The branch main has been updated by brooks: URL: https://cgit.FreeBSD.org/src/commit/?id=80203a27e964403d1d23907089f5c57c60a15c04
commit 80203a27e964403d1d23907089f5c57c60a15c04 Author: Brooks Davis <[email protected]> AuthorDate: 2025-12-10 10:55:28 +0000 Commit: Brooks Davis <[email protected]> CommitDate: 2025-12-10 10:57:50 +0000 Add sys/_align.h replacing machine/_align.h Define _ALIGNBYTES using sizeof(void *) (no functional change on any existing architecture) which will allow it to work with CHERI were we must align things up to capability alignment. In _ALIGN, replace integer manipulation which does not preserve pointer provenance with a type and provenance preserving builtin. This requires modest changes in code which assumes _ALIGN returns an integer, but those are relatively rare. Reviewed by: kib, markj Effort: CHERI upstreaming Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D53947 --- include/arm/Makefile | 3 +-- sys/amd64/include/_align.h | 5 ----- sys/amd64/include/param.h | 2 +- sys/arm/include/_align.h | 51 -------------------------------------------- sys/arm/include/param.h | 2 +- sys/arm64/include/_align.h | 47 ---------------------------------------- sys/arm64/include/param.h | 2 +- sys/i386/include/_align.h | 5 ----- sys/i386/include/param.h | 2 +- sys/powerpc/include/_align.h | 51 -------------------------------------------- sys/powerpc/include/param.h | 2 +- sys/riscv/include/_align.h | 41 ----------------------------------- sys/riscv/include/param.h | 2 +- sys/sys/_align.h | 32 +++++++++++++++++++++++++++ sys/sys/socket.h | 2 +- sys/x86/include/_align.h | 51 -------------------------------------------- 16 files changed, 40 insertions(+), 260 deletions(-) diff --git a/include/arm/Makefile b/include/arm/Makefile index 27fa8dfb9de3..3e7d73fd911f 100644 --- a/include/arm/Makefile +++ b/include/arm/Makefile @@ -2,8 +2,7 @@ .PATH: ${SRCTOP}/sys/arm/include ${SRCTOP}/lib/msun/arm -INCS= _align.h \ - _inttypes.h \ +INCS= _inttypes.h \ _limits.h \ _stdint.h \ _types.h \ diff --git a/sys/amd64/include/_align.h b/sys/amd64/include/_align.h deleted file mode 100644 index 506bc3c9e7f3..000000000000 --- a/sys/amd64/include/_align.h +++ /dev/null @@ -1,5 +0,0 @@ -/*- - * This file is in the public domain. - */ - -#include <x86/_align.h> diff --git a/sys/amd64/include/param.h b/sys/amd64/include/param.h index 0654bb9de790..642a031d8841 100644 --- a/sys/amd64/include/param.h +++ b/sys/amd64/include/param.h @@ -41,7 +41,7 @@ #ifndef _AMD64_INCLUDE_PARAM_H_ #define _AMD64_INCLUDE_PARAM_H_ -#include <machine/_align.h> +#include <sys/_align.h> /* * Machine dependent constants for AMD64. diff --git a/sys/arm/include/_align.h b/sys/arm/include/_align.h deleted file mode 100644 index 1088c2363e9a..000000000000 --- a/sys/arm/include/_align.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-4-Clause - * - * Copyright (c) 2001 David E. O'Brien - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * William Jolitz. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _ARM_INCLUDE__ALIGN_H_ -#define _ARM_INCLUDE__ALIGN_H_ - -/* - * Round p (pointer or byte index) up to the hardware-required alignment which - * is sufficient for any data type, pointer or numeric. The resulting type - * is equivelent to arm's uintptr_t (but is purposely spelled "unsigned" here). - */ -#define _ALIGNBYTES (sizeof(int) - 1) -#define _ALIGN(p) (((unsigned)(p) + _ALIGNBYTES) & ~_ALIGNBYTES) - -#endif /* !_ARM_INCLUDE__ALIGN_H_ */ diff --git a/sys/arm/include/param.h b/sys/arm/include/param.h index 79c9bc09c284..fa9737608038 100644 --- a/sys/arm/include/param.h +++ b/sys/arm/include/param.h @@ -44,7 +44,7 @@ * Machine dependent constants for StrongARM */ -#include <machine/_align.h> +#include <sys/_align.h> #define STACKALIGNBYTES (8 - 1) #define STACKALIGN(p) ((u_int)(p) & ~STACKALIGNBYTES) diff --git a/sys/arm64/include/_align.h b/sys/arm64/include/_align.h deleted file mode 100644 index b88200e21636..000000000000 --- a/sys/arm64/include/_align.h +++ /dev/null @@ -1,47 +0,0 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * William Jolitz. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef __arm__ -#include <arm/_align.h> -#else /* !__arm__ */ - -#ifndef _MACHINE__ALIGN_H_ -#define _MACHINE__ALIGN_H_ - -/* - * Round p (pointer or byte index) up to a correctly-aligned value - * for all data types (int, long, ...). The result is unsigned int - * and must be cast to any desired pointer type. - */ -#define _ALIGNBYTES (sizeof(long long) - 1) -#define _ALIGN(p) (((u_long)(p) + _ALIGNBYTES) & ~_ALIGNBYTES) - -#endif /* !_MACHINE__ALIGN_H_ */ - -#endif /* !__arm__ */ diff --git a/sys/arm64/include/param.h b/sys/arm64/include/param.h index 753035b7775e..f3cdd4e44bc0 100644 --- a/sys/arm64/include/param.h +++ b/sys/arm64/include/param.h @@ -38,7 +38,7 @@ * Machine dependent constants for arm64. */ -#include <machine/_align.h> +#include <sys/_align.h> #define STACKALIGNBYTES (16 - 1) #define STACKALIGN(p) ((uint64_t)(p) & ~STACKALIGNBYTES) diff --git a/sys/i386/include/_align.h b/sys/i386/include/_align.h deleted file mode 100644 index 506bc3c9e7f3..000000000000 --- a/sys/i386/include/_align.h +++ /dev/null @@ -1,5 +0,0 @@ -/*- - * This file is in the public domain. - */ - -#include <x86/_align.h> diff --git a/sys/i386/include/param.h b/sys/i386/include/param.h index 657dbcd879bd..9e542038f345 100644 --- a/sys/i386/include/param.h +++ b/sys/i386/include/param.h @@ -35,7 +35,7 @@ #ifndef _I386_INCLUDE_PARAM_H_ #define _I386_INCLUDE_PARAM_H_ -#include <machine/_align.h> +#include <sys/_align.h> /* * Machine dependent constants for Intel 386. diff --git a/sys/powerpc/include/_align.h b/sys/powerpc/include/_align.h deleted file mode 100644 index 0a7b6039b087..000000000000 --- a/sys/powerpc/include/_align.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-4-Clause - * - * Copyright (c) 2001 David E. O'Brien - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * William Jolitz. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _POWERPC_INCLUDE__ALIGN_H_ -#define _POWERPC_INCLUDE__ALIGN_H_ - -/* - * Round p (pointer or byte index) up to a correctly-aligned value - * for all data types (int, long, ...). The result is unsigned int - * and must be cast to any desired pointer type. - */ -#define _ALIGNBYTES (sizeof(register_t) - 1) -#define _ALIGN(p) (((uintptr_t)(p) + _ALIGNBYTES) & ~_ALIGNBYTES) - -#endif /* !_POWERPC_INCLUDE__ALIGN_H_ */ diff --git a/sys/powerpc/include/param.h b/sys/powerpc/include/param.h index e79e92f76ec2..a190f60c02cc 100644 --- a/sys/powerpc/include/param.h +++ b/sys/powerpc/include/param.h @@ -44,7 +44,7 @@ * Machine dependent constants for PowerPC */ -#include <machine/_align.h> +#include <sys/_align.h> #ifndef MACHINE #define MACHINE "powerpc" diff --git a/sys/riscv/include/_align.h b/sys/riscv/include/_align.h deleted file mode 100644 index c588625ce7f9..000000000000 --- a/sys/riscv/include/_align.h +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * William Jolitz. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _MACHINE__ALIGN_H_ -#define _MACHINE__ALIGN_H_ - -/* - * Round p (pointer or byte index) up to a correctly-aligned value - * for all data types (int, long, ...). The result is unsigned int - * and must be cast to any desired pointer type. - */ -#define _ALIGNBYTES (sizeof(long long) - 1) -#define _ALIGN(p) (((u_long)(p) + _ALIGNBYTES) & ~_ALIGNBYTES) - -#endif /* !_MACHINE__ALIGN_H_ */ diff --git a/sys/riscv/include/param.h b/sys/riscv/include/param.h index 32b0c7a1e34b..471d8b354b82 100644 --- a/sys/riscv/include/param.h +++ b/sys/riscv/include/param.h @@ -34,7 +34,7 @@ * Machine dependent constants for RISC-V. */ -#include <machine/_align.h> +#include <sys/_align.h> #define STACKALIGNBYTES (16 - 1) #define STACKALIGN(p) ((uint64_t)(p) & ~STACKALIGNBYTES) diff --git a/sys/sys/_align.h b/sys/sys/_align.h new file mode 100644 index 000000000000..09444bc4afce --- /dev/null +++ b/sys/sys/_align.h @@ -0,0 +1,32 @@ +/* + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2020 SRI International + * + * This software was developed by SRI International and the University of + * Cambridge Computer Laboratory (Department of Computer Science and + * Technology) under DARPA contract HR0011-18-C-0016 ("ECATS"), as part of the + * DARPA SSITH research programme. + */ +#ifndef _SYS__ALIGN_H_ +#define _SYS__ALIGN_H_ + +/* + * Round p up to the alignment of the largest, non-floating point, type + * that fits in a register. In practice this has always been the size + * of a pointer (but spelled in a wide varity of ways) and with CHERI + * that needs to remain true to support file descriptor passing within + * the kernel. + * + * Unlike historic implementations, _ALIGN macro preserves both the type + * and provenance of p. + * + * These interfaces are ambigiously defined and should be considred + * obsolete. New code that requires alignment adjustments should replace + * _ALIGNBYTES with alignof(appropriate type) and _ALIGN with + * __align_up(p, alignof(appropriate type)). + */ +#define _ALIGNBYTES (sizeof(void *) - 1) +#define _ALIGN(p) __align_up((p), _ALIGNBYTES + 1) + +#endif /* !_SYS__ALIGN_H_ */ diff --git a/sys/sys/socket.h b/sys/sys/socket.h index 76a1652644bd..25b6fce75b94 100644 --- a/sys/sys/socket.h +++ b/sys/sys/socket.h @@ -36,7 +36,7 @@ #include <sys/_types.h> #include <sys/_iovec.h> #include <sys/_timeval.h> -#include <machine/_align.h> +#include <sys/_align.h> /* * Definitions related to sockets: types, address families, options. diff --git a/sys/x86/include/_align.h b/sys/x86/include/_align.h deleted file mode 100644 index dc2ff4f656f4..000000000000 --- a/sys/x86/include/_align.h +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-4-Clause - * - * Copyright (c) 2001 David E. O'Brien - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * William Jolitz. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _X86_INCLUDE__ALIGN_H_ -#define _X86_INCLUDE__ALIGN_H_ - -/* - * Round p (pointer or byte index) up to a correctly-aligned value - * for all data types (int, long, ...). The result is unsigned int - * and must be cast to any desired pointer type. - */ -#define _ALIGNBYTES (sizeof(__register_t) - 1) -#define _ALIGN(p) (((__uintptr_t)(p) + _ALIGNBYTES) & ~_ALIGNBYTES) - -#endif /* !_X86_INCLUDE__ALIGN_H_ */
