From d7fb83ec8e606829eabfddeca63857805f59d4fc Mon Sep 17 00:00:00 2001
From: dv <dv@openbsd.org>
Date: Mon, 24 Apr 2023 09:04:03 +0000
Subject: [PATCH] Toggle IBT off during amd64 hibernate before dropping to real
 mode.

Hibernate on IBT-capable MP systems broke when trying to quiesce
cpus. Instead of finding the locations of endbr64 in the asm indirect
jumps in acpi_wakecode.S, simply disable CR4.CET beforehand and
re-enable on resume.

This will also disable shadowstack, but there are no plans to use it.

"this approach is fine" deraadt@
---
 sys/arch/amd64/amd64/acpi_machdep.c      | 4 +++-
 sys/arch/amd64/amd64/cpu.c               | 4 +++-
 sys/arch/amd64/amd64/hibernate_machdep.c | 5 ++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/sys/arch/amd64/amd64/acpi_machdep.c b/sys/arch/amd64/amd64/acpi_machdep.c
index 502bd70a7ed..23ca827907b 100644
--- a/sys/arch/amd64/amd64/acpi_machdep.c
+++ b/sys/arch/amd64/amd64/acpi_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: acpi_machdep.c,v 1.106 2022/11/08 17:34:12 cheloha Exp $	*/
+/*	$OpenBSD: acpi_machdep.c,v 1.107 2023/04/24 09:04:03 dv Exp $	*/
 /*
  * Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
  *
@@ -434,6 +434,8 @@ acpi_sleep_cpu(struct acpi_softc *sc, int state)
 		return (ECANCELED);
 	}
 	/* Resume path */
+	if (curcpu()->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+		lcr4(rcr4() | CR4_CET);
 	fpureset();
 
 	/* Reset the vectors */
diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
index 75d4eeeaec5..ab5013e6591 100644
--- a/sys/arch/amd64/amd64/cpu.c
+++ b/sys/arch/amd64/amd64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.167 2023/04/22 18:27:28 guenther Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.168 2023/04/24 09:04:03 dv Exp $	*/
 /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
 
 /*-
@@ -989,6 +989,8 @@ cpu_hatch(void *v)
 		delay(10);
 #ifdef HIBERNATE
 	if ((ci->ci_flags & CPUF_PARK) != 0) {
+		if (ci->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+			lcr4(rcr4() & ~CR4_CET);
 		atomic_clearbits_int(&ci->ci_flags, CPUF_PARK);
 		hibernate_drop_to_real_mode();
 	}
diff --git a/sys/arch/amd64/amd64/hibernate_machdep.c b/sys/arch/amd64/amd64/hibernate_machdep.c
index 961d4300f58..19fe8e808ac 100644
--- a/sys/arch/amd64/amd64/hibernate_machdep.c
+++ b/sys/arch/amd64/amd64/hibernate_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hibernate_machdep.c,v 1.49 2022/09/02 09:02:37 mlarkin Exp $	*/
+/*	$OpenBSD: hibernate_machdep.c,v 1.50 2023/04/24 09:04:03 dv Exp $	*/
 
 /*
  * Copyright (c) 2012 Mike Larkin <mlarkin@openbsd.org>
@@ -468,6 +468,9 @@ hibernate_quiesce_cpus(void)
 	pmap_kenter_pa(ACPI_TRAMP_DATA, ACPI_TRAMP_DATA,
 		PROT_READ | PROT_WRITE);
 
+	if (curcpu()->ci_feature_sefflags_edx & SEFF0EDX_IBT)
+		lcr4(rcr4() & ~CR4_CET);
+
 	for (i = 0; i < MAXCPUS; i++) {
 		ci = cpu_info[i];
 		if (ci == NULL)
-- 
2.20.1