Date: Fri, 19 Jun 2020 11:47:40 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r362376 - in stable/12/sys: amd64/amd64 dev/cpuctl x86/include x86/x86 Message-ID: <202006191147.05JBlere010115@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Fri Jun 19 11:47:40 2020 New Revision: 362376 URL: https://svnweb.freebsd.org/changeset/base/362376 Log: MFC r362130: Control for Special Register Buffer Data Sampling mitigation. Modified: stable/12/sys/amd64/amd64/initcpu.c stable/12/sys/amd64/amd64/machdep.c stable/12/sys/dev/cpuctl/cpuctl.c stable/12/sys/x86/include/x86_var.h stable/12/sys/x86/x86/cpu_machdep.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/amd64/amd64/initcpu.c ============================================================================== --- stable/12/sys/amd64/amd64/initcpu.c Fri Jun 19 11:45:12 2020 (r362375) +++ stable/12/sys/amd64/amd64/initcpu.c Fri Jun 19 11:47:40 2020 (r362376) @@ -270,6 +270,7 @@ initializecpu(void) hw_ibrs_recalculate(false); hw_ssb_recalculate(false); amd64_syscall_ret_flush_l1d_recalc(); + x86_rngds_mitg_recalculate(false); switch (cpu_vendor_id) { case CPU_VENDOR_AMD: case CPU_VENDOR_HYGON: Modified: stable/12/sys/amd64/amd64/machdep.c ============================================================================== --- stable/12/sys/amd64/amd64/machdep.c Fri Jun 19 11:45:12 2020 (r362375) +++ stable/12/sys/amd64/amd64/machdep.c Fri Jun 19 11:47:40 2020 (r362376) @@ -1794,6 +1794,9 @@ hammer_time(u_int64_t modulep, u_int64_t physfree) TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable); TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable); + TUNABLE_INT_FETCH("machdep.mitigations.rndgs.enable", + &x86_rngds_mitg_enable); + finishidentcpu(); /* Final stage of CPU initialization */ initializecpu(); /* Initialize CPU registers */ Modified: stable/12/sys/dev/cpuctl/cpuctl.c ============================================================================== --- stable/12/sys/dev/cpuctl/cpuctl.c Fri Jun 19 11:45:12 2020 (r362375) +++ stable/12/sys/dev/cpuctl/cpuctl.c Fri Jun 19 11:47:40 2020 (r362376) @@ -547,6 +547,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread *td #endif hw_mds_recalculate(); x86_taa_recalculate(); + x86_rngds_mitg_recalculate(true); printcpuinfo(); return (0); } Modified: stable/12/sys/x86/include/x86_var.h ============================================================================== --- stable/12/sys/x86/include/x86_var.h Fri Jun 19 11:45:12 2020 (r362375) +++ stable/12/sys/x86/include/x86_var.h Fri Jun 19 11:47:40 2020 (r362376) @@ -89,6 +89,7 @@ extern int hw_mds_disable; extern int hw_ssb_active; extern int x86_taa_enable; extern int cpu_flush_rsb_ctxsw; +extern int x86_rngds_mitg_enable; struct pcb; struct thread; @@ -146,6 +147,7 @@ void hw_ibrs_recalculate(bool all_cpus); void hw_mds_recalculate(void); void hw_ssb_recalculate(bool all_cpus); void x86_taa_recalculate(void); +void x86_rngds_mitg_recalculate(bool all_cpus); void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame); void nmi_call_kdb_smp(u_int type, struct trapframe *frame); void nmi_handle_intr(u_int type, struct trapframe *frame); Modified: stable/12/sys/x86/x86/cpu_machdep.c ============================================================================== --- stable/12/sys/x86/x86/cpu_machdep.c Fri Jun 19 11:45:12 2020 (r362375) +++ stable/12/sys/x86/x86/cpu_machdep.c Fri Jun 19 11:47:40 2020 (r362376) @@ -1337,6 +1337,60 @@ SYSCTL_INT(_machdep_mitigations, OID_AUTO, flush_rsb_c CTLFLAG_RW | CTLFLAG_NOFETCH, &cpu_flush_rsb_ctxsw, 0, "Flush Return Stack Buffer on context switch"); +SYSCTL_NODE(_machdep_mitigations, OID_AUTO, rngds, + CTLFLAG_RW | CTLFLAG_MPSAFE, 0, + "MCU Optimization, disable RDSEED mitigation"); + +int x86_rngds_mitg_enable = 1; +void +x86_rngds_mitg_recalculate(bool all_cpus) +{ + if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0) + return; + x86_msr_op(MSR_IA32_MCU_OPT_CTRL, + (x86_rngds_mitg_enable ? MSR_OP_OR : MSR_OP_ANDNOT) | + (all_cpus ? MSR_OP_RENDEZVOUS : MSR_OP_LOCAL), + IA32_RNGDS_MITG_DIS); +} + +static int +sysctl_rngds_mitg_enable_handler(SYSCTL_HANDLER_ARGS) +{ + int error, val; + + val = x86_rngds_mitg_enable; + error = sysctl_handle_int(oidp, &val, 0, req); + if (error != 0 || req->newptr == NULL) + return (error); + x86_rngds_mitg_enable = val; + x86_rngds_mitg_recalculate(true); + return (0); +} +SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, enable, CTLTYPE_INT | + CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, + sysctl_rngds_mitg_enable_handler, "I", + "MCU Optimization, disabling RDSEED mitigation control " + "(0 - mitigation disabled (RDSEED optimized), 1 - mitigation enabled"); + +static int +sysctl_rngds_state_handler(SYSCTL_HANDLER_ARGS) +{ + const char *state; + + if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0) { + state = "Not applicable"; + } else if (x86_rngds_mitg_enable == 0) { + state = "RDSEED not serialized"; + } else { + state = "Mitigated"; + } + return (SYSCTL_OUT(req, state, strlen(state))); +} +SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, state, + CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, + sysctl_rngds_state_handler, "A", + "MCU Optimization state"); + /* * Enable and restore kernel text write permissions. * Callers must ensure that disable_wp()/restore_wp() are executed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006191147.05JBlere010115>