From cf1440f11c2182d7591524f0ff3e07f9f7af2644 Mon Sep 17 00:00:00 2001
From: kettenis <kettenis@openbsd.org>
Date: Tue, 4 Oct 2022 19:41:21 +0000
Subject: [PATCH] On CPUs that support the Data Independent Timing feature,
 enable this feature by default in both the kernel and userland.  At this
 point, this feature has only been seen on Apple's CPU cores, where turning it
 on has no measurable impact on performance.  Turning this feature on should
 help to mitigate timing side-channel attacks.

ok deraadt@, beck@
---
 sys/arch/arm64/arm64/cpu.c     | 8 +++++++-
 sys/arch/arm64/arm64/machdep.c | 4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c
index aa60b20ad03..bb8e82eb4f6 100644
--- a/sys/arch/arm64/arm64/cpu.c
+++ b/sys/arch/arm64/arm64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.70 2022/09/15 01:57:52 jsg Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.71 2022/10/04 19:41:21 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -756,6 +756,7 @@ void
 cpu_init(void)
 {
 	uint64_t id_aa64mmfr1, sctlr;
+	uint64_t id_aa64pfr0;
 	uint64_t tcr;
 
 	WRITE_SPECIALREG(ttbr0_el1, pmap_kernel()->pm_pt0pa);
@@ -775,6 +776,11 @@ cpu_init(void)
 		WRITE_SPECIALREG(sctlr_el1, sctlr);
 	}
 
+	/* Enable DIT. */
+	id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1);
+	if (ID_AA64PFR0_DIT(id_aa64pfr0) >= ID_AA64PFR0_DIT_IMPL)
+		__asm volatile (".arch armv8.4-a; msr dit, #1");
+
 	/* Initialize debug registers. */
 	WRITE_SPECIALREG(mdscr_el1, DBG_MDSCR_TDCC);
 	WRITE_SPECIALREG(oslar_el1, 0);
diff --git a/sys/arch/arm64/arm64/machdep.c b/sys/arch/arm64/arm64/machdep.c
index 01c25ad0a92..6a1ad68c88f 100644
--- a/sys/arch/arm64/arm64/machdep.c
+++ b/sys/arch/arm64/arm64/machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: machdep.c,v 1.73 2022/10/03 19:32:22 kettenis Exp $ */
+/* $OpenBSD: machdep.c,v 1.74 2022/10/04 19:41:21 kettenis Exp $ */
 /*
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@@ -433,7 +433,7 @@ setregs(struct proc *p, struct exec_package *pack, u_long stack,
 	tf->tf_sp = stack;
 	tf->tf_lr = pack->ep_entry;
 	tf->tf_elr = pack->ep_entry; /* ??? */
-	tf->tf_spsr = PSR_M_EL0t;
+	tf->tf_spsr = PSR_M_EL0t | PSR_DIT;
 
 	retval[1] = 0;
 }
-- 
2.20.1