Disable PAC with the architected algorithm for now, but leave it enabled

when the hardware uses an implementation defined algorithm.  There are
issues with PAC on the x13s (but not on the windows dev kit) which uses
the architected algorithm as it uses a core designed by ARM.  This leaves
PAC enabled on Apple hardware.

ok deraadt@

diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c
index 17191ae..ba65a23 100644 (file)
--- a/sys/arch/arm64/arm64/cpu.c
+++ b/sys/arch/arm64/arm64/cpu.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cpu.c,v 1.93 2023/06/10 19:30:48 kettenis Exp $       */
+/*     $OpenBSD: cpu.c,v 1.94 2023/06/11 21:42:01 kettenis Exp $       */
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -971,8 +971,7 @@ cpu_init(void)
 
        /* Enable PAuth. */
        id_aa64isar1 = READ_SPECIALREG(id_aa64isar1_el1);
-       if (ID_AA64ISAR1_API(id_aa64isar1) >= ID_AA64ISAR1_API_BASE ||
-           ID_AA64ISAR1_APA(id_aa64isar1) >= ID_AA64ISAR1_APA_BASE) {
+       if (ID_AA64ISAR1_API(id_aa64isar1) >= ID_AA64ISAR1_API_BASE) {
                sctlr = READ_SPECIALREG(sctlr_el1);
                sctlr |= SCTLR_EnIA | SCTLR_EnDA;
                sctlr |= SCTLR_EnIB | SCTLR_EnDB;

diff --git a/sys/arch/arm64/arm64/pmap.c b/sys/arch/arm64/arm64/pmap.c
index 533fbe6..6903db0 100644 (file)
--- a/sys/arch/arm64/arm64/pmap.c
+++ b/sys/arch/arm64/arm64/pmap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmap.c,v 1.97 2023/06/10 19:30:48 kettenis Exp $ */
+/* $OpenBSD: pmap.c,v 1.98 2023/06/11 21:42:01 kettenis Exp $ */
 /*
  * Copyright (c) 2008-2009,2014-2016 Dale Rahn <drahn@dalerahn.com>
  *
@@ -2231,8 +2231,7 @@ pmap_show_mapping(uint64_t va)
 void
 pmap_setpauthkeys(struct pmap *pm)
 {
-       if (ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_BASE ||
-           ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_BASE) {
+       if (ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_BASE) {
                __asm volatile (".arch armv8.3-a; msr apiakeylo_el1, %0"
                    :: "r"(pm->pm_apiakey[0]));
                __asm volatile (".arch armv8.3-a; msr apiakeyhi_el1, %0"
@@ -2251,8 +2250,7 @@ pmap_setpauthkeys(struct pmap *pm)
                    :: "r"(pm->pm_apdbkey[1]));
        }
 
-       if (ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL ||
-           ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL) {
+       if (ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL) {
                __asm volatile (".arch armv8.3-a; msr apgakeylo_el1, %0"
                    :: "r"(pm->pm_apgakey[0]));
                __asm volatile (".arch armv8.3-a; msr apgakeyhi_el1, %0"