diff options
| author | Andrew Turner <andrew@FreeBSD.org> | 2025-09-19 10:05:46 +0000 |
|---|---|---|
| committer | Andrew Turner <andrew@FreeBSD.org> | 2025-09-19 10:05:46 +0000 |
| commit | 72828486ca9412f118d7e2316e584cd1cab8c90f (patch) | |
| tree | 78da987a40dead6a31b96aea6d2f9018970dad21 | |
| parent | 088e21000507510a2c3b1ec22684fe9665f6c8a7 (diff) | |
arm64: Move the FEAT_PAN check later
We only need to enable PAN (Privileged access never) before userspace
is running. Before that there are no unprivileged mappings to protect
the kernel from accessing.
While here switch to use get_kernel_reg to handle the case some CPUs
have FEAT_PAN, while some don't.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D52576
| -rw-r--r-- | sys/arm64/arm64/machdep.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/arm64/arm64/machdep.c b/sys/arm64/arm64/machdep.c index 47c701e8588c..29ffa5109305 100644 --- a/sys/arm64/arm64/machdep.c +++ b/sys/arm64/arm64/machdep.c @@ -178,7 +178,8 @@ pan_check(const struct cpu_feat *feat __unused, u_int midr __unused) { uint64_t id_aa64mfr1; - id_aa64mfr1 = READ_SPECIALREG(id_aa64mmfr1_el1); + if (!get_kernel_reg(ID_AA64MMFR1_EL1, &id_aa64mfr1)) + return (FEAT_ALWAYS_DISABLE); if (ID_AA64MMFR1_PAN_VAL(id_aa64mfr1) == ID_AA64MMFR1_PAN_NONE) return (FEAT_ALWAYS_DISABLE); @@ -209,7 +210,7 @@ pan_enable(const struct cpu_feat *feat __unused, CPU_FEAT(feat_pan, "Privileged access never", pan_check, NULL, pan_enable, - CPU_FEAT_EARLY_BOOT | CPU_FEAT_PER_CPU); + CPU_FEAT_AFTER_DEV | CPU_FEAT_PER_CPU); bool has_hyp(void) |