locore: Don't clear DDC too early in the VHE case

With VHE, the kernel runs in EL2, so defer clearing DDC until locore has finished using DDC. In the case of VHE, clear DDC_EL1 to be on the safe side.
CTSRD-CHERI · Nov 22, 2024 · 61d4053 · 61d4053
1 parent 725c05d
commit 61d4053
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/sys/arm64/arm64/locore.S b/sys/arm64/arm64/locore.S
@@ -577,6 +577,11 @@ LENTRY(enter_kernel_el)
 	 * act as in place of this barrier.
 	 */
 	isb
+
+#ifdef __CHERI_PURE_CAPABILITY__
+	/* Clear DDC_EL1 */
+	msr	ddc_el1, czr
+#endif
 #endif
 
 	ldr	x3, =(CNTHCTL_E2H_EL1PCTEN | CNTHCTL_E2H_EL1PTEN)
@@ -602,6 +607,11 @@ LENTRY(enter_kernel_el)
 
 	ldr	x3, =(CNTHCTL_EL1PCTEN | CNTHCTL_EL1PCEN)
 	ldr	x5, =(PSR_DAIF | PSR_M_EL1h)
+
+#ifdef __CHERI_PURE_CAPABILITY__
+	/* Clear DDC_EL2 */
+	msr	ddc, czr
+#endif
 .Ldone_vhe:
 	/* Enable access to the physical timers at EL1 */
 	msr	cnthctl_el2, x3
@@ -635,9 +645,6 @@ LENTRY(enter_kernel_el)
 	mrs	x2, cctlr_el2
 	orr	x2, x2, #(CCTLR_EL2_C64E_MASK)
 	msr	cctlr_el2, x2
-
-	/* Clear DDC_EL2 */
-	msr	ddc, czr
 #endif
 	/* Set the address to return to our return address */
 #if __has_feature(capabilities)