From owner-svn-src-all@freebsd.org Fri Dec 13 05:29:27 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6C4471E2E2E; Fri, 13 Dec 2019 05:29:27 +0000 (UTC) (envelope-from scottl@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47YzkH2Fdbz4XGb; Fri, 13 Dec 2019 05:29:27 +0000 (UTC) (envelope-from scottl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4870C75FE; Fri, 13 Dec 2019 05:29:27 +0000 (UTC) (envelope-from scottl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xBD5TRAW059691; Fri, 13 Dec 2019 05:29:27 GMT (envelope-from scottl@FreeBSD.org) Received: (from scottl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xBD5TRCD059690; Fri, 13 Dec 2019 05:29:27 GMT (envelope-from scottl@FreeBSD.org) Message-Id: <201912130529.xBD5TRCD059690@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: scottl set sender to scottl@FreeBSD.org using -f From: Scott Long Date: Fri, 13 Dec 2019 05:29:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r355698 - stable/12/sys/x86/x86 X-SVN-Group: stable-12 X-SVN-Commit-Author: scottl X-SVN-Commit-Paths: stable/12/sys/x86/x86 X-SVN-Commit-Revision: 355698 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Dec 2019 05:29:27 -0000 Author: scottl Date: Fri Dec 13 05:29:26 2019 New Revision: 355698 URL: https://svnweb.freebsd.org/changeset/base/355698 Log: Merge r355134,355375,355589 Clean up and clarify meta commentary on TAA. Add a state to denote that TSX doesn't exist on the CPU. x86: Add missed break to TAA status sysctl Fix the TAA state machine to do the right thing when the TAA migitation is available in microcode and the operator has set the sysctl to automatic mode. Sponsored by: Intel Modified: stable/12/sys/x86/x86/cpu_machdep.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/x86/x86/cpu_machdep.c ============================================================================== --- stable/12/sys/x86/x86/cpu_machdep.c Fri Dec 13 05:13:25 2019 (r355697) +++ stable/12/sys/x86/x86/cpu_machdep.c Fri Dec 13 05:29:26 2019 (r355698) @@ -1164,11 +1164,15 @@ SYSCTL_PROC(_hw, OID_AUTO, mds_disable, CTLTYPE_INT | int x86_taa_enable; int x86_taa_state; enum { - TAA_NONE = 0, - TAA_TSX_DISABLE = 1, - TAA_VERW = 2, - TAA_AUTO = 3, - TAA_TAA_NO = 4 + TAA_NONE = 0, /* No mitigation enabled */ + TAA_TSX_DISABLE = 1, /* Disable TSX via MSR */ + TAA_VERW = 2, /* Use VERW mitigation */ + TAA_AUTO = 3, /* Automatically select the mitigation */ + + /* The states below are not selectable by the operator */ + + TAA_TAA_UC = 4, /* Mitigation present in microcode */ + TAA_NOT_PRESENT = 5 /* TSX is not present */ }; static void @@ -1192,15 +1196,14 @@ x86_taa_recalculate(void) if ((cpu_stdext_feature & CPUID_STDEXT_HLE) == 0 || (cpu_stdext_feature & CPUID_STDEXT_RTM) == 0) { /* TSX is not present */ - x86_taa_state = 0; + x86_taa_state = TAA_NOT_PRESENT; return; } /* Check to see what mitigation options the CPU gives us */ if (cpu_ia32_arch_caps & IA32_ARCH_CAP_TAA_NO) { /* CPU is not suseptible to TAA */ - taa_need = TAA_NONE; - taa_state = TAA_TAA_NO; + taa_need = TAA_TAA_UC; } else if (cpu_ia32_arch_caps & IA32_ARCH_CAP_TSX_CTRL) { /* * CPU can turn off TSX. This is the next best option @@ -1307,8 +1310,11 @@ sysctl_taa_state_handler(SYSCTL_HANDLER_ARGS) case TAA_VERW: state = "VERW"; break; - case TAA_TAA_NO: - state = "Not vulnerable"; + case TAA_TAA_UC: + state = "Mitigated in microcode"; + break; + case TAA_NOT_PRESENT: + state = "TSX not present"; break; default: state = "unknown";