crypto/subtle: add speculation barrier after DIT

When enabling DIT on ARM64, add speculation barrier instructions to ensure that subsequent instructions are executed using the updated DIT state. See https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms#Enable-DIT-for-constant-time-cryptographic-operations which recommends doing this. The Arm documentation for DIT doesn't tell you to do this, but it seems prudent. Change-Id: Idbc87b332650a77b8cb3509c11377bf5c724f3cf Reviewed-on: https://go-review.googlesource.com/c/go/+/726980 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
2026-01-29 07:02:05 +03:00 · 2025-12-04 13:26:52 -08:00
parent f84f8d86be
commit 2244bd7eeb
1 changed files with 5 additions and 0 deletions
--- a/src/internal/runtime/sys/dit_arm64.s
+++ b/src/internal/runtime/sys/dit_arm64.s
@@ -9,6 +9,11 @@ TEXT ·EnableDIT(SB),$0-1
    UBFX $24, R0, $1, R1
    MOVB R1, ret+0(FP)
    MSR $1, DIT
+    // TODO(roland): the SB instruction is significantly more
+    // performant when available. We should detect its availability
+    // and use it when we can.
+    DSB $7  // nsh
+    ISB $15 // sy
    RET

 TEXT ·DITEnabled(SB),$0-1