Page MenuHomeFreeBSD
Differential D55218

amd64: add LASS support
ClosedPublic
Actions

Authored by kib on Feb 10 2026, 1:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 18, 1:20 PM
Unknown Object (File)
Sun, Mar 15, 8:23 PM
Unknown Object (File)
Sat, Mar 14, 11:41 PM
Unknown Object (File)
Sat, Mar 14, 12:16 PM
Unknown Object (File)
Mon, Mar 2, 9:39 PM
Unknown Object (File)
Sun, Mar 1, 4:15 AM
Unknown Object (File)
Sun, Mar 1, 4:15 AM
Unknown Object (File)
Sun, Mar 1, 4:14 AM
View All 33 Files
Subscribers
emaste
imp

Details

Reviewers
alc
markj
Commits
rG89589b6d3fba: amd64: add LASS support
Summary
In short, LASS enforces all kernel memory accesses to have bit 63 set to
1, and all userspace accesses have bit 63 set to 0.  Violations of these
rules cause #GP. There are natural exceptions, like SMAP with rflags.AC=1
allows kernel to access userspace.

Enablement is simple, we need to set CR4.LASS bit on all CPUs.  There
are complications when kernel has to execute code at low addresses, e.g.
for la57 trampoline, or calling into EFI RT.  The patch turns CR4.LASS
off around these regions.

LASS is officially documented in SDM, since at least rev. 085, October
2024.  Tested in simics.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Feb 10 2026, 1:57 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 10 2026, 1:57 PM
kib requested review of this revision.Feb 10 2026, 1:57 PM
kib added a subscriber: emaste.
markj added inline comments.Feb 10 2026, 9:42 PM
sys/amd64/amd64/machdep.c
1358

Why here and not in initializecpu(), where similar features like SMAP are enabled?

sys/x86/x86/mp_x86.c
1137 ↗(On Diff #171645)

Same here, why isn't this handled in initializecpu()?

kib updated this revision to Diff 171720.Feb 11 2026, 3:22 AM
kib marked 2 inline comments as done.

Move setting CR4.LASS into initializecpu()

kib updated this revision to Diff 171746.Feb 11 2026, 10:55 AM

Require SMAP for LASS.

kib updated this revision to Diff 171747.Feb 11 2026, 10:59 AM

Add comment why SMAP is required.

markj added inline comments.Feb 11 2026, 2:41 PM
sys/x86/x86/mp_x86.c
1135 ↗(On Diff #171747)

This part of the change can be dropped I think.

kib updated this revision to Diff 171764.Feb 11 2026, 2:47 PM
kib marked an inline comment as done.

Drop unneeded chunk.

emaste added a comment.Feb 11 2026, 3:06 PM

We'll want to add a note to mitigations(7) as well; I can take a look at that.

sys/amd64/amd64/initcpu.c
294

Let's expand LASS once on first use - Linear Address Space Separation (LASS). Where we fetch the tunable seems as good a place as any.

markj accepted this revision.Feb 11 2026, 3:10 PM
This revision is now accepted and ready to land.Feb 11 2026, 3:10 PM
kib marked an inline comment as done.Feb 11 2026, 3:15 PM
In D55218#1263398, @emaste wrote:

We'll want to add a note to mitigations(7) as well; I can take a look at that.

Note that this is not quite a mitigation. It is more a switch that makes CPU accept the typical, of not only, UVA/KVA layout used on amd64.

But indeed, LASS short-circuits even a possibility for things like meltdown.

kib updated this revision to Diff 171765.Feb 11 2026, 3:15 PM

Expand LASS in the comment.

This revision now requires review to proceed.Feb 11 2026, 3:15 PM
markj accepted this revision.Feb 11 2026, 3:25 PM
This revision is now accepted and ready to land.Feb 11 2026, 3:25 PM
Closed by commit rG89589b6d3fba: amd64: add LASS support (authored by kib). · Explain WhyFeb 11 2026, 4:05 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG89589b6d3fba: amd64: add LASS support.

Revision Contents
Changeset List

PathSize
sys/
amd64/
amd64/
4 lines
13 lines
1 line
9 lines
include/
1 line

Diff 171768

View Options

sys/amd64/amd64/efirt_machdep.c

Loading...
View Options

sys/amd64/amd64/initcpu.c

Loading...
View Options

sys/amd64/amd64/machdep.c

Loading...
View Options

sys/amd64/amd64/pmap.c

Loading...
View Options

sys/amd64/include/md_var.h

Loading...