| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: spectre.c,v 1.19 2018/05/28 20:18:58 maxv Exp $ */ | | 1 | /* $NetBSD: spectre.c,v 1.20 2018/12/22 08:59:44 maxv Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (c) 2018 NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2018 NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Maxime Villard. | | 8 | * by Maxime Villard. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -24,27 +24,27 @@ | | | @@ -24,27 +24,27 @@ |
24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
29 | * POSSIBILITY OF SUCH DAMAGE. | | 29 | * POSSIBILITY OF SUCH DAMAGE. |
30 | */ | | 30 | */ |
31 | | | 31 | |
32 | /* | | 32 | /* |
33 | * Mitigations for the SpectreV2 and SpectreV4 CPU flaws. | | 33 | * Mitigations for the SpectreV2 and SpectreV4 CPU flaws. |
34 | */ | | 34 | */ |
35 | | | 35 | |
36 | #include <sys/cdefs.h> | | 36 | #include <sys/cdefs.h> |
37 | __KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.19 2018/05/28 20:18:58 maxv Exp $"); | | 37 | __KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.20 2018/12/22 08:59:44 maxv Exp $"); |
38 | | | 38 | |
39 | #include "opt_spectre.h" | | 39 | #include "opt_spectre.h" |
40 | | | 40 | |
41 | #include <sys/param.h> | | 41 | #include <sys/param.h> |
42 | #include <sys/systm.h> | | 42 | #include <sys/systm.h> |
43 | #include <sys/cpu.h> | | 43 | #include <sys/cpu.h> |
44 | #include <sys/sysctl.h> | | 44 | #include <sys/sysctl.h> |
45 | #include <sys/xcall.h> | | 45 | #include <sys/xcall.h> |
46 | | | 46 | |
47 | #include <machine/cpufunc.h> | | 47 | #include <machine/cpufunc.h> |
48 | #include <machine/cpuvar.h> | | 48 | #include <machine/cpuvar.h> |
49 | #include <machine/specialreg.h> | | 49 | #include <machine/specialreg.h> |
50 | #include <machine/frameasm.h> | | 50 | #include <machine/frameasm.h> |
| @@ -473,27 +473,28 @@ mitigation_v4_apply_cpu(bool enabled) | | | @@ -473,27 +473,28 @@ mitigation_v4_apply_cpu(bool enabled) |
473 | msr &= ~msrbit; | | 473 | msr &= ~msrbit; |
474 | } | | 474 | } |
475 | wrmsr(msrval, msr); | | 475 | wrmsr(msrval, msr); |
476 | } | | 476 | } |
477 | | | 477 | |
478 | static void | | 478 | static void |
479 | mitigation_v4_change_cpu(void *arg1, void *arg2) | | 479 | mitigation_v4_change_cpu(void *arg1, void *arg2) |
480 | { | | 480 | { |
481 | bool enabled = (bool)arg1; | | 481 | bool enabled = (bool)arg1; |
482 | | | 482 | |
483 | mitigation_v4_apply_cpu(enabled); | | 483 | mitigation_v4_apply_cpu(enabled); |
484 | } | | 484 | } |
485 | | | 485 | |
486 | static int mitigation_v4_change(bool enabled) | | 486 | static int |
| | | 487 | mitigation_v4_change(bool enabled) |
487 | { | | 488 | { |
488 | struct cpu_info *ci = NULL; | | 489 | struct cpu_info *ci = NULL; |
489 | CPU_INFO_ITERATOR cii; | | 490 | CPU_INFO_ITERATOR cii; |
490 | uint64_t xc; | | 491 | uint64_t xc; |
491 | | | 492 | |
492 | v4_detect_method(); | | 493 | v4_detect_method(); |
493 | | | 494 | |
494 | mutex_enter(&cpu_lock); | | 495 | mutex_enter(&cpu_lock); |
495 | | | 496 | |
496 | /* | | 497 | /* |
497 | * We expect all the CPUs to be online. | | 498 | * We expect all the CPUs to be online. |
498 | */ | | 499 | */ |
499 | for (CPU_INFO_FOREACH(cii, ci)) { | | 500 | for (CPU_INFO_FOREACH(cii, ci)) { |
| @@ -599,37 +600,50 @@ cpu_speculation_init(struct cpu_info *ci | | | @@ -599,37 +600,50 @@ cpu_speculation_init(struct cpu_info *ci |
599 | v2_mitigation_enabled = | | 600 | v2_mitigation_enabled = |
600 | (v2_mitigation_method != V2_MITIGATION_NONE); | | 601 | (v2_mitigation_method != V2_MITIGATION_NONE); |
601 | v2_set_name(); | | 602 | v2_set_name(); |
602 | } | | 603 | } |
603 | if (v2_mitigation_method != V2_MITIGATION_NONE) { | | 604 | if (v2_mitigation_method != V2_MITIGATION_NONE) { |
604 | mitigation_v2_apply_cpu(ci, true); | | 605 | mitigation_v2_apply_cpu(ci, true); |
605 | } | | 606 | } |
606 | | | 607 | |
607 | /* | | 608 | /* |
608 | * Spectre V4. | | 609 | * Spectre V4. |
609 | * | | 610 | * |
610 | * cpu0 is the one that detects the method and sets the global | | 611 | * cpu0 is the one that detects the method and sets the global |
611 | * variable. | | 612 | * variable. |
| | | 613 | * |
| | | 614 | * Disabled by default, as recommended by AMD, but can be enabled |
| | | 615 | * dynamically. We only detect if the CPU is not vulnerable, to |
| | | 616 | * mark it as 'mitigated' in the sysctl. |
612 | */ | | 617 | */ |
613 | #if 0 | | 618 | #if 0 |
614 | if (ci == &cpu_info_primary) { | | 619 | if (ci == &cpu_info_primary) { |
615 | v4_detect_method(); | | 620 | v4_detect_method(); |
616 | v4_mitigation_enabled = | | 621 | v4_mitigation_enabled = |
617 | (v4_mitigation_method != V4_MITIGATION_NONE); | | 622 | (v4_mitigation_method != V4_MITIGATION_NONE); |
618 | v4_set_name(); | | 623 | v4_set_name(); |
619 | } | | 624 | } |
620 | if (v4_mitigation_method != V4_MITIGATION_NONE) { | | 625 | if (v4_mitigation_method != V4_MITIGATION_NONE && |
| | | 626 | v4_mitigation_method != V4_MITIGATION_INTEL_SSB_NO) { |
621 | mitigation_v4_apply_cpu(ci, true); | | 627 | mitigation_v4_apply_cpu(ci, true); |
622 | } | | 628 | } |
| | | 629 | #else |
| | | 630 | if (ci == &cpu_info_primary) { |
| | | 631 | v4_detect_method(); |
| | | 632 | if (v4_mitigation_method == V4_MITIGATION_INTEL_SSB_NO) { |
| | | 633 | v4_mitigation_enabled = true; |
| | | 634 | v4_set_name(); |
| | | 635 | } |
| | | 636 | } |
623 | #endif | | 637 | #endif |
624 | } | | 638 | } |
625 | | | 639 | |
626 | void sysctl_speculation_init(struct sysctllog **); | | 640 | void sysctl_speculation_init(struct sysctllog **); |
627 | | | 641 | |
628 | void | | 642 | void |
629 | sysctl_speculation_init(struct sysctllog **clog) | | 643 | sysctl_speculation_init(struct sysctllog **clog) |
630 | { | | 644 | { |
631 | const struct sysctlnode *spec_rnode; | | 645 | const struct sysctlnode *spec_rnode; |
632 | | | 646 | |
633 | /* SpectreV1 */ | | 647 | /* SpectreV1 */ |
634 | spec_rnode = NULL; | | 648 | spec_rnode = NULL; |
635 | sysctl_createv(clog, 0, NULL, &spec_rnode, | | 649 | sysctl_createv(clog, 0, NULL, &spec_rnode, |