CVS commit: src/sys/arch

["Maxime Villard" <maxv%netbsd.org@localhost>]

Module Name:    src
Committed By:   maxv
Date:           Wed Mar 28 16:02:49 UTC 2018

Modified Files:
        src/sys/arch/amd64/amd64: amd64_trap.S locore.S
        src/sys/arch/amd64/include: frameasm.h
        src/sys/arch/x86/x86: spectre.c

Log Message:
Add the IBRS mitigation for SpectreV2 on amd64.

Different operations are performed during context transitions:

        user->kernel: IBRS <- 1
        kernel->user: IBRS <- 0

And during context switches:

        user->user:   IBPB <- 0
        kernel->user: IBPB <- 0
        [user->kernel:IBPB <- 0 this one may not be needed]

We use two macros, IBRS_ENTER and IBRS_LEAVE, to set the IBRS bit. The
thing is hotpatched for better performance, like SVS.

The idea is that IBRS is a "privileged" bit, which is set to 1 in kernel
mode and 0 in user mode. To protect the branch predictor between user
processes (which are of the same privilege), we use the IBPB barrier.

The Intel manual also talks about (MWAIT/HLT)+HyperThreading, and says
that when using either of the two instructions IBRS must be disabled for
better performance on the core. I'm not totally sure about this part, so
I'm not adding it now.

IBRS is available only when the Intel microcode update is applied. The
mitigation must be enabled manually with machdep.spectreV2.mitigated.

Tested by msaitoh a week ago (but I adapted a few things since). Probably
more changes to come.


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/sys/arch/amd64/amd64/amd64_trap.S
cvs rdiff -u -r1.159 -r1.160 src/sys/arch/amd64/amd64/locore.S
cvs rdiff -u -r1.37 -r1.38 src/sys/arch/amd64/include/frameasm.h
cvs rdiff -u -r1.1 -r1.2 src/sys/arch/x86/x86/spectre.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.