Date: Wed, 31 Jan 2018 17:02:04 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Ravi Pokala <rpokala@mac.com> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328625 - in head/sys: amd64/amd64 amd64/ia32 amd64/include dev/cpuctl i386/i386 x86/include x86/x86 Message-ID: <20180131150204.GQ97752@kib.kiev.ua> In-Reply-To: <E2C0BA07-7CCE-47FB-B735-5E76B3DF9D75@mac.com> References: <201801311436.w0VEaRrZ030839@repo.freebsd.org> <E2C0BA07-7CCE-47FB-B735-5E76B3DF9D75@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 31, 2018 at 06:52:43AM -0800, Ravi Pokala wrote: > Thanks Kostik! > > Quick question: IBRS stands for...? For that matter, in the previous change, what does RDCL_NO stand for too? Indirect Branch Restricted Speculation Rogue Data Cache Load. Read (or at least skim over) the Intel paper I referenced in the commit message. > > -Ravi (rpokala@) > > ???-----Original Message----- > From: <owner-src-committers@freebsd.org> on behalf of Konstantin Belousov <kib@FreeBSD.org> > Date: 2018-01-31, Wednesday at 06:36 > To: <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@freebsd.org> > Subject: svn commit: r328625 - in head/sys: amd64/amd64 amd64/ia32 amd64/include dev/cpuctl i386/i386 x86/include x86/x86 > > Author: kib > Date: Wed Jan 31 14:36:27 2018 > New Revision: 328625 > URL: https://svnweb.freebsd.org/changeset/base/328625 > > Log: > IBRS support, AKA Spectre hardware mitigation. > > It is coded according to the Intel document 336996-001, reading of the > patches posted on lkml, and some additional consultations with Intel. > > For existing processors, you need a microcode update which adds IBRS > CPU features, and to manually enable it by setting the tunable/sysctl > hw.ibrs_disable to 0. Current status can be checked in sysctl > hw.ibrs_active. The mitigation might be inactive if the CPU feature > is not patched in, or if CPU reports that IBRS use is not required, by > IA32_ARCH_CAP_IBRS_ALL bit. > > Sponsored by: The FreeBSD Foundation > MFC after: 1 week > Differential revision: https://reviews.freebsd.org/D14029 > > Modified: > head/sys/amd64/amd64/exception.S > head/sys/amd64/amd64/genassym.c > head/sys/amd64/amd64/initcpu.c > head/sys/amd64/amd64/machdep.c > head/sys/amd64/amd64/support.S > head/sys/amd64/ia32/ia32_exception.S > head/sys/amd64/include/md_var.h > head/sys/amd64/include/pcpu.h > head/sys/dev/cpuctl/cpuctl.c > head/sys/i386/i386/support.s > head/sys/x86/include/specialreg.h > head/sys/x86/include/x86_var.h > head/sys/x86/x86/cpu_machdep.c > > Modified: head/sys/amd64/amd64/exception.S > ============================================================================== > --- head/sys/amd64/amd64/exception.S Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/amd64/exception.S Wed Jan 31 14:36:27 2018 (r328625) > @@ -171,21 +171,22 @@ X\l: > alltraps: > movq %rdi,TF_RDI(%rsp) > testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ > - jz alltraps_segs /* already running with kernel GS.base */ > + jz 1f /* already running with kernel GS.base */ > swapgs > movq PCPU(CURPCB),%rdi > andl $~PCB_FULL_IRET,PCB_FLAGS(%rdi) > -alltraps_segs: > - SAVE_SEGS > - testl $PSL_I,TF_RFLAGS(%rsp) > - jz alltraps_pushregs_no_rdi > - sti > -alltraps_pushregs_no_rdi: > +1: SAVE_SEGS > movq %rdx,TF_RDX(%rsp) > movq %rax,TF_RAX(%rsp) > + movq %rcx,TF_RCX(%rsp) > + testb $SEL_RPL_MASK,TF_CS(%rsp) > + jz 2f > + call handle_ibrs_entry > +2: testl $PSL_I,TF_RFLAGS(%rsp) > + jz alltraps_pushregs_no_rax > + sti > alltraps_pushregs_no_rax: > movq %rsi,TF_RSI(%rsp) > - movq %rcx,TF_RCX(%rsp) > movq %r8,TF_R8(%rsp) > movq %r9,TF_R9(%rsp) > movq %rbx,TF_RBX(%rsp) > @@ -243,13 +244,18 @@ calltrap: > alltraps_noen: > movq %rdi,TF_RDI(%rsp) > testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ > - jz alltraps_noen_segs /* already running with kernel GS.base */ > + jz 1f /* already running with kernel GS.base */ > swapgs > movq PCPU(CURPCB),%rdi > andl $~PCB_FULL_IRET,PCB_FLAGS(%rdi) > -alltraps_noen_segs: > - SAVE_SEGS > - jmp alltraps_pushregs_no_rdi > +1: SAVE_SEGS > + movq %rdx,TF_RDX(%rsp) > + movq %rax,TF_RAX(%rsp) > + movq %rcx,TF_RCX(%rsp) > + testb $SEL_RPL_MASK,TF_CS(%rsp) > + jz alltraps_pushregs_no_rax > + call handle_ibrs_entry > + jmp alltraps_pushregs_no_rax > > IDTVEC(dblfault) > subq $TF_ERR,%rsp > @@ -301,12 +307,14 @@ IDTVEC(page_pti) > movq %rdi,TF_RDI(%rsp) > movq %rax,TF_RAX(%rsp) > movq %rdx,TF_RDX(%rsp) > + movq %rcx,TF_RCX(%rsp) > jmp page_u > IDTVEC(page) > subq $TF_ERR,%rsp > movq %rdi,TF_RDI(%rsp) /* free up GP registers */ > movq %rax,TF_RAX(%rsp) > movq %rdx,TF_RDX(%rsp) > + movq %rcx,TF_RCX(%rsp) > testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ > jz page_cr2 /* already running with kernel GS.base */ > swapgs > @@ -314,6 +322,7 @@ page_u: movq PCPU(CURPCB),%rdi > andl $~PCB_FULL_IRET,PCB_FLAGS(%rdi) > movq PCPU(SAVED_UCR3),%rax > movq %rax,PCB_SAVED_UCR3(%rdi) > + call handle_ibrs_entry > page_cr2: > movq %cr2,%rdi /* preserve %cr2 before .. */ > movq %rdi,TF_ADDR(%rsp) /* enabling interrupts. */ > @@ -371,6 +380,7 @@ prot_addrf: > movq %rdi,TF_RDI(%rsp) /* free up a GP register */ > movq %rax,TF_RAX(%rsp) > movq %rdx,TF_RDX(%rsp) > + movq %rcx,TF_RCX(%rsp) > movw %fs,TF_FS(%rsp) > movw %gs,TF_GS(%rsp) > leaq doreti_iret(%rip),%rdi > @@ -396,7 +406,8 @@ prot_addrf: > 3: cmpw $KUG32SEL,TF_GS(%rsp) > jne 4f > movq %rdx,PCB_GSBASE(%rdi) > -4: orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* always full iret from GPF */ > +4: call handle_ibrs_entry > + orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) /* always full iret from GPF */ > movw %es,TF_ES(%rsp) > movw %ds,TF_DS(%rsp) > testl $PSL_I,TF_RFLAGS(%rsp) > @@ -440,7 +451,9 @@ fast_syscall_common: > movq %r11,TF_RSP(%rsp) /* user stack pointer */ > movq PCPU(SCRATCH_RAX),%rax > movq %rax,TF_RAX(%rsp) /* syscall number */ > + movq %rdx,TF_RDX(%rsp) /* arg 3 */ > SAVE_SEGS > + call handle_ibrs_entry > movq PCPU(CURPCB),%r11 > andl $~PCB_FULL_IRET,PCB_FLAGS(%r11) > sti > @@ -449,7 +462,6 @@ fast_syscall_common: > movq $2,TF_ERR(%rsp) > movq %rdi,TF_RDI(%rsp) /* arg 1 */ > movq %rsi,TF_RSI(%rsp) /* arg 2 */ > - movq %rdx,TF_RDX(%rsp) /* arg 3 */ > movq %r10,TF_RCX(%rsp) /* arg 4 */ > movq %r8,TF_R8(%rsp) /* arg 5 */ > movq %r9,TF_R9(%rsp) /* arg 6 */ > @@ -475,6 +487,7 @@ fast_syscall_common: > movq PCPU(CURTHREAD),%rax > testl $TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax) > jne 3f > + call handle_ibrs_exit > /* Restore preserved registers. */ > MEXITCOUNT > movq TF_RDI(%rsp),%rdi /* bonus; preserve arg 1 */ > @@ -561,8 +574,8 @@ IDTVEC(nmi) > testb $SEL_RPL_MASK,TF_CS(%rsp) > jnz nmi_fromuserspace > /* > - * We've interrupted the kernel. Preserve GS.base in %r12 > - * and %cr3 in %r13. > + * We've interrupted the kernel. Preserve GS.base in %r12, > + * %cr3 in %r13, and possibly lower half of MSR_IA32_SPEC_CTL in %r14d. > */ > movl $MSR_GSBASE,%ecx > rdmsr > @@ -577,8 +590,14 @@ IDTVEC(nmi) > movq %cr3,%r13 > movq PCPU(KCR3),%rax > cmpq $~0,%rax > - je nmi_calltrap > + je 1f > movq %rax,%cr3 > +1: testl $CPUID_STDEXT3_IBPB,cpu_stdext_feature3(%rip) > + je nmi_calltrap > + movl $MSR_IA32_SPEC_CTRL,%ecx > + rdmsr > + movl %eax,%r14d > + call handle_ibrs_entry > jmp nmi_calltrap > nmi_fromuserspace: > incl %ebx > @@ -588,7 +607,8 @@ nmi_fromuserspace: > cmpq $~0,%rax > je 1f > movq %rax,%cr3 > -1: movq PCPU(CURPCB),%rdi > +1: call handle_ibrs_entry > + movq PCPU(CURPCB),%rdi > testq %rdi,%rdi > jz 3f > orl $PCB_FULL_IRET,PCB_FLAGS(%rdi) > @@ -683,9 +703,18 @@ nocallchain: > testl %ebx,%ebx /* %ebx == 0 => return to userland */ > jnz doreti_exit > /* > + * Restore speculation control MSR, if preserved. > + */ > + testl $CPUID_STDEXT3_IBPB,cpu_stdext_feature3(%rip) > + je 1f > + movl %r14d,%eax > + xorl %edx,%edx > + movl $MSR_IA32_SPEC_CTRL,%ecx > + wrmsr > + /* > * Put back the preserved MSR_GSBASE value. > */ > - movl $MSR_GSBASE,%ecx > +1: movl $MSR_GSBASE,%ecx > movq %r12,%rdx > movl %edx,%eax > shrq $32,%rdx > @@ -743,8 +772,8 @@ IDTVEC(mchk) > testb $SEL_RPL_MASK,TF_CS(%rsp) > jnz mchk_fromuserspace > /* > - * We've interrupted the kernel. Preserve GS.base in %r12 > - * and %cr3 in %r13. > + * We've interrupted the kernel. Preserve GS.base in %r12, > + * %cr3 in %r13, and possibly lower half of MSR_IA32_SPEC_CTL in %r14d. > */ > movl $MSR_GSBASE,%ecx > rdmsr > @@ -759,8 +788,14 @@ IDTVEC(mchk) > movq %cr3,%r13 > movq PCPU(KCR3),%rax > cmpq $~0,%rax > - je mchk_calltrap > + je 1f > movq %rax,%cr3 > +1: testl $CPUID_STDEXT3_IBPB,cpu_stdext_feature3(%rip) > + je mchk_calltrap > + movl $MSR_IA32_SPEC_CTRL,%ecx > + rdmsr > + movl %eax,%r14d > + call handle_ibrs_entry > jmp mchk_calltrap > mchk_fromuserspace: > incl %ebx > @@ -770,7 +805,7 @@ mchk_fromuserspace: > cmpq $~0,%rax > je 1f > movq %rax,%cr3 > -1: > +1: call handle_ibrs_entry > /* Note: this label is also used by ddb and gdb: */ > mchk_calltrap: > FAKE_MCOUNT(TF_RIP(%rsp)) > @@ -780,9 +815,18 @@ mchk_calltrap: > testl %ebx,%ebx /* %ebx == 0 => return to userland */ > jnz doreti_exit > /* > + * Restore speculation control MSR, if preserved. > + */ > + testl $CPUID_STDEXT3_IBPB,cpu_stdext_feature3(%rip) > + je 1f > + movl %r14d,%eax > + xorl %edx,%edx > + movl $MSR_IA32_SPEC_CTRL,%ecx > + wrmsr > + /* > * Put back the preserved MSR_GSBASE value. > */ > - movl $MSR_GSBASE,%ecx > +1: movl $MSR_GSBASE,%ecx > movq %r12,%rdx > movl %edx,%eax > shrq $32,%rdx > @@ -960,6 +1004,7 @@ ld_regs: > testb $SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */ > jz 2f /* keep running with kernel GS.base */ > cli > + call handle_ibrs_exit_rs > cmpb $0,pti > je 1f > pushq %rdx > @@ -1011,6 +1056,10 @@ set_segs: > .globl doreti_iret_fault > doreti_iret_fault: > subq $TF_RIP,%rsp /* space including tf_err, tf_trapno */ > + movq %rax,TF_RAX(%rsp) > + movq %rdx,TF_RDX(%rsp) > + movq %rcx,TF_RCX(%rsp) > + call handle_ibrs_entry > testb $SEL_RPL_MASK,TF_CS(%rsp) > jz 1f > sti > @@ -1019,11 +1068,8 @@ doreti_iret_fault: > movl $TF_HASSEGS,TF_FLAGS(%rsp) > movq %rdi,TF_RDI(%rsp) > movq %rsi,TF_RSI(%rsp) > - movq %rdx,TF_RDX(%rsp) > - movq %rcx,TF_RCX(%rsp) > movq %r8,TF_R8(%rsp) > movq %r9,TF_R9(%rsp) > - movq %rax,TF_RAX(%rsp) > movq %rbx,TF_RBX(%rsp) > movq %rbp,TF_RBP(%rsp) > movq %r10,TF_R10(%rsp) > > Modified: head/sys/amd64/amd64/genassym.c > ============================================================================== > --- head/sys/amd64/amd64/genassym.c Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/amd64/genassym.c Wed Jan 31 14:36:27 2018 (r328625) > @@ -228,6 +228,7 @@ ASSYM(PC_UCR3, offsetof(struct pcpu, pc_ucr3)); > ASSYM(PC_SAVED_UCR3, offsetof(struct pcpu, pc_saved_ucr3)); > ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_stack)); > ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ); > +ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set)); > > ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL); > ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL); > > Modified: head/sys/amd64/amd64/initcpu.c > ============================================================================== > --- head/sys/amd64/amd64/initcpu.c Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/amd64/initcpu.c Wed Jan 31 14:36:27 2018 (r328625) > @@ -223,6 +223,7 @@ initializecpu(void) > wrmsr(MSR_EFER, msr); > pg_nx = PG_NX; > } > + hw_ibrs_recalculate(); > switch (cpu_vendor_id) { > case CPU_VENDOR_AMD: > init_amd(); > > Modified: head/sys/amd64/amd64/machdep.c > ============================================================================== > --- head/sys/amd64/amd64/machdep.c Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/amd64/machdep.c Wed Jan 31 14:36:27 2018 (r328625) > @@ -1826,6 +1826,8 @@ hammer_time(u_int64_t modulep, u_int64_t physfree) > #endif > thread0.td_critnest = 0; > > + TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable); > + > TSEXIT(); > > /* Location of kernel stack for locore */ > > Modified: head/sys/amd64/amd64/support.S > ============================================================================== > --- head/sys/amd64/amd64/support.S Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/amd64/support.S Wed Jan 31 14:36:27 2018 (r328625) > @@ -33,6 +33,7 @@ > #include "opt_ddb.h" > > #include <machine/asmacros.h> > +#include <machine/specialreg.h> > #include <machine/pmap.h> > > #include "assym.s" > @@ -850,3 +851,67 @@ ENTRY(pmap_pti_pcid_invlrng) > movq %rsi,%cr3 /* back to kernel */ > popfq > retq > + > + .altmacro > + .macro ibrs_seq_label l > +handle_ibrs_\l: > + .endm > + .macro ibrs_call_label l > + call handle_ibrs_\l > + .endm > + .macro ibrs_seq count > + ll=1 > + .rept \count > + ibrs_call_label %(ll) > + nop > + ibrs_seq_label %(ll) > + addq $8,%rsp > + ll=ll+1 > + .endr > + .endm > + > +/* all callers already saved %rax, %rdx, and %rcx */ > +ENTRY(handle_ibrs_entry) > + cmpb $0,hw_ibrs_active(%rip) > + je 1f > + movl $MSR_IA32_SPEC_CTRL,%ecx > + movl $IA32_SPEC_CTRL_IBRS,%eax > + movl $IA32_SPEC_CTRL_IBRS>>32,%edx > + wrmsr > + movb $1,PCPU(IBPB_SET) > + testl $CPUID_STDEXT_SMEP,cpu_stdext_feature(%rip) > + jne 1f > + ibrs_seq 32 > +1: ret > +END(handle_ibrs_entry) > + > +ENTRY(handle_ibrs_exit) > + cmpb $0,PCPU(IBPB_SET) > + je 1f > + movl $MSR_IA32_SPEC_CTRL,%ecx > + xorl %eax,%eax > + xorl %edx,%edx > + wrmsr > + movb $0,PCPU(IBPB_SET) > +1: ret > +END(handle_ibrs_exit) > + > +/* registers-neutral version, but needs stack */ > +ENTRY(handle_ibrs_exit_rs) > + cmpb $0,PCPU(IBPB_SET) > + je 1f > + pushq %rax > + pushq %rdx > + pushq %rcx > + movl $MSR_IA32_SPEC_CTRL,%ecx > + xorl %eax,%eax > + xorl %edx,%edx > + wrmsr > + popq %rcx > + popq %rdx > + popq %rax > + movb $0,PCPU(IBPB_SET) > +1: ret > +END(handle_ibrs_exit_rs) > + > + .noaltmacro > > Modified: head/sys/amd64/ia32/ia32_exception.S > ============================================================================== > --- head/sys/amd64/ia32/ia32_exception.S Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/ia32/ia32_exception.S Wed Jan 31 14:36:27 2018 (r328625) > @@ -53,13 +53,14 @@ int0x80_syscall_common: > movq PCPU(CURPCB),%rdi > andl $~PCB_FULL_IRET,PCB_FLAGS(%rdi) > SAVE_SEGS > - sti > - movq %rsi,TF_RSI(%rsp) > + movq %rax,TF_RAX(%rsp) > movq %rdx,TF_RDX(%rsp) > movq %rcx,TF_RCX(%rsp) > + call handle_ibrs_entry > + sti > + movq %rsi,TF_RSI(%rsp) > movq %r8,TF_R8(%rsp) > movq %r9,TF_R9(%rsp) > - movq %rax,TF_RAX(%rsp) > movq %rbx,TF_RBX(%rsp) > movq %rbp,TF_RBP(%rsp) > movq %r10,TF_R10(%rsp) > > Modified: head/sys/amd64/include/md_var.h > ============================================================================== > --- head/sys/amd64/include/md_var.h Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/include/md_var.h Wed Jan 31 14:36:27 2018 (r328625) > @@ -38,6 +38,7 @@ > > extern uint64_t *vm_page_dump; > extern int hw_lower_amd64_sharedpage; > +extern int hw_ibrs_disable; > > /* > * The file "conf/ldscript.amd64" defines the symbol "kernphys". Its > > Modified: head/sys/amd64/include/pcpu.h > ============================================================================== > --- head/sys/amd64/include/pcpu.h Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/amd64/include/pcpu.h Wed Jan 31 14:36:27 2018 (r328625) > @@ -74,7 +74,8 @@ > uint32_t pc_pcid_next; \ > uint32_t pc_pcid_gen; \ > uint32_t pc_smp_tlb_done; /* TLB op acknowledgement */ \ > - char __pad[224] /* be divisor of PAGE_SIZE \ > + uint32_t pc_ibpb_set; \ > + char __pad[216] /* be divisor of PAGE_SIZE \ > after cache alignment */ > > #define PC_DBREG_CMD_NONE 0 > > Modified: head/sys/dev/cpuctl/cpuctl.c > ============================================================================== > --- head/sys/dev/cpuctl/cpuctl.c Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/dev/cpuctl/cpuctl.c Wed Jan 31 14:36:27 2018 (r328625) > @@ -527,6 +527,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread *td > set_cpu(cpu, td); > identify_cpu1(); > identify_cpu2(); > + hw_ibrs_recalculate(); > restore_cpu(oldcpu, is_bound, td); > printcpuinfo(); > return (0); > > Modified: head/sys/i386/i386/support.s > ============================================================================== > --- head/sys/i386/i386/support.s Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/i386/i386/support.s Wed Jan 31 14:36:27 2018 (r328625) > @@ -827,3 +827,11 @@ msr_onfault: > movl $0,PCB_ONFAULT(%ecx) > movl $EFAULT,%eax > ret > + > +ENTRY(handle_ibrs_entry) > + ret > +END(handle_ibrs_entry) > + > +ENTRY(handle_ibrs_exit) > + ret > +END(handle_ibrs_exit) > > Modified: head/sys/x86/include/specialreg.h > ============================================================================== > --- head/sys/x86/include/specialreg.h Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/x86/include/specialreg.h Wed Jan 31 14:36:27 2018 (r328625) > @@ -697,6 +697,10 @@ > #define IA32_MISC_EN_xTPRD 0x0000000000800000ULL > #define IA32_MISC_EN_XDD 0x0000000400000000ULL > > +/* > + * IA32_SPEC_CTRL and IA32_PRED_CMD MSRs are described in the Intel' > + * document 336996-001 Speculative Execution Side Channel Mitigations. > + */ > /* MSR IA32_SPEC_CTRL */ > #define IA32_SPEC_CTRL_IBRS 0x0000000000000001ULL > #define IA32_SPEC_CTRL_STIBP 0x0000000000000002ULL > > Modified: head/sys/x86/include/x86_var.h > ============================================================================== > --- head/sys/x86/include/x86_var.h Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/x86/include/x86_var.h Wed Jan 31 14:36:27 2018 (r328625) > @@ -131,6 +131,9 @@ bool fix_cpuid(void); > void fillw(int /*u_short*/ pat, void *base, size_t cnt); > int is_physical_memory(vm_paddr_t addr); > int isa_nmi(int cd); > +void handle_ibrs_entry(void); > +void handle_ibrs_exit(void); > +void hw_ibrs_recalculate(void); > void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame); > void nmi_call_kdb_smp(u_int type, struct trapframe *frame); > void nmi_handle_intr(u_int type, struct trapframe *frame); > > Modified: head/sys/x86/x86/cpu_machdep.c > ============================================================================== > --- head/sys/x86/x86/cpu_machdep.c Wed Jan 31 14:25:42 2018 (r328624) > +++ head/sys/x86/x86/cpu_machdep.c Wed Jan 31 14:36:27 2018 (r328625) > @@ -142,6 +142,12 @@ acpi_cpu_idle_mwait(uint32_t mwait_hint) > int *state; > > /* > + * A comment in Linux patch claims that 'CPUs run faster with > + * speculation protection disabled. All CPU threads in a core > + * must disable speculation protection for it to be > + * disabled. Disable it while we are idle so the other > + * hyperthread can run fast.' > + * > * XXXKIB. Software coordination mode should be supported, > * but all Intel CPUs provide hardware coordination. > */ > @@ -150,9 +156,11 @@ acpi_cpu_idle_mwait(uint32_t mwait_hint) > KASSERT(*state == STATE_SLEEPING, > ("cpu_mwait_cx: wrong monitorbuf state")); > *state = STATE_MWAIT; > + handle_ibrs_entry(); > cpu_monitor(state, 0, 0); > if (*state == STATE_MWAIT) > cpu_mwait(MWAIT_INTRBREAK, mwait_hint); > + handle_ibrs_exit(); > > /* > * We should exit on any event that interrupts mwait, because > @@ -569,3 +577,47 @@ nmi_handle_intr(u_int type, struct trapframe *frame) > nmi_call_kdb(PCPU_GET(cpuid), type, frame); > #endif > } > + > +int hw_ibrs_active; > +int hw_ibrs_disable = 1; > + > +SYSCTL_INT(_hw, OID_AUTO, ibrs_active, CTLFLAG_RD, &hw_ibrs_active, 0, > + "IBRS active"); > + > +void > +hw_ibrs_recalculate(void) > +{ > + uint64_t v; > + > + if ((cpu_ia32_arch_caps & IA32_ARCH_CAP_IBRS_ALL) != 0) { > + if (hw_ibrs_disable) { > + v= rdmsr(MSR_IA32_SPEC_CTRL); > + v &= ~IA32_SPEC_CTRL_IBRS; > + wrmsr(MSR_IA32_SPEC_CTRL, v); > + } else { > + v= rdmsr(MSR_IA32_SPEC_CTRL); > + v |= IA32_SPEC_CTRL_IBRS; > + wrmsr(MSR_IA32_SPEC_CTRL, v); > + } > + return; > + } > + hw_ibrs_active = (cpu_stdext_feature3 & CPUID_STDEXT3_IBPB) != 0 && > + !hw_ibrs_disable; > +} > + > +static int > +hw_ibrs_disable_handler(SYSCTL_HANDLER_ARGS) > +{ > + int error, val; > + > + val = hw_ibrs_disable; > + error = sysctl_handle_int(oidp, &val, 0, req); > + if (error != 0 || req->newptr == NULL) > + return (error); > + hw_ibrs_disable = val != 0; > + hw_ibrs_recalculate(); > + return (0); > +} > +SYSCTL_PROC(_hw, OID_AUTO, ibrs_disable, CTLTYPE_INT | CTLFLAG_RWTUN | > + CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, hw_ibrs_disable_handler, "I", > + "Disable IBRS"); > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180131150204.GQ97752>