From: kettenis <kettenis@openbsd.org>
Date: Tue, 4 Oct 2022 19:41:21 +0000 (+0000)
Subject: On CPUs that support the Data Independent Timing feature, enable this feature
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=cf1440f11c2182d7591524f0ff3e07f9f7af2644;p=openbsd

On CPUs that support the Data Independent Timing feature, enable this feature
by default in both the kernel and userland.  At this point, this feature has
only been seen on Apple's CPU cores, where turning it on has no measurable
impact on performance.  Turning this feature on should help to mitigate
timing side-channel attacks.

ok deraadt@, beck@
---

diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c
index aa60b20ad03..bb8e82eb4f6 100644
--- a/sys/arch/arm64/arm64/cpu.c
+++ b/sys/arch/arm64/arm64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.70 2022/09/15 01:57:52 jsg Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.71 2022/10/04 19:41:21 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -756,6 +756,7 @@ void
 cpu_init(void)
 {
 	uint64_t id_aa64mmfr1, sctlr;
+	uint64_t id_aa64pfr0;
 	uint64_t tcr;
 
 	WRITE_SPECIALREG(ttbr0_el1, pmap_kernel()->pm_pt0pa);
@@ -775,6 +776,11 @@ cpu_init(void)
 		WRITE_SPECIALREG(sctlr_el1, sctlr);
 	}
 
+	/* Enable DIT. */
+	id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1);
+	if (ID_AA64PFR0_DIT(id_aa64pfr0) >= ID_AA64PFR0_DIT_IMPL)
+		__asm volatile (".arch armv8.4-a; msr dit, #1");
+
 	/* Initialize debug registers. */
 	WRITE_SPECIALREG(mdscr_el1, DBG_MDSCR_TDCC);
 	WRITE_SPECIALREG(oslar_el1, 0);
diff --git a/sys/arch/arm64/arm64/machdep.c b/sys/arch/arm64/arm64/machdep.c
index 01c25ad0a92..6a1ad68c88f 100644
--- a/sys/arch/arm64/arm64/machdep.c
+++ b/sys/arch/arm64/arm64/machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: machdep.c,v 1.73 2022/10/03 19:32:22 kettenis Exp $ */
+/* $OpenBSD: machdep.c,v 1.74 2022/10/04 19:41:21 kettenis Exp $ */
 /*
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@@ -433,7 +433,7 @@ setregs(struct proc *p, struct exec_package *pack, u_long stack,
 	tf->tf_sp = stack;
 	tf->tf_lr = pack->ep_entry;
 	tf->tf_elr = pack->ep_entry; /* ??? */
-	tf->tf_spsr = PSR_M_EL0t;
+	tf->tf_spsr = PSR_M_EL0t | PSR_DIT;
 
 	retval[1] = 0;
 }