Author: kib
Date: Fri Jun 19 11:47:40 2020
New Revision: 362376
URL: https://svnweb.freebsd.org/changeset/base/362376
Log:
MFC r362130:
Control for Special Register Buffer Data Sampling mitigation.
Modified:
stable/12/sys/amd64/amd64/initcpu.c
stable/12/sys/amd64/amd64/machdep.c
stable/12/sys/dev/cpuctl/cpuctl.c
stable/12/sys/x86/include/x86_var.h
stable/12/sys/x86/x86/cpu_machdep.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/amd64/amd64/initcpu.c
==============================================================================
--- stable/12/sys/amd64/amd64/initcpu.c Fri Jun 19 11:45:12 2020
(r362375)
+++ stable/12/sys/amd64/amd64/initcpu.c Fri Jun 19 11:47:40 2020
(r362376)
@@ -270,6 +270,7 @@ initializecpu(void)
hw_ibrs_recalculate(false);
hw_ssb_recalculate(false);
amd64_syscall_ret_flush_l1d_recalc();
+ x86_rngds_mitg_recalculate(false);
switch (cpu_vendor_id) {
case CPU_VENDOR_AMD:
case CPU_VENDOR_HYGON:
Modified: stable/12/sys/amd64/amd64/machdep.c
==============================================================================
--- stable/12/sys/amd64/amd64/machdep.c Fri Jun 19 11:45:12 2020
(r362375)
+++ stable/12/sys/amd64/amd64/machdep.c Fri Jun 19 11:47:40 2020
(r362376)
@@ -1794,6 +1794,9 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable);
+ TUNABLE_INT_FETCH("machdep.mitigations.rndgs.enable",
+ &x86_rngds_mitg_enable);
+
finishidentcpu(); /* Final stage of CPU initialization */
initializecpu(); /* Initialize CPU registers */
Modified: stable/12/sys/dev/cpuctl/cpuctl.c
==============================================================================
--- stable/12/sys/dev/cpuctl/cpuctl.c Fri Jun 19 11:45:12 2020
(r362375)
+++ stable/12/sys/dev/cpuctl/cpuctl.c Fri Jun 19 11:47:40 2020
(r362376)
@@ -547,6 +547,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread *td
#endif
hw_mds_recalculate();
x86_taa_recalculate();
+ x86_rngds_mitg_recalculate(true);
printcpuinfo();
return (0);
}
Modified: stable/12/sys/x86/include/x86_var.h
==============================================================================
--- stable/12/sys/x86/include/x86_var.h Fri Jun 19 11:45:12 2020
(r362375)
+++ stable/12/sys/x86/include/x86_var.h Fri Jun 19 11:47:40 2020
(r362376)
@@ -89,6 +89,7 @@ extern int hw_mds_disable;
extern int hw_ssb_active;
extern int x86_taa_enable;
extern int cpu_flush_rsb_ctxsw;
+extern int x86_rngds_mitg_enable;
struct pcb;
struct thread;
@@ -146,6 +147,7 @@ void hw_ibrs_recalculate(bool all_cpus);
void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
void x86_taa_recalculate(void);
+void x86_rngds_mitg_recalculate(bool all_cpus);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
void nmi_handle_intr(u_int type, struct trapframe *frame);
Modified: stable/12/sys/x86/x86/cpu_machdep.c
==============================================================================
--- stable/12/sys/x86/x86/cpu_machdep.c Fri Jun 19 11:45:12 2020
(r362375)
+++ stable/12/sys/x86/x86/cpu_machdep.c Fri Jun 19 11:47:40 2020
(r362376)
@@ -1337,6 +1337,60 @@ SYSCTL_INT(_machdep_mitigations, OID_AUTO, flush_rsb_c
CTLFLAG_RW | CTLFLAG_NOFETCH, &cpu_flush_rsb_ctxsw, 0,
"Flush Return Stack Buffer on context switch");
+SYSCTL_NODE(_machdep_mitigations, OID_AUTO, rngds,
+ CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
+ "MCU Optimization, disable RDSEED mitigation");
+
+int x86_rngds_mitg_enable = 1;
+void
+x86_rngds_mitg_recalculate(bool all_cpus)
+{
+ if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0)
+ return;
+ x86_msr_op(MSR_IA32_MCU_OPT_CTRL,
+ (x86_rngds_mitg_enable ? MSR_OP_OR : MSR_OP_ANDNOT) |
+ (all_cpus ? MSR_OP_RENDEZVOUS : MSR_OP_LOCAL),
+ IA32_RNGDS_MITG_DIS);
+}
+
+static int
+sysctl_rngds_mitg_enable_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = x86_rngds_mitg_enable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ x86_rngds_mitg_enable = val;
+ x86_rngds_mitg_recalculate(true);
+ return (0);
+}
+SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, enable, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_rngds_mitg_enable_handler, "I",
+ "MCU Optimization, disabling RDSEED mitigation control "
+ "(0 - mitigation disabled (RDSEED optimized), 1 - mitigation enabled");
+
+static int
+sysctl_rngds_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0) {
+ state = "Not applicable";
+ } else if (x86_rngds_mitg_enable == 0) {
+ state = "RDSEED not serialized";
+ } else {
+ state = "Mitigated";
+ }
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_rngds_state_handler, "A",
+ "MCU Optimization state");
+
/*
* Enable and restore kernel text write permissions.
* Callers must ensure that disable_wp()/restore_wp() are executed
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
