[src/trunk]: src/sys/arch/x86 Implement a mitigation for Spectre...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4762373af72a
branches:  trunk
changeset: 319228:4762373af72a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Tue May 22 10:20:04 2018 +0000

description:
Implement a mitigation for SpectreV4 on AMD families 15h and 16h. We use
a non-architectural MSR. This MSR is also available on 17h, but there SMT
is involved, and it needs more investigation.

Not tested (I have only 10h).

diffstat:

 sys/arch/x86/include/specialreg.h |   4 +-
 sys/arch/x86/x86/spectre.c        |  67 +++++++++++++++++++++++++++++++-------
 2 files changed, 57 insertions(+), 14 deletions(-)

diffs (141 lines):

diff -r a812af19ffc3 -r 4762373af72a sys/arch/x86/include/specialreg.h
--- a/sys/arch/x86/include/specialreg.h Tue May 22 09:25:58 2018 +0000
+++ b/sys/arch/x86/include/specialreg.h Tue May 22 10:20:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: specialreg.h,v 1.122 2018/05/22 07:24:08 maxv Exp $    */
+/*     $NetBSD: specialreg.h,v 1.123 2018/05/22 10:20:04 maxv Exp $    */
 
 /*-
  * Copyright (c) 1991 The Regents of the University of California.
@@ -858,6 +858,8 @@
 
 #define MSR_LS_CFG     0xc0011020
 #define        LS_CFG_DIS_LS2_SQUISH   0x02000000
+#define        LS_CFG_DIS_SSB_F15H     0x0040000000000000ULL
+#define        LS_CFG_DIS_SSB_F16H     0x0000000200000000ULL
 
 #define MSR_IC_CFG     0xc0011021
 #define        IC_CFG_DIS_SEQ_PREFETCH 0x00000800
diff -r a812af19ffc3 -r 4762373af72a sys/arch/x86/x86/spectre.c
--- a/sys/arch/x86/x86/spectre.c        Tue May 22 09:25:58 2018 +0000
+++ b/sys/arch/x86/x86/spectre.c        Tue May 22 10:20:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: spectre.c,v 1.14 2018/05/22 09:25:58 maxv Exp $        */
+/*     $NetBSD: spectre.c,v 1.15 2018/05/22 10:20:04 maxv Exp $        */
 
 /*
  * Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.14 2018/05/22 09:25:58 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.15 2018/05/22 10:20:04 maxv Exp $");
 
 #include "opt_spectre.h"
 
@@ -60,7 +60,9 @@
 enum v4_mitigation {
        V4_MITIGATION_NONE,
        V4_MITIGATION_INTEL_SSBD,
-       V4_MITIGATION_INTEL_SSB_NO
+       V4_MITIGATION_INTEL_SSB_NO,
+       V4_MITIGATION_AMD_NONARCH_F15H,
+       V4_MITIGATION_AMD_NONARCH_F16H
 };
 
 static enum v2_mitigation v2_mitigation_method = V2_MITIGATION_NONE;
@@ -379,14 +381,18 @@
                strlcat(name, "(none)", sizeof(name));
        } else {
                switch (v4_mitigation_method) {
+               case V4_MITIGATION_NONE:
+                       panic("%s: impossible", __func__);
                case V4_MITIGATION_INTEL_SSBD:
                        strlcat(name, "[Intel SSBD]", sizeof(name));
                        break;
                case V4_MITIGATION_INTEL_SSB_NO:
                        strlcat(name, "[Intel SSB_NO]", sizeof(name));
                        break;
-               default:
-                       panic("%s: impossible", __func__);
+               case V4_MITIGATION_AMD_NONARCH_F15H:
+               case V4_MITIGATION_AMD_NONARCH_F16H:
+                       strlcat(name, "[AMD NONARCH]", sizeof(name));
+                       break;
                }
        }
 
@@ -397,6 +403,7 @@
 static void
 v4_detect_method(void)
 {
+       struct cpu_info *ci = curcpu();
        u_int descs[4];
        uint64_t msr;
 
@@ -421,6 +428,17 @@
                                return;
                        }
                }
+       } else if (cpu_vendor == CPUVENDOR_AMD) {
+               switch (CPUID_TO_FAMILY(ci->ci_signature)) {
+               case 0x15:
+                       v4_mitigation_method = V4_MITIGATION_AMD_NONARCH_F15H;
+                       return;
+               case 0x16:
+                       v4_mitigation_method = V4_MITIGATION_AMD_NONARCH_F16H;
+                       return;
+               default:
+                       break;
+               }
        }
 
        v4_mitigation_method = V4_MITIGATION_NONE;
@@ -431,15 +449,38 @@
 {
        uint64_t msr;
 
-       msr = rdmsr(MSR_IA32_SPEC_CTRL);
-
-       if (enabled) {
-               msr |= IA32_SPEC_CTRL_SSBD;
-       } else {
-               msr &= ~IA32_SPEC_CTRL_SSBD;
+       switch (v4_mitigation_method) {
+       case V4_MITIGATION_NONE:
+       case V4_MITIGATION_INTEL_SSB_NO:
+               panic("impossible");
+       case V4_MITIGATION_INTEL_SSBD:
+               msr = rdmsr(MSR_IA32_SPEC_CTRL);
+               if (enabled) {
+                       msr |= IA32_SPEC_CTRL_SSBD;
+               } else {
+                       msr &= ~IA32_SPEC_CTRL_SSBD;
+               }
+               wrmsr(MSR_IA32_SPEC_CTRL, msr);
+               break;
+       case V4_MITIGATION_AMD_NONARCH_F15H:
+               msr = rdmsr(MSR_LS_CFG);
+               if (enabled) {
+                       msr |= LS_CFG_DIS_SSB_F15H;
+               } else {
+                       msr &= ~LS_CFG_DIS_SSB_F15H;
+               }
+               wrmsr(MSR_LS_CFG, msr);
+               break;
+       case V4_MITIGATION_AMD_NONARCH_F16H:
+               msr = rdmsr(MSR_LS_CFG);
+               if (enabled) {
+                       msr |= LS_CFG_DIS_SSB_F16H;
+               } else {
+                       msr &= ~LS_CFG_DIS_SSB_F16H;
+               }
+               wrmsr(MSR_LS_CFG, msr);
+               break;
        }
-
-       wrmsr(MSR_IA32_SPEC_CTRL, msr);
 }
 
 static void