15 files changed, 382 insertions, 240 deletions
diff --git a/sys/arm64/arm64/cpu_errata.c b/sys/arm64/arm64/cpu_errata.c
index 989924bc0567..b876703a2a15 100644
--- a/sys/arm64/arm64/cpu_errata.c
+++ b/sys/arm64/arm64/cpu_errata.c
@@ -52,56 +52,11 @@ struct cpu_quirks {
 	u_int		flags;
 };
 
-static enum {
-	SSBD_FORCE_ON,
-	SSBD_FORCE_OFF,
-	SSBD_KERNEL,
-} ssbd_method = SSBD_KERNEL;
-
-static cpu_quirk_install install_psci_bp_hardening;
-static cpu_quirk_install install_ssbd_workaround;
 static cpu_quirk_install install_thunderx_bcast_tlbi_workaround;
 
 static struct cpu_quirks cpu_quirks[] = {
 	{
 		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
-		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A57,0,0),
-		.quirk_install = install_psci_bp_hardening,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
-		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A72,0,0),
-		.quirk_install = install_psci_bp_hardening,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
-		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A73,0,0),
-		.quirk_install = install_psci_bp_hardening,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
-		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A75,0,0),
-		.quirk_install = install_psci_bp_hardening,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
-		.midr_value =
-		    CPU_ID_RAW(CPU_IMPL_CAVIUM, CPU_PART_THUNDERX2, 0,0),
-		.quirk_install = install_psci_bp_hardening,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = 0,
-		.midr_value = 0,
-		.quirk_install = install_ssbd_workaround,
-		.flags = CPU_QUIRK_POST_DEVICE,
-	},
-	{
-		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
 		.midr_value =
 		    CPU_ID_RAW(CPU_IMPL_CAVIUM, CPU_PART_THUNDERX, 0, 0),
 		.quirk_install = install_thunderx_bcast_tlbi_workaround,
@@ -114,57 +69,6 @@ static struct cpu_quirks cpu_quirks[] = {
 	},
 };
 
-static void
-install_psci_bp_hardening(void)
-{
-	/* SMCCC depends on PSCI. If PSCI is missing so is SMCCC */
-	if (!psci_present)
-		return;
-
-	if (smccc_arch_features(SMCCC_ARCH_WORKAROUND_1) != SMCCC_RET_SUCCESS)
-		return;
-
-	PCPU_SET(bp_harden, smccc_arch_workaround_1);
-}
-
-static void
-install_ssbd_workaround(void)
-{
-	char *env;
-
-	if (PCPU_GET(cpuid) == 0) {
-		env = kern_getenv("kern.cfg.ssbd");
-		if (env != NULL) {
-			if (strcmp(env, "force-on") == 0) {
-				ssbd_method = SSBD_FORCE_ON;
-			} else if (strcmp(env, "force-off") == 0) {
-				ssbd_method = SSBD_FORCE_OFF;
-			}
-		}
-	}
-
-	/* SMCCC depends on PSCI. If PSCI is missing so is SMCCC */
-	if (!psci_present)
-		return;
-
-	/* Enable the workaround on this CPU if it's enabled in the firmware */
-	if (smccc_arch_features(SMCCC_ARCH_WORKAROUND_2) != SMCCC_RET_SUCCESS)
-		return;
-
-	switch(ssbd_method) {
-	case SSBD_FORCE_ON:
-		smccc_arch_workaround_2(1);
-		break;
-	case SSBD_FORCE_OFF:
-		smccc_arch_workaround_2(0);
-		break;
-	case SSBD_KERNEL:
-	default:
-		PCPU_SET(ssbd, smccc_arch_workaround_2);
-		break;
-	}
-}
-
 /*
  * Workaround Cavium erratum 27456.
  *
diff --git a/sys/arm64/arm64/elf32_machdep.c b/sys/arm64/arm64/elf32_machdep.c
index 8f8a934ad520..4cb8ee5f57ef 100644
--- a/sys/arm64/arm64/elf32_machdep.c
+++ b/sys/arm64/arm64/elf32_machdep.c
@@ -210,7 +210,7 @@ freebsd32_fetch_syscall_args(struct thread *td)
 		sa->code = *ap++;
 		nap--;
 	} else if (sa->code == SYS___syscall) {
-		sa->code = ap[1];
+		sa->code = ap[_QUAD_LOWWORD];
 		nap -= 2;
 		ap += 2;
 	}
diff --git a/sys/arm64/arm64/elf_machdep.c b/sys/arm64/arm64/elf_machdep.c
index 13af5c5065d6..207b37180a26 100644
--- a/sys/arm64/arm64/elf_machdep.c
+++ b/sys/arm64/arm64/elf_machdep.c
@@ -121,7 +121,7 @@ static struct sysentvec elf64_freebsd_sysvec = {
 };
 INIT_SYSENTVEC(elf64_sysvec, &elf64_freebsd_sysvec);
 
-static Elf64_Brandinfo freebsd_brand_info = {
+static const Elf64_Brandinfo freebsd_brand_info = {
 	.brand		= ELFOSABI_FREEBSD,
 	.machine	= EM_AARCH64,
 	.compat_3_brand	= "FreeBSD",
@@ -131,8 +131,7 @@ static Elf64_Brandinfo freebsd_brand_info = {
 	.brand_note	= &elf64_freebsd_brandnote,
 	.flags		= BI_CAN_EXEC_DYN | BI_BRAND_NOTE
 };
-
-SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_FIRST,
+C_SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_FIRST,
     (sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_info);
 
 static bool
@@ -336,7 +335,7 @@ elf_cpu_parse_dynamic(caddr_t loadbase __unused, Elf_Dyn *dynamic __unused)
 	return (0);
 }
 
-static Elf_Note gnu_property_note = {
+static const Elf_Note gnu_property_note = {
 	.n_namesz = sizeof(GNU_ABI_VENDOR),
 	.n_descsz = 16,
 	.n_type = NT_GNU_PROPERTY_TYPE_0,
diff --git a/sys/arm64/arm64/spec_workaround.c b/sys/arm64/arm64/spec_workaround.c
new file mode 100644
index 000000000000..7f4f86cdb48c
--- /dev/null
+++ b/sys/arm64/arm64/spec_workaround.c
@@ -0,0 +1,166 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
+ * Copyright (c) 2025 Arm Ltd
+ * Copyright (c) 2018 Andrew Turner
+ *
+ * This software was developed by SRI International and the University of
+ * Cambridge Computer Laboratory under DARPA/AFRL contract FA8750-10-C-0237
+ * ("CTSRD"), as part of the DARPA CRASH research programme.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/kernel.h>
+#include <sys/pcpu.h>
+#include <sys/systm.h>
+
+#include <machine/cpu.h>
+#include <machine/cpu_feat.h>
+
+#include <dev/psci/psci.h>
+#include <dev/psci/smccc.h>
+
+static enum {
+	SSBD_FORCE_ON,
+	SSBD_FORCE_OFF,
+	SSBD_KERNEL,
+} ssbd_method = SSBD_KERNEL;
+
+struct psci_bp_hardening_impl {
+	u_int		midr_mask;
+	u_int		midr_value;
+};
+
+static struct psci_bp_hardening_impl psci_bp_hardening_impl[] = {
+	{
+		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
+		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A57,0,0),
+	},
+	{
+		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
+		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A72,0,0),
+	},
+	{
+		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
+		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A73,0,0),
+	},
+	{
+		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
+		.midr_value = CPU_ID_RAW(CPU_IMPL_ARM, CPU_PART_CORTEX_A75,0,0),
+	},
+	{
+		.midr_mask = CPU_IMPL_MASK | CPU_PART_MASK,
+		.midr_value =
+		    CPU_ID_RAW(CPU_IMPL_CAVIUM, CPU_PART_THUNDERX2, 0,0),
+	}
+};
+
+static cpu_feat_en
+psci_bp_hardening_check(const struct cpu_feat *feat __unused, u_int midr)
+{
+	size_t i;
+
+	for (i = 0; i < nitems(psci_bp_hardening_impl); i++) {
+		if ((midr & psci_bp_hardening_impl[i].midr_mask) ==
+		    psci_bp_hardening_impl[i].midr_value) {
+			/* SMCCC depends on PSCI. If PSCI is missing so is SMCCC */
+			if (!psci_present)
+				return (FEAT_ALWAYS_DISABLE);
+
+			if (smccc_arch_features(SMCCC_ARCH_WORKAROUND_1) !=
+			    SMCCC_RET_SUCCESS)
+				return (FEAT_ALWAYS_DISABLE);
+
+			return (FEAT_DEFAULT_ENABLE);
+		}
+	}
+
+	return (FEAT_ALWAYS_DISABLE);
+}
+
+static bool
+psci_bp_hardening_enable(const struct cpu_feat *feat __unused,
+    cpu_feat_errata errata_status __unused, u_int *errata_list __unused,
+    u_int errata_count __unused)
+{
+	PCPU_SET(bp_harden, smccc_arch_workaround_1);
+
+	return (true);
+}
+
+CPU_FEAT(feat_csv2_missing, "Branch Predictor Hardening",
+	psci_bp_hardening_check, NULL, psci_bp_hardening_enable, NULL,
+        CPU_FEAT_AFTER_DEV | CPU_FEAT_PER_CPU);
+
+static cpu_feat_en
+ssbd_workaround_check(const struct cpu_feat *feat __unused, u_int midr __unused)
+{
+	char *env;
+
+	if (PCPU_GET(cpuid) == 0) {
+		env = kern_getenv("kern.cfg.ssbd");
+		if (env != NULL) {
+			if (strcmp(env, "force-on") == 0) {
+				ssbd_method = SSBD_FORCE_ON;
+			} else if (strcmp(env, "force-off") == 0) {
+				ssbd_method = SSBD_FORCE_OFF;
+			}
+		}
+	}
+
+	/* SMCCC depends on PSCI. If PSCI is missing so is SMCCC */
+	if (!psci_present)
+		return (FEAT_ALWAYS_DISABLE);
+
+	/* Enable the workaround on this CPU if it's enabled in the firmware */
+	if (smccc_arch_features(SMCCC_ARCH_WORKAROUND_2) != SMCCC_RET_SUCCESS)
+		return (FEAT_ALWAYS_DISABLE);
+
+	return (FEAT_DEFAULT_ENABLE);
+}
+
+static bool
+ssbd_workaround_enable(const struct cpu_feat *feat __unused,
+    cpu_feat_errata errata_status __unused, u_int *errata_list __unused,
+    u_int errata_count __unused)
+{
+	switch(ssbd_method) {
+	case SSBD_FORCE_ON:
+		smccc_arch_workaround_2(1);
+		break;
+	case SSBD_FORCE_OFF:
+		smccc_arch_workaround_2(0);
+		break;
+	case SSBD_KERNEL:
+	default:
+		PCPU_SET(ssbd, smccc_arch_workaround_2);
+		break;
+	}
+
+	return (true);
+}
+
+CPU_FEAT(feat_ssbs_missing, "Speculator Store Bypass Disable Workaround",
+	ssbd_workaround_check, NULL, ssbd_workaround_enable, NULL,
+        CPU_FEAT_AFTER_DEV | CPU_FEAT_PER_CPU);
diff --git a/sys/arm64/conf/std.arm b/sys/arm64/conf/std.arm
index fb5561506531..309059a096eb 100644
--- a/sys/arm64/conf/std.arm
+++ b/sys/arm64/conf/std.arm
@@ -21,3 +21,6 @@ device		arm_doorbell		# ARM Message Handling Unit (MHU)
 
 options 	FDT
 device		acpi
+
+# DTBs
+makeoptions	MODULES_EXTRA+="dtb/arm"
diff --git a/sys/arm64/coresight/coresight.c b/sys/arm64/coresight/coresight.c
index 5928c153f4ae..9b9d3c65ecc9 100644
--- a/sys/arm64/coresight/coresight.c
+++ b/sys/arm64/coresight/coresight.c
@@ -113,7 +113,7 @@ coresight_get_output_device(struct endpoint *endp, struct endpoint **out_endp)
 }
 
 static void
-coresight_init(void)
+coresight_init(void *dummy __unused)
 {
 
 	mtx_init(&cs_mtx, "ARM Coresight", NULL, MTX_DEF);
diff --git a/sys/arm64/include/armreg.h b/sys/arm64/include/armreg.h
index da051e8f7c8a..aca3d4c07450 100644
--- a/sys/arm64/include/armreg.h
+++ b/sys/arm64/include/armreg.h
@@ -2180,6 +2180,7 @@
 #define	OSLAR_EL1_CRn			1
 #define	OSLAR_EL1_CRm			0
 #define	OSLAR_EL1_op2			4
+#define	OSLAR_OSLK			(0x1ul << 0)
 
 /* OSLSR_EL1 */
 #define	OSLSR_EL1_op0			2
@@ -2187,6 +2188,10 @@
 #define	OSLSR_EL1_CRn			1
 #define	OSLSR_EL1_CRm			1
 #define	OSLSR_EL1_op2			4
+#define	OSLSR_OSLM_1			(0x1ul << 3)
+#define	OSLSR_nTT			(0x1ul << 2)
+#define	OSLSR_OSLK			(0x1ul << 1)
+#define	OSLSR_OSLM_0			(0x1ul << 0)
 
 /* PAR_EL1 - Physical Address Register */
 #define	PAR_F_SHIFT		0
@@ -2273,6 +2278,11 @@
 #define	PMBSR_DL			(UL(0x1) << PMBSR_DL_SHIFT)
 #define	PMBSR_EC_SHIFT			26
 #define	PMBSR_EC_MASK			(UL(0x3f) << PMBSR_EC_SHIFT)
+#define	PMBSR_EC_VAL(x)                 (((x) & PMBSR_EC_MASK) >> PMBSR_EC_SHIFT)
+#define	PMBSR_EC_OTHER_BUF_MGMT		0x00
+#define	PMBSR_EC_GRAN_PROT_CHK		0x1e
+#define	PMBSR_EC_STAGE1_DA		0x24
+#define	PMBSR_EC_STAGE2_DA		0x25
 
 /* PMCCFILTR_EL0 */
 #define	PMCCFILTR_EL0_op0		3
@@ -2508,6 +2518,15 @@
 #define	PMSIDR_FnE			(UL(0x1) << PMSIDR_FnE_SHIFT)
 #define	PMSIDR_Interval_SHIFT		8
 #define	PMSIDR_Interval_MASK		(UL(0xf) << PMSIDR_Interval_SHIFT)
+#define	PMSIDR_Interval_VAL(x)		(((x) & PMSIDR_Interval_MASK) >> PMSIDR_Interval_SHIFT)
+#define	PMSIDR_Interval_256		0
+#define	PMSIDR_Interval_512		2
+#define	PMSIDR_Interval_768		3
+#define	PMSIDR_Interval_1024		4
+#define	PMSIDR_Interval_1536		5
+#define	PMSIDR_Interval_2048		6
+#define	PMSIDR_Interval_3072		7
+#define	PMSIDR_Interval_4096		8
 #define	PMSIDR_MaxSize_SHIFT		12
 #define	PMSIDR_MaxSize_MASK		(UL(0xf) << PMSIDR_MaxSize_SHIFT)
 #define	PMSIDR_CountSize_SHIFT		16
diff --git a/sys/arm64/include/hypervisor.h b/sys/arm64/include/hypervisor.h
index 04e15b55b218..8feabd2b981b 100644
--- a/sys/arm64/include/hypervisor.h
+++ b/sys/arm64/include/hypervisor.h
@@ -247,6 +247,54 @@
 #define	ICC_SRE_EL2_SRE		(1UL << 0)
 #define	ICC_SRE_EL2_EN		(1UL << 3)
 
+/* MDCR_EL2 - Hyp Debug Control Register */
+#define	MDCR_EL2_HPMN_MASK	0x1f
+#define	MDCR_EL2_HPMN_SHIFT	0
+#define	MDCR_EL2_TPMCR_SHIFT	5
+#define	MDCR_EL2_TPMCR		(0x1UL << MDCR_EL2_TPMCR_SHIFT)
+#define	MDCR_EL2_TPM_SHIFT	6
+#define	MDCR_EL2_TPM		(0x1UL << MDCR_EL2_TPM_SHIFT)
+#define	MDCR_EL2_HPME_SHIFT	7
+#define	MDCR_EL2_HPME		(0x1UL << MDCR_EL2_HPME_SHIFT)
+#define	MDCR_EL2_TDE_SHIFT	8
+#define	MDCR_EL2_TDE		(0x1UL << MDCR_EL2_TDE_SHIFT)
+#define	MDCR_EL2_TDA_SHIFT	9
+#define	MDCR_EL2_TDA		(0x1UL << MDCR_EL2_TDA_SHIFT)
+#define	MDCR_EL2_TDOSA_SHIFT	10
+#define	MDCR_EL2_TDOSA		(0x1UL << MDCR_EL2_TDOSA_SHIFT)
+#define	MDCR_EL2_TDRA_SHIFT	11
+#define	MDCR_EL2_TDRA		(0x1UL << MDCR_EL2_TDRA_SHIFT)
+#define	MDCR_EL2_E2PB_SHIFT	12
+#define	MDCR_EL2_E2PB_MASK	(0x3UL << MDCR_EL2_E2PB_SHIFT)
+#define	MDCR_EL2_TPMS_SHIFT	14
+#define	MDCR_EL2_TPMS		(0x1UL << MDCR_EL2_TPMS_SHIFT)
+#define	MDCR_EL2_EnSPM_SHIFT	15
+#define	MDCR_EL2_EnSPM		(0x1UL << MDCR_EL2_EnSPM_SHIFT)
+#define	MDCR_EL2_HPMD_SHIFT	17
+#define	MDCR_EL2_HPMD		(0x1UL << MDCR_EL2_HPMD_SHIFT)
+#define	MDCR_EL2_TTRF_SHIFT	19
+#define	MDCR_EL2_TTRF		(0x1UL << MDCR_EL2_TTRF_SHIFT)
+#define	MDCR_EL2_HCCD_SHIFT	23
+#define	MDCR_EL2_HCCD		(0x1UL << MDCR_EL2_HCCD_SHIFT)
+#define	MDCR_EL2_E2TB_SHIFT	24
+#define	MDCR_EL2_E2TB_MASK	(0x3UL << MDCR_EL2_E2TB_SHIFT)
+#define	MDCR_EL2_HLP_SHIFT	26
+#define	MDCR_EL2_HLP		(0x1UL << MDCR_EL2_HLP_SHIFT)
+#define	MDCR_EL2_TDCC_SHIFT	27
+#define	MDCR_EL2_TDCC		(0x1UL << MDCR_EL2_TDCC_SHIFT)
+#define	MDCR_EL2_MTPME_SHIFT	28
+#define	MDCR_EL2_MTPME		(0x1UL << MDCR_EL2_MTPME_SHIFT)
+#define	MDCR_EL2_HPMFZO_SHIFT	29
+#define	MDCR_EL2_HPMFZO		(0x1UL << MDCR_EL2_HPMFZO_SHIFT)
+#define	MDCR_EL2_PMSSE_SHIFT	30
+#define	MDCR_EL2_PMSSE_MASK	(0x3UL << MDCR_EL2_PMSSE_SHIFT)
+#define	MDCR_EL2_HPMFZS_SHIFT	36
+#define	MDCR_EL2_HPMFZS		(0x1UL << MDCR_EL2_HPMFZS_SHIFT)
+#define	MDCR_EL2_PMEE_SHIFT	40
+#define	MDCR_EL2_PMEE_MASK	(0x3UL << MDCR_EL2_PMEE_SHIFT)
+#define	MDCR_EL2_EBWE_SHIFT	43
+#define	MDCR_EL2_EBWE		(0x1UL << MDCR_EL2_EBWE_SHIFT)
+
 /* SCTLR_EL2 - System Control Register */
 #define	SCTLR_EL2_RES1		0x30c50830
 #define	SCTLR_EL2_M_SHIFT	0
@@ -356,52 +404,4 @@
 /* Assumed to be 0 by locore.S */
 #define	VTTBR_HOST		0x0000000000000000
 
-/* MDCR_EL2 - Hyp Debug Control Register */
-#define	MDCR_EL2_HPMN_MASK	0x1f
-#define	MDCR_EL2_HPMN_SHIFT	0
-#define	MDCR_EL2_TPMCR_SHIFT	5
-#define	MDCR_EL2_TPMCR		(0x1UL << MDCR_EL2_TPMCR_SHIFT)
-#define	MDCR_EL2_TPM_SHIFT	6
-#define	MDCR_EL2_TPM		(0x1UL << MDCR_EL2_TPM_SHIFT)
-#define	MDCR_EL2_HPME_SHIFT	7
-#define	MDCR_EL2_HPME		(0x1UL << MDCR_EL2_HPME_SHIFT)
-#define	MDCR_EL2_TDE_SHIFT	8
-#define	MDCR_EL2_TDE		(0x1UL << MDCR_EL2_TDE_SHIFT)
-#define	MDCR_EL2_TDA_SHIFT	9
-#define	MDCR_EL2_TDA		(0x1UL << MDCR_EL2_TDA_SHIFT)
-#define	MDCR_EL2_TDOSA_SHIFT	10
-#define	MDCR_EL2_TDOSA		(0x1UL << MDCR_EL2_TDOSA_SHIFT)
-#define	MDCR_EL2_TDRA_SHIFT	11
-#define	MDCR_EL2_TDRA		(0x1UL << MDCR_EL2_TDRA_SHIFT)
-#define	MDCR_E2PB_SHIFT		12
-#define	MDCR_E2PB_MASK		(0x3UL << MDCR_E2PB_SHIFT)
-#define	MDCR_TPMS_SHIFT		14
-#define	MDCR_TPMS		(0x1UL << MDCR_TPMS_SHIFT)
-#define	MDCR_EnSPM_SHIFT	15
-#define	MDCR_EnSPM		(0x1UL << MDCR_EnSPM_SHIFT)
-#define	MDCR_HPMD_SHIFT		17
-#define	MDCR_HPMD		(0x1UL << MDCR_HPMD_SHIFT)
-#define	MDCR_TTRF_SHIFT		19
-#define	MDCR_TTRF		(0x1UL << MDCR_TTRF_SHIFT)
-#define	MDCR_HCCD_SHIFT		23
-#define	MDCR_HCCD		(0x1UL << MDCR_HCCD_SHIFT)
-#define	MDCR_E2TB_SHIFT		24
-#define	MDCR_E2TB_MASK		(0x3UL << MDCR_E2TB_SHIFT)
-#define	MDCR_HLP_SHIFT		26
-#define	MDCR_HLP		(0x1UL << MDCR_HLP_SHIFT)
-#define	MDCR_TDCC_SHIFT		27
-#define	MDCR_TDCC		(0x1UL << MDCR_TDCC_SHIFT)
-#define	MDCR_MTPME_SHIFT	28
-#define	MDCR_MTPME		(0x1UL << MDCR_MTPME_SHIFT)
-#define	MDCR_HPMFZO_SHIFT	29
-#define	MDCR_HPMFZO		(0x1UL << MDCR_HPMFZO_SHIFT)
-#define	MDCR_PMSSE_SHIFT	30
-#define	MDCR_PMSSE_MASK		(0x3UL << MDCR_PMSSE_SHIFT)
-#define	MDCR_HPMFZS_SHIFT	36
-#define	MDCR_HPMFZS		(0x1UL << MDCR_HPMFZS_SHIFT)
-#define	MDCR_PMEE_SHIFT		40
-#define	MDCR_PMEE_MASK		(0x3UL << MDCR_PMEE_SHIFT)
-#define	MDCR_EBWE_SHIFT		43
-#define	MDCR_EBWE		(0x1UL << MDCR_EBWE_SHIFT)
-
 #endif /* !_MACHINE_HYPERVISOR_H_ */
diff --git a/sys/arm64/include/vmm.h b/sys/arm64/include/vmm.h
index e839b5dd92c9..696a69669a2a 100644
--- a/sys/arm64/include/vmm.h
+++ b/sys/arm64/include/vmm.h
@@ -143,10 +143,41 @@ struct vm_eventinfo {
 	int	*iptr;		/* reqidle cookie */
 };
 
+#define	DECLARE_VMMOPS_FUNC(ret_type, opname, args)			\
+	ret_type vmmops_##opname args
+
+DECLARE_VMMOPS_FUNC(int, modinit, (int ipinum));
+DECLARE_VMMOPS_FUNC(int, modcleanup, (void));
+DECLARE_VMMOPS_FUNC(void *, init, (struct vm *vm, struct pmap *pmap));
+DECLARE_VMMOPS_FUNC(int, gla2gpa, (void *vcpui, struct vm_guest_paging *paging,
+    uint64_t gla, int prot, uint64_t *gpa, int *is_fault));
+DECLARE_VMMOPS_FUNC(int, run, (void *vcpui, register_t pc, struct pmap *pmap,
+    struct vm_eventinfo *info));
+DECLARE_VMMOPS_FUNC(void, cleanup, (void *vmi));
+DECLARE_VMMOPS_FUNC(void *, vcpu_init, (void *vmi, struct vcpu *vcpu,
+    int vcpu_id));
+DECLARE_VMMOPS_FUNC(void, vcpu_cleanup, (void *vcpui));
+DECLARE_VMMOPS_FUNC(int, exception, (void *vcpui, uint64_t esr, uint64_t far));
+DECLARE_VMMOPS_FUNC(int, getreg, (void *vcpui, int num, uint64_t *retval));
+DECLARE_VMMOPS_FUNC(int, setreg, (void *vcpui, int num, uint64_t val));
+DECLARE_VMMOPS_FUNC(int, getcap, (void *vcpui, int num, int *retval));
+DECLARE_VMMOPS_FUNC(int, setcap, (void *vcpui, int num, int val));
+DECLARE_VMMOPS_FUNC(struct vmspace *, vmspace_alloc, (vm_offset_t min,
+    vm_offset_t max));
+DECLARE_VMMOPS_FUNC(void, vmspace_free, (struct vmspace *vmspace));
+#ifdef notyet
+#ifdef BHYVE_SNAPSHOT
+DECLARE_VMMOPS_FUNC(int, snapshot, (void *vmi, struct vm_snapshot_meta *meta));
+DECLARE_VMMOPS_FUNC(int, vcpu_snapshot, (void *vcpui,
+    struct vm_snapshot_meta *meta));
+DECLARE_VMMOPS_FUNC(int, restore_tsc, (void *vcpui, uint64_t now));
+#endif
+#endif
+
 int vm_create(const char *name, struct vm **retvm);
 struct vcpu *vm_alloc_vcpu(struct vm *vm, int vcpuid);
 void vm_disable_vcpu_creation(struct vm *vm);
-void vm_slock_vcpus(struct vm *vm);
+void vm_lock_vcpus(struct vm *vm);
 void vm_unlock_vcpus(struct vm *vm);
 void vm_destroy(struct vm *vm);
 int vm_reinit(struct vm *vm);
@@ -232,7 +263,6 @@ vcpu_should_yield(struct vcpu *vcpu)
 
 void *vcpu_stats(struct vcpu *vcpu);
 void vcpu_notify_event(struct vcpu *vcpu);
-struct vmspace *vm_vmspace(struct vm *vm);
 struct vm_mem *vm_mem(struct vm *vm);
 
 enum vm_reg_name vm_segment_name(int seg_encoding);
diff --git a/sys/arm64/linux/linux_sysvec.c b/sys/arm64/linux/linux_sysvec.c
index 084b7a11b01f..ac05820f89bc 100644
--- a/sys/arm64/linux/linux_sysvec.c
+++ b/sys/arm64/linux/linux_sysvec.c
@@ -584,7 +584,7 @@ linux_vdso_reloc(char *mapping, Elf_Addr offset)
 	}
 }
 
-static Elf_Brandnote linux64_brandnote = {
+static const Elf_Brandnote linux64_brandnote = {
 	.hdr.n_namesz	= sizeof(GNU_ABI_VENDOR),
 	.hdr.n_descsz	= 16,
 	.hdr.n_type	= 1,
@@ -593,7 +593,7 @@ static Elf_Brandnote linux64_brandnote = {
 	.trans_osrel	= linux_trans_osrel
 };
 
-static Elf64_Brandinfo linux_glibc2brand = {
+static const Elf64_Brandinfo linux_glibc2brand = {
 	.brand		= ELFOSABI_LINUX,
 	.machine	= EM_AARCH64,
 	.compat_3_brand	= "Linux",
@@ -604,7 +604,7 @@ static Elf64_Brandinfo linux_glibc2brand = {
 	.flags		= BI_CAN_EXEC_DYN | BI_BRAND_NOTE
 };
 
-Elf64_Brandinfo *linux_brandlist[] = {
+const Elf64_Brandinfo *linux_brandlist[] = {
 	&linux_glibc2brand,
 	NULL
 };
@@ -612,8 +612,8 @@ Elf64_Brandinfo *linux_brandlist[] = {
 static int
 linux64_elf_modevent(module_t mod, int type, void *data)
 {
-	Elf64_Brandinfo **brandinfo;
-	struct linux_ioctl_handler**lihp;
+	const Elf64_Brandinfo **brandinfo;
+	struct linux_ioctl_handler **lihp;
 	int error;
 
 	error = 0;
diff --git a/sys/arm64/vmm/arm64.h b/sys/arm64/vmm/arm64.h
index 82c4481b8692..f530dab05331 100644
--- a/sys/arm64/vmm/arm64.h
+++ b/sys/arm64/vmm/arm64.h
@@ -78,14 +78,16 @@ struct hypctx {
 	uint64_t	pmcr_el0;	/* Performance Monitors Control Register */
 	uint64_t	pmccntr_el0;
 	uint64_t	pmccfiltr_el0;
+	uint64_t	pmuserenr_el0;
+	uint64_t	pmselr_el0;
+	uint64_t	pmxevcntr_el0;
 	uint64_t	pmcntenset_el0;
 	uint64_t	pmintenset_el1;
 	uint64_t	pmovsset_el0;
-	uint64_t	pmselr_el0;
-	uint64_t	pmuserenr_el0;
 	uint64_t	pmevcntr_el0[31];
 	uint64_t	pmevtyper_el0[31];
 
+	uint64_t	dbgclaimset_el1;
 	uint64_t	dbgbcr_el1[16];	/* Debug Breakpoint Control Registers */
 	uint64_t	dbgbvr_el1[16];	/* Debug Breakpoint Value Registers */
 	uint64_t	dbgwcr_el1[16];	/* Debug Watchpoint Control Registers */
@@ -117,6 +119,7 @@ struct hypctx {
 	struct vgic_v3_regs	vgic_v3_regs;
 	struct vgic_v3_cpu	*vgic_cpu;
 	bool			has_exception;
+	bool			dbg_oslock;
 };
 
 struct hyp {
@@ -133,37 +136,6 @@ struct hyp {
 	struct hypctx	*ctx[];
 };
 
-#define	DEFINE_VMMOPS_IFUNC(ret_type, opname, args)			\
-	ret_type vmmops_##opname args;
-
-DEFINE_VMMOPS_IFUNC(int, modinit, (int ipinum))
-DEFINE_VMMOPS_IFUNC(int, modcleanup, (void))
-DEFINE_VMMOPS_IFUNC(void *, init, (struct vm *vm, struct pmap *pmap))
-DEFINE_VMMOPS_IFUNC(int, gla2gpa, (void *vcpui, struct vm_guest_paging *paging,
-    uint64_t gla, int prot, uint64_t *gpa, int *is_fault))
-DEFINE_VMMOPS_IFUNC(int, run, (void *vcpui, register_t pc, struct pmap *pmap,
-    struct vm_eventinfo *info))
-DEFINE_VMMOPS_IFUNC(void, cleanup, (void *vmi))
-DEFINE_VMMOPS_IFUNC(void *, vcpu_init, (void *vmi, struct vcpu *vcpu,
-    int vcpu_id))
-DEFINE_VMMOPS_IFUNC(void, vcpu_cleanup, (void *vcpui))
-DEFINE_VMMOPS_IFUNC(int, exception, (void *vcpui, uint64_t esr, uint64_t far))
-DEFINE_VMMOPS_IFUNC(int, getreg, (void *vcpui, int num, uint64_t *retval))
-DEFINE_VMMOPS_IFUNC(int, setreg, (void *vcpui, int num, uint64_t val))
-DEFINE_VMMOPS_IFUNC(int, getcap, (void *vcpui, int num, int *retval))
-DEFINE_VMMOPS_IFUNC(int, setcap, (void *vcpui, int num, int val))
-DEFINE_VMMOPS_IFUNC(struct vmspace *, vmspace_alloc, (vm_offset_t min,
-    vm_offset_t max))
-DEFINE_VMMOPS_IFUNC(void, vmspace_free, (struct vmspace *vmspace))
-#ifdef notyet
-#ifdef BHYVE_SNAPSHOT
-DEFINE_VMMOPS_IFUNC(int, snapshot, (void *vmi, struct vm_snapshot_meta *meta))
-DEFINE_VMMOPS_IFUNC(int, vcpu_snapshot, (void *vcpui,
-    struct vm_snapshot_meta *meta))
-DEFINE_VMMOPS_IFUNC(int, restore_tsc, (void *vcpui, uint64_t now))
-#endif
-#endif
-
 uint64_t	vmm_call_hyp(uint64_t, ...);
 
 #if 0
diff --git a/sys/arm64/vmm/vmm.c b/sys/arm64/vmm/vmm.c
index 1dcefa1489e9..14ea26c3668c 100644
--- a/sys/arm64/vmm/vmm.c
+++ b/sys/arm64/vmm/vmm.c
@@ -88,7 +88,6 @@ struct vcpu {
 	struct vfpstate	*guestfpu;	/* (a,i) guest fpu state */
 };
 
-#define	vcpu_lock_initialized(v) mtx_initialized(&((v)->mtx))
 #define	vcpu_lock_init(v)	mtx_init(&((v)->mtx), "vcpu lock", 0, MTX_SPIN)
 #define	vcpu_lock_destroy(v)	mtx_destroy(&((v)->mtx))
 #define	vcpu_lock(v)		mtx_lock_spin(&((v)->mtx))
@@ -126,7 +125,6 @@ struct vm {
 	bool		dying;			/* (o) is dying */
 	volatile cpuset_t suspended_cpus; 	/* (i) suspended vcpus */
 	volatile cpuset_t halted_cpus;		/* (x) cpus in a hard halt */
-	struct vmspace	*vmspace;		/* (o) guest's address space */
 	struct vm_mem	mem;			/* (i) guest memory */
 	char		name[VM_MAX_NAMELEN];	/* (o) virtual machine name */
 	struct vcpu	**vcpu;			/* (i) guest vcpus */
@@ -274,6 +272,7 @@ vcpu_cleanup(struct vcpu *vcpu, bool destroy)
 		vmm_stat_free(vcpu->stats);
 		fpu_save_area_free(vcpu->guestfpu);
 		vcpu_lock_destroy(vcpu);
+		free(vcpu, M_VMM);
 	}
 }
 
@@ -407,7 +406,7 @@ vm_init(struct vm *vm, bool create)
 {
 	int i;
 
-	vm->cookie = vmmops_init(vm, vmspace_pmap(vm->vmspace));
+	vm->cookie = vmmops_init(vm, vmspace_pmap(vm_vmspace(vm)));
 	MPASS(vm->cookie != NULL);
 
 	CPU_ZERO(&vm->active_cpus);
@@ -470,9 +469,9 @@ vm_alloc_vcpu(struct vm *vm, int vcpuid)
 }
 
 void
-vm_slock_vcpus(struct vm *vm)
+vm_lock_vcpus(struct vm *vm)
 {
-	sx_slock(&vm->vcpus_init_lock);
+	sx_xlock(&vm->vcpus_init_lock);
 }
 
 void
@@ -485,7 +484,7 @@ int
 vm_create(const char *name, struct vm **retvm)
 {
 	struct vm *vm;
-	struct vmspace *vmspace;
+	int error;
 
 	/*
 	 * If vmm.ko could not be successfully initialized then don't attempt
@@ -497,14 +496,13 @@ vm_create(const char *name, struct vm **retvm)
 	if (name == NULL || strlen(name) >= VM_MAX_NAMELEN)
 		return (EINVAL);
 
-	vmspace = vmmops_vmspace_alloc(0, 1ul << 39);
-	if (vmspace == NULL)
-		return (ENOMEM);
-
 	vm = malloc(sizeof(struct vm), M_VMM, M_WAITOK | M_ZERO);
+	error = vm_mem_init(&vm->mem, 0, 1ul << 39);
+	if (error != 0) {
+		free(vm, M_VMM);
+		return (error);
+	}
 	strcpy(vm->name, name);
-	vm->vmspace = vmspace;
-	vm_mem_init(&vm->mem);
 	sx_init(&vm->vcpus_init_lock, "vm vcpus");
 
 	vm->sockets = 1;
@@ -558,7 +556,7 @@ vm_cleanup(struct vm *vm, bool destroy)
 
 	if (destroy) {
 		vm_xlock_memsegs(vm);
-		pmap = vmspace_pmap(vm->vmspace);
+		pmap = vmspace_pmap(vm_vmspace(vm));
 		sched_pin();
 		PCPU_SET(curvmpmap, NULL);
 		sched_unpin();
@@ -582,11 +580,6 @@ vm_cleanup(struct vm *vm, bool destroy)
 	if (destroy) {
 		vm_mem_destroy(vm);
 
-		vmmops_vmspace_free(vm->vmspace);
-		vm->vmspace = NULL;
-
-		for (i = 0; i < vm->maxcpus; i++)
-			free(vm->vcpu[i], M_VMM);
 		free(vm->vcpu, M_VMM);
 		sx_destroy(&vm->vcpus_init_lock);
 	}
@@ -651,6 +644,33 @@ vmm_reg_wi(struct vcpu *vcpu, uint64_t wval, void *arg)
 	return (0);
 }
 
+static int
+vmm_write_oslar_el1(struct vcpu *vcpu, uint64_t wval, void *arg)
+{
+	struct hypctx *hypctx;
+
+	hypctx = vcpu_get_cookie(vcpu);
+	/* All other fields are RES0 & we don't do anything with this */
+	/* TODO: Disable access to other debug state when locked */
+	hypctx->dbg_oslock = (wval & OSLAR_OSLK) == OSLAR_OSLK;
+	return (0);
+}
+
+static int
+vmm_read_oslsr_el1(struct vcpu *vcpu, uint64_t *rval, void *arg)
+{
+	struct hypctx *hypctx;
+	uint64_t val;
+
+	hypctx = vcpu_get_cookie(vcpu);
+	val = OSLSR_OSLM_1;
+	if (hypctx->dbg_oslock)
+		val |= OSLSR_OSLK;
+	*rval = val;
+
+	return (0);
+}
+
 static const struct vmm_special_reg vmm_special_regs[] = {
 #define	SPECIAL_REG(_reg, _read, _write)				\
 	{								\
@@ -707,6 +727,13 @@ static const struct vmm_special_reg vmm_special_regs[] = {
 	SPECIAL_REG(CNTP_TVAL_EL0, vtimer_phys_tval_read,
 	    vtimer_phys_tval_write),
 	SPECIAL_REG(CNTPCT_EL0, vtimer_phys_cnt_read, vtimer_phys_cnt_write),
+
+	/* Debug registers */
+	SPECIAL_REG(DBGPRCR_EL1, vmm_reg_raz, vmm_reg_wi),
+	SPECIAL_REG(OSDLR_EL1, vmm_reg_raz, vmm_reg_wi),
+	/* TODO: Exceptions on invalid access */
+	SPECIAL_REG(OSLAR_EL1, vmm_reg_raz, vmm_write_oslar_el1),
+	SPECIAL_REG(OSLSR_EL1, vmm_read_oslsr_el1, vmm_reg_wi),
 #undef SPECIAL_REG
 };
 
@@ -1056,12 +1083,6 @@ vcpu_notify_event(struct vcpu *vcpu)
 	vcpu_unlock(vcpu);
 }
 
-struct vmspace *
-vm_vmspace(struct vm *vm)
-{
-	return (vm->vmspace);
-}
-
 struct vm_mem *
 vm_mem(struct vm *vm)
 {
@@ -1258,8 +1279,7 @@ vcpu_get_state(struct vcpu *vcpu, int *hostcpu)
 int
 vm_get_register(struct vcpu *vcpu, int reg, uint64_t *retval)
 {
-
-	if (reg >= VM_REG_LAST)
+	if (reg < 0 || reg >= VM_REG_LAST)
 		return (EINVAL);
 
 	return (vmmops_getreg(vcpu->cookie, reg, retval));
@@ -1270,7 +1290,7 @@ vm_set_register(struct vcpu *vcpu, int reg, uint64_t val)
 {
 	int error;
 
-	if (reg >= VM_REG_LAST)
+	if (reg < 0 || reg >= VM_REG_LAST)
 		return (EINVAL);
 	error = vmmops_setreg(vcpu->cookie, reg, val);
 	if (error || reg != VM_REG_GUEST_PC)
@@ -1382,7 +1402,7 @@ vm_handle_paging(struct vcpu *vcpu, bool *retu)
 
 	vme = &vcpu->exitinfo;
 
-	pmap = vmspace_pmap(vcpu->vm->vmspace);
+	pmap = vmspace_pmap(vm_vmspace(vcpu->vm));
 	addr = vme->u.paging.gpa;
 	esr = vme->u.paging.esr;
 
@@ -1399,7 +1419,7 @@ vm_handle_paging(struct vcpu *vcpu, bool *retu)
 		panic("%s: Invalid exception (esr = %lx)", __func__, esr);
 	}
 
-	map = &vm->vmspace->vm_map;
+	map = &vm_vmspace(vm)->vm_map;
 	rv = vm_fault(map, vme->u.paging.gpa, ftype, VM_FAULT_NORMAL, NULL);
 	if (rv != KERN_SUCCESS)
 		return (EFAULT);
@@ -1473,7 +1493,7 @@ vm_run(struct vcpu *vcpu)
 	if (CPU_ISSET(vcpuid, &vm->suspended_cpus))
 		return (EINVAL);
 
-	pmap = vmspace_pmap(vm->vmspace);
+	pmap = vmspace_pmap(vm_vmspace(vm));
 	vme = &vcpu->exitinfo;
 	evinfo.rptr = NULL;
 	evinfo.sptr = &vm->suspend;
diff --git a/sys/arm64/vmm/vmm_dev_machdep.c b/sys/arm64/vmm/vmm_dev_machdep.c
index 926a74fa528b..29d14e1ba952 100644
--- a/sys/arm64/vmm/vmm_dev_machdep.c
+++ b/sys/arm64/vmm/vmm_dev_machdep.c
@@ -68,19 +68,13 @@ int
 vmmdev_machdep_ioctl(struct vm *vm, struct vcpu *vcpu, u_long cmd, caddr_t data,
     int fflag, struct thread *td)
 {
-	struct vm_run *vmrun;
-	struct vm_vgic_version *vgv;
-	struct vm_vgic_descr *vgic;
-	struct vm_irq *vi;
-	struct vm_exception *vmexc;
-	struct vm_gla2gpa *gg;
-	struct vm_msi *vmsi;
 	int error;
 
 	error = 0;
 	switch (cmd) {
 	case VM_RUN: {
 		struct vm_exit *vme;
+		struct vm_run *vmrun;
 
 		vmrun = (struct vm_run *)data;
 		vme = vm_exitinfo(vcpu);
@@ -94,41 +88,62 @@ vmmdev_machdep_ioctl(struct vm *vm, struct vcpu *vcpu, u_long cmd, caddr_t data,
 			break;
 		break;
 	}
-	case VM_INJECT_EXCEPTION:
+	case VM_INJECT_EXCEPTION: {
+		struct vm_exception *vmexc;
+
 		vmexc = (struct vm_exception *)data;
 		error = vm_inject_exception(vcpu, vmexc->esr, vmexc->far);
 		break;
-	case VM_GLA2GPA_NOFAULT:
+	}
+	case VM_GLA2GPA_NOFAULT: {
+		struct vm_gla2gpa *gg;
+
 		gg = (struct vm_gla2gpa *)data;
 		error = vm_gla2gpa_nofault(vcpu, &gg->paging, gg->gla,
 		    gg->prot, &gg->gpa, &gg->fault);
 		KASSERT(error == 0 || error == EFAULT,
 		    ("%s: vm_gla2gpa unknown error %d", __func__, error));
 		break;
-	case VM_GET_VGIC_VERSION:
+	}
+	case VM_GET_VGIC_VERSION: {
+		struct vm_vgic_version *vgv;
+
 		vgv = (struct vm_vgic_version *)data;
 		/* TODO: Query the vgic driver for this */
 		vgv->version = 3;
 		vgv->flags = 0;
 		error = 0;
 		break;
-	case VM_ATTACH_VGIC:
+	}
+	case VM_ATTACH_VGIC: {
+		struct vm_vgic_descr *vgic;
+
 		vgic = (struct vm_vgic_descr *)data;
 		error = vm_attach_vgic(vm, vgic);
 		break;
-	case VM_RAISE_MSI:
+	}
+	case VM_RAISE_MSI: {
+		struct vm_msi *vmsi;
+
 		vmsi = (struct vm_msi *)data;
 		error = vm_raise_msi(vm, vmsi->msg, vmsi->addr, vmsi->bus,
 		    vmsi->slot, vmsi->func);
 		break;
-	case VM_ASSERT_IRQ:
+	}
+	case VM_ASSERT_IRQ: {
+		struct vm_irq *vi;
+
 		vi = (struct vm_irq *)data;
 		error = vm_assert_irq(vm, vi->irq);
 		break;
-	case VM_DEASSERT_IRQ:
+	}
+	case VM_DEASSERT_IRQ: {
+		struct vm_irq *vi;
+
 		vi = (struct vm_irq *)data;
 		error = vm_deassert_irq(vm, vi->irq);
 		break;
+	}
 	default:
 		error = ENOTTY;
 		break;
diff --git a/sys/arm64/vmm/vmm_hyp.c b/sys/arm64/vmm/vmm_hyp.c
index 345535318f6e..b8c6d2ab7a9a 100644
--- a/sys/arm64/vmm/vmm_hyp.c
+++ b/sys/arm64/vmm/vmm_hyp.c
@@ -121,6 +121,8 @@ vmm_hyp_reg_store(struct hypctx *hypctx, struct hyp *hyp, bool guest,
 		}
 	}
 
+	hypctx->dbgclaimset_el1 = READ_SPECIALREG(dbgclaimset_el1);
+
 	dfr0 = READ_SPECIALREG(id_aa64dfr0_el1);
 	switch (ID_AA64DFR0_BRPs_VAL(dfr0) - 1) {
 #define	STORE_DBG_BRP(x)						\
@@ -180,10 +182,13 @@ vmm_hyp_reg_store(struct hypctx *hypctx, struct hyp *hyp, bool guest,
 	hypctx->pmcr_el0 = READ_SPECIALREG(pmcr_el0);
 	hypctx->pmccntr_el0 = READ_SPECIALREG(pmccntr_el0);
 	hypctx->pmccfiltr_el0 = READ_SPECIALREG(pmccfiltr_el0);
+	hypctx->pmuserenr_el0 = READ_SPECIALREG(pmuserenr_el0);
+	hypctx->pmselr_el0 = READ_SPECIALREG(pmselr_el0);
+	hypctx->pmxevcntr_el0 = READ_SPECIALREG(pmxevcntr_el0);
 	hypctx->pmcntenset_el0 = READ_SPECIALREG(pmcntenset_el0);
 	hypctx->pmintenset_el1 = READ_SPECIALREG(pmintenset_el1);
 	hypctx->pmovsset_el0 = READ_SPECIALREG(pmovsset_el0);
-	hypctx->pmuserenr_el0 = READ_SPECIALREG(pmuserenr_el0);
+
 	switch ((hypctx->pmcr_el0 & PMCR_N_MASK) >> PMCR_N_SHIFT) {
 #define	STORE_PMU(x)							\
 	case (x + 1):							\
@@ -337,12 +342,15 @@ vmm_hyp_reg_restore(struct hypctx *hypctx, struct hyp *hyp, bool guest,
 	WRITE_SPECIALREG(pmcr_el0, hypctx->pmcr_el0);
 	WRITE_SPECIALREG(pmccntr_el0, hypctx->pmccntr_el0);
 	WRITE_SPECIALREG(pmccfiltr_el0, hypctx->pmccfiltr_el0);
+	WRITE_SPECIALREG(pmuserenr_el0, hypctx->pmuserenr_el0);
+	WRITE_SPECIALREG(pmselr_el0, hypctx->pmselr_el0);
+	WRITE_SPECIALREG(pmxevcntr_el0, hypctx->pmxevcntr_el0);
 	/* Clear all events/interrupts then enable them */
-	WRITE_SPECIALREG(pmcntenclr_el0, 0xfffffffful);
+	WRITE_SPECIALREG(pmcntenclr_el0, ~0ul);
 	WRITE_SPECIALREG(pmcntenset_el0, hypctx->pmcntenset_el0);
-	WRITE_SPECIALREG(pmintenclr_el1, 0xfffffffful);
+	WRITE_SPECIALREG(pmintenclr_el1, ~0ul);
 	WRITE_SPECIALREG(pmintenset_el1, hypctx->pmintenset_el1);
-	WRITE_SPECIALREG(pmovsclr_el0, 0xfffffffful);
+	WRITE_SPECIALREG(pmovsclr_el0, ~0ul);
 	WRITE_SPECIALREG(pmovsset_el0, hypctx->pmovsset_el0);
 
 	switch ((hypctx->pmcr_el0 & PMCR_N_MASK) >> PMCR_N_SHIFT) {
@@ -388,6 +396,9 @@ vmm_hyp_reg_restore(struct hypctx *hypctx, struct hyp *hyp, bool guest,
 #undef LOAD_PMU
 	}
 
+	WRITE_SPECIALREG(dbgclaimclr_el1, ~0ul);
+	WRITE_SPECIALREG(dbgclaimclr_el1, hypctx->dbgclaimset_el1);
+
 	dfr0 = READ_SPECIALREG(id_aa64dfr0_el1);
 	switch (ID_AA64DFR0_BRPs_VAL(dfr0) - 1) {
 #define	LOAD_DBG_BRP(x)							\
diff --git a/sys/arm64/vmm/vmm_reset.c b/sys/arm64/vmm/vmm_reset.c
index 79d022cf33e8..1240c3ed16ec 100644
--- a/sys/arm64/vmm/vmm_reset.c
+++ b/sys/arm64/vmm/vmm_reset.c
@@ -100,10 +100,12 @@ reset_vm_el01_regs(void *vcpu)
 	el2ctx->pmcr_el0 |= PMCR_LC;
 	set_arch_unknown(el2ctx->pmccntr_el0);
 	set_arch_unknown(el2ctx->pmccfiltr_el0);
+	set_arch_unknown(el2ctx->pmuserenr_el0);
+	set_arch_unknown(el2ctx->pmselr_el0);
+	set_arch_unknown(el2ctx->pmxevcntr_el0);
 	set_arch_unknown(el2ctx->pmcntenset_el0);
 	set_arch_unknown(el2ctx->pmintenset_el1);
 	set_arch_unknown(el2ctx->pmovsset_el0);
-	set_arch_unknown(el2ctx->pmuserenr_el0);
 	memset(el2ctx->pmevcntr_el0, 0, sizeof(el2ctx->pmevcntr_el0));
 	memset(el2ctx->pmevtyper_el0, 0, sizeof(el2ctx->pmevtyper_el0));
 }
@@ -143,7 +145,8 @@ reset_vm_el2_regs(void *vcpu)
 	/* Set the Extended Hypervisor Configuration Register */
 	el2ctx->hcrx_el2 = 0;
 	/* TODO: Trap all extensions we don't support */
-	el2ctx->mdcr_el2 = 0;
+	el2ctx->mdcr_el2 = MDCR_EL2_TDOSA | MDCR_EL2_TDRA | MDCR_EL2_TPMS |
+	    MDCR_EL2_TTRF;
 	/* PMCR_EL0.N is read from MDCR_EL2.HPMN */
 	el2ctx->mdcr_el2 |= (el2ctx->pmcr_el0 & PMCR_N_MASK) >> PMCR_N_SHIFT;