Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys/arch Pull up following revision(s) (requested by maxv...
details: https://anonhg.NetBSD.org/src/rev/6a8471e3c80c
branches: netbsd-8
changeset: 451301:6a8471e3c80c
user: martin <martin%NetBSD.org@localhost>
date: Tue May 14 17:12:19 2019 +0000
description:
Pull up following revision(s) (requested by maxv in ticket #1269):
sys/arch/amd64/amd64/locore.S: revision 1.181 (adapted)
sys/arch/amd64/amd64/amd64_trap.S: revision 1.47 (adapted)
sys/arch/x86/include/specialreg.h: revision 1.144 (adapted)
sys/arch/amd64/include/frameasm.h: revision 1.43 (adapted)
sys/arch/x86/x86/spectre.c: revision 1.27 (adapted)
Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).
It requires a microcode update, now available on the Intel website. The
microcode modifies the behavior of the VERW instruction, and makes it flush
internal CPU buffers. We hotpatch the return-to-userland path to add VERW.
Two sysctls are added:
machdep.mds.mitigated = {0/1} user-settable
machdep.mds.method = {string} constructed by the kernel
The kernel will automatically enable the mitigation if the updated
microcode is present. If the new microcode is not present, the user can
load it via cpuctl, and set machdep.mds.mitigated=1.
diffstat:
sys/arch/amd64/amd64/amd64_trap.S | 5 +-
sys/arch/amd64/amd64/locore.S | 19 ++-
sys/arch/amd64/include/frameasm.h | 15 ++-
sys/arch/x86/include/specialreg.h | 4 +-
sys/arch/x86/x86/spectre.c | 263 +++++++++++++++++++++++++++++++++++++-
5 files changed, 300 insertions(+), 6 deletions(-)
diffs (truncated from 434 to 300 lines):
diff -r a6eb7f138803 -r 6a8471e3c80c sys/arch/amd64/amd64/amd64_trap.S
--- a/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 11:44:32 2019 +0000
+++ b/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 17:12:19 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: amd64_trap.S,v 1.5.6.3 2018/04/14 10:11:49 martin Exp $ */
+/* $NetBSD: amd64_trap.S,v 1.5.6.4 2019/05/14 17:12:19 martin Exp $ */
/*
* Copyright (c) 1998, 2007, 2008, 2017 The NetBSD Foundation, Inc.
@@ -151,6 +151,7 @@
movq %rsp,%rdi
incq CPUVAR(NTRAP)
call _C_LABEL(nmitrap)
+ MDS_LEAVE
SVS_LEAVE_ALTSTACK
swapgs
jmp .Lnmileave
@@ -159,6 +160,7 @@
movq %rsp,%rdi
incq CPUVAR(NTRAP)
call _C_LABEL(nmitrap)
+ MDS_LEAVE
SVS_LEAVE_ALTSTACK
.Lnmileave:
@@ -247,6 +249,7 @@
incq CPUVAR(NTRAP)
call _C_LABEL(doubletrap)
+ MDS_LEAVE
SVS_LEAVE_ALTSTACK
INTR_RESTORE_GPRS
diff -r a6eb7f138803 -r 6a8471e3c80c sys/arch/amd64/amd64/locore.S
--- a/sys/arch/amd64/amd64/locore.S Tue May 14 11:44:32 2019 +0000
+++ b/sys/arch/amd64/amd64/locore.S Tue May 14 17:12:19 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: locore.S,v 1.123.6.8 2018/07/10 15:35:26 martin Exp $ */
+/* $NetBSD: locore.S,v 1.123.6.9 2019/05/14 17:12:19 martin Exp $ */
/*
* Copyright-o-rama!
@@ -1465,6 +1465,7 @@
TEXT_USER_BEGIN
_ALIGN_TEXT
LABEL(syscall_sysret)
+ MDS_LEAVE
SVS_LEAVE
/* Set default the 64bit values in %ds and %es. */
@@ -1561,6 +1562,7 @@
_ALIGN_TEXT
LABEL(intrfastexit)
NOT_XEN(cli;)
+ MDS_LEAVE
SVS_LEAVE
INTR_RESTORE_GPRS
addq $(TF_REGSIZE+16),%rsp /* iret frame */
@@ -1637,3 +1639,18 @@
NOSVS_LEAVE_ALTSTACK
LABEL(nosvs_leave_altstack_end)
#endif
+
+ .globl mds_leave, mds_leave_end
+
+LABEL(mds_leave)
+ testb $SEL_UPL,TF_CS(%rsp)
+ jz 1234f
+ pushq $GSEL(GDATA_SEL, SEL_KPL)
+ verw (%rsp)
+ addq $8,%rsp
+1234:
+LABEL(mds_leave_end)
+
+LABEL(nomds_leave)
+ NOMDS_LEAVE
+LABEL(nomds_leave_end)
diff -r a6eb7f138803 -r 6a8471e3c80c sys/arch/amd64/include/frameasm.h
--- a/sys/arch/amd64/include/frameasm.h Tue May 14 11:44:32 2019 +0000
+++ b/sys/arch/amd64/include/frameasm.h Tue May 14 17:12:19 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: frameasm.h,v 1.20.32.3 2018/04/14 10:11:49 martin Exp $ */
+/* $NetBSD: frameasm.h,v 1.20.32.4 2019/05/14 17:12:19 martin Exp $ */
#ifndef _AMD64_MACHINE_FRAMEASM_H
#define _AMD64_MACHINE_FRAMEASM_H
@@ -42,6 +42,7 @@
#define HP_NAME_SVS_LEAVE 6
#define HP_NAME_SVS_ENTER_ALT 7
#define HP_NAME_SVS_LEAVE_ALT 8
+#define HP_NAME_MDS_LEAVE 13
#define HOTPATCH(name, size) \
123: ; \
@@ -59,6 +60,18 @@
HOTPATCH(HP_NAME_STAC, 3) ; \
.byte 0x0F, 0x1F, 0x00 ; \
+/*
+ * MDS
+ */
+
+#define MDS_LEAVE_BYTES 20
+#define MDS_LEAVE \
+ HOTPATCH(HP_NAME_MDS_LEAVE, MDS_LEAVE_BYTES) ; \
+ NOMDS_LEAVE
+#define NOMDS_LEAVE \
+ .byte 0xEB, (MDS_LEAVE_BYTES-2) /* jmp */ ; \
+ .fill (MDS_LEAVE_BYTES-2),1,0xCC
+
#define SWAPGS NOT_XEN(swapgs)
/*
diff -r a6eb7f138803 -r 6a8471e3c80c sys/arch/x86/include/specialreg.h
--- a/sys/arch/x86/include/specialreg.h Tue May 14 11:44:32 2019 +0000
+++ b/sys/arch/x86/include/specialreg.h Tue May 14 17:12:19 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: specialreg.h,v 1.98.2.11 2019/02/12 09:27:17 martin Exp $ */
+/* $NetBSD: specialreg.h,v 1.98.2.12 2019/05/14 17:12:19 martin Exp $ */
/*-
* Copyright (c) 1991 The Regents of the University of California.
@@ -426,6 +426,7 @@
/* %edx */
#define CPUID_SEF_AVX512_4VNNIW __BIT(2)
#define CPUID_SEF_AVX512_4FMAPS __BIT(3)
+#define CPUID_SEF_MD_CLEAR __BIT(10)
#define CPUID_SEF_IBRS __BIT(26) /* IBRS / IBPB Speculation Control */
#define CPUID_SEF_STIBP __BIT(27) /* STIBP Speculation Control */
#define CPUID_SEF_L1D_FLUSH __BIT(28) /* IA32_FLUSH_CMD MSR */
@@ -745,6 +746,7 @@
#define IA32_ARCH_RSBA 0x04
#define IA32_ARCH_SKIP_L1DFL_VMENTRY 0x08
#define IA32_ARCH_SSB_NO 0x10
+#define IA32_ARCH_MDS_NO 0x20
#define MSR_IA32_FLUSH_CMD 0x10b
#define IA32_FLUSH_CMD_L1D_FLUSH 0x01
#define MSR_BBL_CR_ADDR 0x116 /* PII+ only */
diff -r a6eb7f138803 -r 6a8471e3c80c sys/arch/x86/x86/spectre.c
--- a/sys/arch/x86/x86/spectre.c Tue May 14 11:44:32 2019 +0000
+++ b/sys/arch/x86/x86/spectre.c Tue May 14 17:12:19 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: spectre.c,v 1.19.2.2 2018/06/09 15:12:21 martin Exp $ */
+/* $NetBSD: spectre.c,v 1.19.2.3 2019/05/14 17:12:19 martin Exp $ */
/*
* Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.19.2.2 2018/06/09 15:12:21 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.19.2.3 2019/05/14 17:12:19 martin Exp $");
#include "opt_spectre.h"
@@ -428,6 +428,226 @@
/* -------------------------------------------------------------------------- */
+enum mds_mitigation {
+ MDS_MITIGATION_NONE,
+ MDS_MITIGATION_VERW,
+ MDS_MITIGATION_MDS_NO
+};
+
+static char mds_mitigation_name[64] = "(none)";
+
+static enum mds_mitigation mds_mitigation_method = MDS_MITIGATION_NONE;
+static bool mds_mitigation_enabled __read_mostly = false;
+
+static volatile unsigned long mds_cpu_barrier1 __cacheline_aligned;
+static volatile unsigned long mds_cpu_barrier2 __cacheline_aligned;
+
+#ifdef __x86_64__
+static void
+mds_disable_hotpatch(void)
+{
+ extern uint8_t nomds_leave, nomds_leave_end;
+ u_long psl, cr0;
+ uint8_t *bytes;
+ size_t size;
+
+ x86_patch_window_open(&psl, &cr0);
+
+ bytes = &nomds_leave;
+ size = (size_t)&nomds_leave_end - (size_t)&nomds_leave;
+ x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+ x86_patch_window_close(psl, cr0);
+}
+
+static void
+mds_enable_hotpatch(void)
+{
+ extern uint8_t mds_leave, mds_leave_end;
+ u_long psl, cr0;
+ uint8_t *bytes;
+ size_t size;
+
+ x86_patch_window_open(&psl, &cr0);
+
+ bytes = &mds_leave;
+ size = (size_t)&mds_leave_end - (size_t)&mds_leave;
+ x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+ x86_patch_window_close(psl, cr0);
+}
+#else
+/* MDS not supported on i386 */
+static void
+mds_disable_hotpatch(void)
+{
+ panic("%s: impossible", __func__);
+}
+static void
+mds_enable_hotpatch(void)
+{
+ panic("%s: impossible", __func__);
+}
+#endif
+
+static void
+mitigation_mds_apply_cpu(struct cpu_info *ci, bool enabled)
+{
+ switch (mds_mitigation_method) {
+ case MDS_MITIGATION_NONE:
+ case MDS_MITIGATION_MDS_NO:
+ panic("impossible");
+ case MDS_MITIGATION_VERW:
+ /* cpu0 is the one that does the hotpatch job */
+ if (ci == &cpu_info_primary) {
+ if (enabled) {
+ mds_enable_hotpatch();
+ } else {
+ mds_disable_hotpatch();
+ }
+ }
+ break;
+ }
+}
+
+static void
+mitigation_mds_change_cpu(void *arg1, void *arg2)
+{
+ struct cpu_info *ci = curcpu();
+ bool enabled = (bool)arg1;
+ u_long psl = 0;
+
+ /* Rendez-vous 1. */
+ psl = x86_read_psl();
+ x86_disable_intr();
+
+ atomic_dec_ulong(&mds_cpu_barrier1);
+ while (atomic_cas_ulong(&mds_cpu_barrier1, 0, 0) != 0) {
+ x86_pause();
+ }
+
+ mitigation_mds_apply_cpu(ci, enabled);
+
+ /* Rendez-vous 2. */
+ atomic_dec_ulong(&mds_cpu_barrier2);
+ while (atomic_cas_ulong(&mds_cpu_barrier2, 0, 0) != 0) {
+ x86_pause();
+ }
+
+ /* Write back and invalidate cache, flush pipelines. */
+ wbinvd();
+ x86_flush();
+
+ x86_write_psl(psl);
+}
+
+static void
+mds_detect_method(void)
+{
+ u_int descs[4];
+ uint64_t msr;
+
+ if (cpu_vendor != CPUVENDOR_INTEL) {
+ mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+ return;
+ }
+
+ x86_cpuid(0x7, descs);
+ if (descs[3] & CPUID_SEF_ARCH_CAP) {
+ msr = rdmsr(MSR_IA32_ARCH_CAPABILITIES);
+ if (msr & IA32_ARCH_MDS_NO) {
+ mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+ return;
+ }
+ }
+
+#ifdef __x86_64__
+ if (descs[3] & CPUID_SEF_MD_CLEAR) {
+ mds_mitigation_method = MDS_MITIGATION_VERW;
+ }
+#endif
+}
+
Home |
Main Index |
Thread Index |
Old Index