:14:43 -08:00
crypto sshd: update the libwrap patch to drop connections early 2022-01-02 18:32:30 -08:00
etc libsoft: Remove support for installing libsoft 2022-01-06 22:34:10 -07:00
gnu libdialog: Bump shared library version to 10. 2021-10-27 09:30:24 -07:00
include ipfilter: Move kernel bits to netpfil 2021-12-20 06:16:33 -08:00
kerberos5 pkgbase: Create a FreeBSD-kerberos package 2021-09-07 10:23:14 +02:00
lib libc: Teak comment about mips 2022-01-10 10:15:15 -07:00
libexec rtld-elf: Remove libsoft support 2022-01-06 22:44:07 -07:00
release pkgbase: Create a FreeBSD-csh package 2021-12-21 10:17:50 +01:00
rescue rescue: include ping iff at least one of INET & INET6 is enabled 2021-12-31 13:16:30 -05:00
sbin fsck(8): Fix typo 2022-01-12 13:52:23 +08:00
secure OpenSSL: Merge OpenSSL 1.1.1m 2021-12-14 16:03:52 -05:00
share crypto: Add support for the XChaCha20-Poly1305 AEAD cipher. 2022-01-11 14:16:41 -08:00
stand geliboot: Use the multi-block functions for AES-XTS. 2022-01-11 14:18:12 -08:00
sys Add arm64 pointer authentication support 2022-01-12 15:27:17 +00:00
targets Retire obsolete iscsi_initiator(4) 2021-10-26 16:17:35 -04:00
tests posixshm tests: Fix occasional largepage_mprotect failures 2022-01-03 13:00:50 -05:00
tools unionfs: add stress2 scenarios for write references 2022-01-11 18:44:03 -08:00
usr.bin script(1): work around slow reading child 2022-01-10 17:34:51 +02:00
usr.sbin msdosfs: clusterfree() is used only in error handling cases 2022-01-08 05:41:44 +02:00
.arcconfig Remove history.immutable from .arcconfig 2021-04-13 12:36:25 +01:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Cirrus-CI: build with LLVM 13 package 2021-11-18 09:57:33 -05:00
.clang-format clang-format: Add bitset loop macros 2021-09-21 12:08:01 -04:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore add exuberant ctags tags file to gitignore 2021-12-26 12:23:07 +02:00
COPYRIGHT Welcome 2022, update copyrights. 2022-01-01 09:49:49 -07:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Remove myself from bhyve maintenance; ENOTIME. 2021-11-19 07:09:30 +10:00
Makefile Add list-old-{dirs,files,libs} targets. 2022-01-11 11:38:11 -08:00
Makefile.inc1 Add list-old-{dirs,files,libs} targets. 2022-01-11 11:38:11 -08:00
Makefile.libcompat libcompat: Remove MIPS from list of compat libraries 2021-12-09 08:22:51 -07:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc Remove redundant OLD_FILES entries for debug symbols. 2022-01-11 11:38:45 -08:00
README.md README.md: update gnu directory description 2021-12-17 08:45:31 -05:00
RELNOTES RELNOTES: Note support for KTLS RX for TLS 1.3. 2021-12-14 11:02:45 -08:00
UPDATING Make CPU_SET macros compliant with other implementations 2021-12-30 12:20:32 +01:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory.

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), FreeBSD handbook on building userland, and Handbook for kernels for more information, including setting make(1) variables.

Source Roadmap:

Directory Description
bin System/user commands.
cddl Various commands and libraries under the Common Development and Distribution License.
contrib Packages contributed by 3rd parties.
crypto Cryptography stuff (see crypto/README).
etc Template files for /etc.
gnu Commands and libraries under the GNU General Public License (GPL) or Lesser General Public License (LGPL). Please see gnu/COPYING and gnu/COPYING.LIB for more information.
include System include files.
kerberos5 Kerberos5 (Heimdal) package.
lib System libraries.
libexec System daemons.
release Release building Makefile & associated tools.
rescue Build system for statically linked /rescue utilities.
sbin System commands.
secure Cryptographic libraries and commands.
share Shared resources.
stand Boot loader sources.
sys Kernel sources.
sys/arch/conf Kernel configuration files. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries.
tests Regression tests which can be run by Kyua. See tests/README for additional information.
tools Utilities for regression testing and miscellaneous tasks.
usr.bin User commands.
usr.sbin System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see FreeBSD Handbook.