| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: spectre.c,v 1.19 2018/05/28 20:18:58 maxv Exp $ */ | | 1 | /* $NetBSD: spectre.c,v 1.20 2018/12/22 08:59:44 maxv Exp $ */ |
| 2 | | | 2 | |
| 3 | /* | | 3 | /* |
| 4 | * Copyright (c) 2018 NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2018 NetBSD Foundation, Inc. |
| 5 | * All rights reserved. | | 5 | * All rights reserved. |
| 6 | * | | 6 | * |
| 7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
| 8 | * by Maxime Villard. | | 8 | * by Maxime Villard. |
| 9 | * | | 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: | | 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -24,27 +24,27 @@ | | | @@ -24,27 +24,27 @@ |
| 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | | 24 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | | 25 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | | 26 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | | 27 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 29 | * POSSIBILITY OF SUCH DAMAGE. | | 29 | * POSSIBILITY OF SUCH DAMAGE. |
| 30 | */ | | 30 | */ |
| 31 | | | 31 | |
| 32 | /* | | 32 | /* |
| 33 | * Mitigations for the SpectreV2 and SpectreV4 CPU flaws. | | 33 | * Mitigations for the SpectreV2 and SpectreV4 CPU flaws. |
| 34 | */ | | 34 | */ |
| 35 | | | 35 | |
| 36 | #include <sys/cdefs.h> | | 36 | #include <sys/cdefs.h> |
| 37 | __KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.19 2018/05/28 20:18:58 maxv Exp $"); | | 37 | __KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.20 2018/12/22 08:59:44 maxv Exp $"); |
| 38 | | | 38 | |
| 39 | #include "opt_spectre.h" | | 39 | #include "opt_spectre.h" |
| 40 | | | 40 | |
| 41 | #include <sys/param.h> | | 41 | #include <sys/param.h> |
| 42 | #include <sys/systm.h> | | 42 | #include <sys/systm.h> |
| 43 | #include <sys/cpu.h> | | 43 | #include <sys/cpu.h> |
| 44 | #include <sys/sysctl.h> | | 44 | #include <sys/sysctl.h> |
| 45 | #include <sys/xcall.h> | | 45 | #include <sys/xcall.h> |
| 46 | | | 46 | |
| 47 | #include <machine/cpufunc.h> | | 47 | #include <machine/cpufunc.h> |
| 48 | #include <machine/cpuvar.h> | | 48 | #include <machine/cpuvar.h> |
| 49 | #include <machine/specialreg.h> | | 49 | #include <machine/specialreg.h> |
| 50 | #include <machine/frameasm.h> | | 50 | #include <machine/frameasm.h> |
| @@ -473,27 +473,28 @@ mitigation_v4_apply_cpu(bool enabled) | | | @@ -473,27 +473,28 @@ mitigation_v4_apply_cpu(bool enabled) |
| 473 | msr &= ~msrbit; | | 473 | msr &= ~msrbit; |
| 474 | } | | 474 | } |
| 475 | wrmsr(msrval, msr); | | 475 | wrmsr(msrval, msr); |
| 476 | } | | 476 | } |
| 477 | | | 477 | |
| 478 | static void | | 478 | static void |
| 479 | mitigation_v4_change_cpu(void *arg1, void *arg2) | | 479 | mitigation_v4_change_cpu(void *arg1, void *arg2) |
| 480 | { | | 480 | { |
| 481 | bool enabled = (bool)arg1; | | 481 | bool enabled = (bool)arg1; |
| 482 | | | 482 | |
| 483 | mitigation_v4_apply_cpu(enabled); | | 483 | mitigation_v4_apply_cpu(enabled); |
| 484 | } | | 484 | } |
| 485 | | | 485 | |
| 486 | static int mitigation_v4_change(bool enabled) | | 486 | static int |
| | | 487 | mitigation_v4_change(bool enabled) |
| 487 | { | | 488 | { |
| 488 | struct cpu_info *ci = NULL; | | 489 | struct cpu_info *ci = NULL; |
| 489 | CPU_INFO_ITERATOR cii; | | 490 | CPU_INFO_ITERATOR cii; |
| 490 | uint64_t xc; | | 491 | uint64_t xc; |
| 491 | | | 492 | |
| 492 | v4_detect_method(); | | 493 | v4_detect_method(); |
| 493 | | | 494 | |
| 494 | mutex_enter(&cpu_lock); | | 495 | mutex_enter(&cpu_lock); |
| 495 | | | 496 | |
| 496 | /* | | 497 | /* |
| 497 | * We expect all the CPUs to be online. | | 498 | * We expect all the CPUs to be online. |
| 498 | */ | | 499 | */ |
| 499 | for (CPU_INFO_FOREACH(cii, ci)) { | | 500 | for (CPU_INFO_FOREACH(cii, ci)) { |
| @@ -599,37 +600,50 @@ cpu_speculation_init(struct cpu_info *ci | | | @@ -599,37 +600,50 @@ cpu_speculation_init(struct cpu_info *ci |
| 599 | v2_mitigation_enabled = | | 600 | v2_mitigation_enabled = |
| 600 | (v2_mitigation_method != V2_MITIGATION_NONE); | | 601 | (v2_mitigation_method != V2_MITIGATION_NONE); |
| 601 | v2_set_name(); | | 602 | v2_set_name(); |
| 602 | } | | 603 | } |
| 603 | if (v2_mitigation_method != V2_MITIGATION_NONE) { | | 604 | if (v2_mitigation_method != V2_MITIGATION_NONE) { |
| 604 | mitigation_v2_apply_cpu(ci, true); | | 605 | mitigation_v2_apply_cpu(ci, true); |
| 605 | } | | 606 | } |
| 606 | | | 607 | |
| 607 | /* | | 608 | /* |
| 608 | * Spectre V4. | | 609 | * Spectre V4. |
| 609 | * | | 610 | * |
| 610 | * cpu0 is the one that detects the method and sets the global | | 611 | * cpu0 is the one that detects the method and sets the global |
| 611 | * variable. | | 612 | * variable. |
| | | 613 | * |
| | | 614 | * Disabled by default, as recommended by AMD, but can be enabled |
| | | 615 | * dynamically. We only detect if the CPU is not vulnerable, to |
| | | 616 | * mark it as 'mitigated' in the sysctl. |
| 612 | */ | | 617 | */ |
| 613 | #if 0 | | 618 | #if 0 |
| 614 | if (ci == &cpu_info_primary) { | | 619 | if (ci == &cpu_info_primary) { |
| 615 | v4_detect_method(); | | 620 | v4_detect_method(); |
| 616 | v4_mitigation_enabled = | | 621 | v4_mitigation_enabled = |
| 617 | (v4_mitigation_method != V4_MITIGATION_NONE); | | 622 | (v4_mitigation_method != V4_MITIGATION_NONE); |
| 618 | v4_set_name(); | | 623 | v4_set_name(); |
| 619 | } | | 624 | } |
| 620 | if (v4_mitigation_method != V4_MITIGATION_NONE) { | | 625 | if (v4_mitigation_method != V4_MITIGATION_NONE && |
| | | 626 | v4_mitigation_method != V4_MITIGATION_INTEL_SSB_NO) { |
| 621 | mitigation_v4_apply_cpu(ci, true); | | 627 | mitigation_v4_apply_cpu(ci, true); |
| 622 | } | | 628 | } |
| | | 629 | #else |
| | | 630 | if (ci == &cpu_info_primary) { |
| | | 631 | v4_detect_method(); |
| | | 632 | if (v4_mitigation_method == V4_MITIGATION_INTEL_SSB_NO) { |
| | | 633 | v4_mitigation_enabled = true; |
| | | 634 | v4_set_name(); |
| | | 635 | } |
| | | 636 | } |
| 623 | #endif | | 637 | #endif |
| 624 | } | | 638 | } |
| 625 | | | 639 | |
| 626 | void sysctl_speculation_init(struct sysctllog **); | | 640 | void sysctl_speculation_init(struct sysctllog **); |
| 627 | | | 641 | |
| 628 | void | | 642 | void |
| 629 | sysctl_speculation_init(struct sysctllog **clog) | | 643 | sysctl_speculation_init(struct sysctllog **clog) |
| 630 | { | | 644 | { |
| 631 | const struct sysctlnode *spec_rnode; | | 645 | const struct sysctlnode *spec_rnode; |
| 632 | | | 646 | |
| 633 | /* SpectreV1 */ | | 647 | /* SpectreV1 */ |
| 634 | spec_rnode = NULL; | | 648 | spec_rnode = NULL; |
| 635 | sysctl_createv(clog, 0, NULL, &spec_rnode, | | 649 | sysctl_createv(clog, 0, NULL, &spec_rnode, |