From: Roland Shoemaker Date: Thu, 4 Dec 2025 21:26:52 +0000 (-0800) Subject: crypto/subtle: add speculation barrier after DIT X-Git-Tag: go1.26rc1~2^2~11 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=2244bd7eeb;p=gostls13.git crypto/subtle: add speculation barrier after DIT When enabling DIT on ARM64, add speculation barrier instructions to ensure that subsequent instructions are executed using the updated DIT state. See https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms#Enable-DIT-for-constant-time-cryptographic-operations which recommends doing this. The Arm documentation for DIT doesn't tell you to do this, but it seems prudent. Change-Id: Idbc87b332650a77b8cb3509c11377bf5c724f3cf Reviewed-on: https://go-review.googlesource.com/c/go/+/726980 LUCI-TryBot-Result: Go LUCI Reviewed-by: Cherry Mui --- diff --git a/src/internal/runtime/sys/dit_arm64.s b/src/internal/runtime/sys/dit_arm64.s index c27dfc9af3..408b60c8c0 100644 --- a/src/internal/runtime/sys/dit_arm64.s +++ b/src/internal/runtime/sys/dit_arm64.s @@ -9,6 +9,11 @@ TEXT ·EnableDIT(SB),$0-1 UBFX $24, R0, $1, R1 MOVB R1, ret+0(FP) MSR $1, DIT + // TODO(roland): the SB instruction is significantly more + // performant when available. We should detect its availability + // and use it when we can. + DSB $7 // nsh + ISB $15 // sy RET TEXT ·DITEnabled(SB),$0-1