Add support for Privileged Access Never (PAN)
ClosedPublic
Actions

Authored by andrew on Apr 12 2017, 1:36 PM.

Details

Reviewers

kib

Group Reviewers

arm64

Commits

rS316756: In ARMv8.1 ARM has added a process state bit to disable access to userspace

Summary

In ARMv8.1 ARM has added a process state bit to disable access to userspace
from the kernel. Make use of this to restrict accessing userspace to just
the functions that explicitly handle crossing the user kernel boundary.

Test Plan

Booted on ThunderX Pass 1.1 (no PAN), and 2.0 (with PAN).

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

andrew created this revision.Apr 12 2017, 1:36 PM

Herald added a subscriber: emaste. · View Herald TranscriptApr 12 2017, 1:36 PM

Fix a typo

Do we need to set SCTLR_EL1.SPAN to 1 ?

In D10371#214953, @kib wrote:

Do we need to set SCTLR_EL1.SPAN to 1 ?

No, we need to clear it so PSTATE.PAN is set to 1 on exception entry.

Clear SCTLR_EL1.SPAN

Harbormaster completed remote builds in B8712: Diff 27403.Apr 13 2017, 12:27 PM

In D10371#215086, @andrew wrote:

In D10371#214953, @kib wrote:

Do we need to set SCTLR_EL1.SPAN to 1 ?

No, we need to clear it so PSTATE.PAN is set to 1 on exception entry.