Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/arch Mitigation for INTEL-SA-00233: Microarchitectural D...



details:   https://anonhg.NetBSD.org/src/rev/b3593270d6d9
branches:  trunk
changeset: 456554:b3593270d6d9
user:      maxv <maxv%NetBSD.org@localhost>
date:      Tue May 14 16:59:25 2019 +0000

description:
Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).

It requires a microcode update, now available on the Intel website. The
microcode modifies the behavior of the VERW instruction, and makes it flush
internal CPU buffers. We hotpatch the return-to-userland path to add VERW.

Two sysctls are added:

        machdep.mds.mitigated = {0/1} user-settable
        machdep.mds.method = {string} constructed by the kernel

The kernel will automatically enable the mitigation if the updated
microcode is present. If the new microcode is not present, the user can
load it via cpuctl, and set machdep.mds.mitigated=1.

diffstat:

 sys/arch/amd64/amd64/amd64_trap.S |    4 +-
 sys/arch/amd64/amd64/locore.S     |   19 ++-
 sys/arch/amd64/include/frameasm.h |   15 ++-
 sys/arch/x86/include/specialreg.h |    4 +-
 sys/arch/x86/x86/spectre.c        |  263 +++++++++++++++++++++++++++++++++++++-
 5 files changed, 299 insertions(+), 6 deletions(-)

diffs (truncated from 426 to 300 lines):

diff -r 0a508a6bf141 -r b3593270d6d9 sys/arch/amd64/amd64/amd64_trap.S
--- a/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: amd64_trap.S,v 1.46 2019/02/11 14:59:32 cherry Exp $   */
+/*     $NetBSD: amd64_trap.S,v 1.47 2019/05/14 16:59:25 maxv Exp $     */
 
 /*
  * Copyright (c) 1998, 2007, 2008, 2017 The NetBSD Foundation, Inc.
@@ -281,6 +281,7 @@
        call    _C_LABEL(nmitrap)
 
 .Lnmileave:
+       MDS_LEAVE
        SVS_LEAVE_NMI
        IBRS_LEAVE
        INTR_RESTORE_GPRS
@@ -369,6 +370,7 @@
        incq    CPUVAR(NTRAP)
        call    _C_LABEL(doubletrap)
 
+       MDS_LEAVE
        SVS_LEAVE_ALTSTACK
        IBRS_LEAVE
        INTR_RESTORE_GPRS
diff -r 0a508a6bf141 -r b3593270d6d9 sys/arch/amd64/amd64/locore.S
--- a/sys/arch/amd64/amd64/locore.S     Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/amd64/locore.S     Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: locore.S,v 1.180 2019/03/09 08:42:25 maxv Exp $        */
+/*     $NetBSD: locore.S,v 1.181 2019/05/14 16:59:25 maxv Exp $        */
 
 /*
  * Copyright-o-rama!
@@ -1483,6 +1483,7 @@
        TEXT_USER_BEGIN
        _ALIGN_TEXT
 LABEL(syscall_sysret)
+       MDS_LEAVE
        SVS_LEAVE
        IBRS_LEAVE
        INTR_RESTORE_GPRS
@@ -1574,6 +1575,7 @@
        _ALIGN_TEXT
 LABEL(intrfastexit)
        NOT_XEN(cli;)
+       MDS_LEAVE
        SVS_LEAVE
        IBRS_LEAVE
        INTR_RESTORE_GPRS
@@ -1721,3 +1723,18 @@
 LABEL(noibrs_leave)
        NOIBRS_LEAVE
 LABEL(noibrs_leave_end)
+
+       .globl  mds_leave, mds_leave_end
+
+LABEL(mds_leave)
+       testb   $SEL_UPL,TF_CS(%rsp)
+       jz      1234f
+       pushq   $GSEL(GDATA_SEL, SEL_KPL)
+       verw    (%rsp)
+       addq    $8,%rsp
+1234:
+LABEL(mds_leave_end)
+
+LABEL(nomds_leave)
+       NOMDS_LEAVE
+LABEL(nomds_leave_end)
diff -r 0a508a6bf141 -r b3593270d6d9 sys/arch/amd64/include/frameasm.h
--- a/sys/arch/amd64/include/frameasm.h Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/include/frameasm.h Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: frameasm.h,v 1.42 2019/02/11 14:59:32 cherry Exp $     */
+/*     $NetBSD: frameasm.h,v 1.43 2019/05/14 16:59:25 maxv Exp $       */
 
 #ifndef _AMD64_MACHINE_FRAMEASM_H
 #define _AMD64_MACHINE_FRAMEASM_H
@@ -48,6 +48,7 @@
 #define HP_NAME_IBRS_LEAVE     10
 #define HP_NAME_SVS_ENTER_NMI  11
 #define HP_NAME_SVS_LEAVE_NMI  12
+#define HP_NAME_MDS_LEAVE      13
 
 #define HOTPATCH(name, size) \
 123:                                           ; \
@@ -85,6 +86,18 @@
        .byte 0xEB, (IBRS_LEAVE_BYTES-2)        /* jmp */       ; \
        .fill   (IBRS_LEAVE_BYTES-2),1,0xCC
 
+/*
+ * MDS
+ */
+
+#define MDS_LEAVE_BYTES        20
+#define MDS_LEAVE \
+       HOTPATCH(HP_NAME_MDS_LEAVE, MDS_LEAVE_BYTES)            ; \
+       NOMDS_LEAVE
+#define NOMDS_LEAVE \
+       .byte 0xEB, (MDS_LEAVE_BYTES-2) /* jmp */               ; \
+       .fill   (MDS_LEAVE_BYTES-2),1,0xCC
+
 #define        SWAPGS  NOT_XEN(swapgs)
 
 /*
diff -r 0a508a6bf141 -r b3593270d6d9 sys/arch/x86/include/specialreg.h
--- a/sys/arch/x86/include/specialreg.h Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/x86/include/specialreg.h Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: specialreg.h,v 1.143 2019/03/13 05:22:07 msaitoh Exp $ */
+/*     $NetBSD: specialreg.h,v 1.144 2019/05/14 16:59:26 maxv Exp $    */
 
 /*-
  * Copyright (c) 1991 The Regents of the University of California.
@@ -426,6 +426,7 @@
 /* %edx */
 #define CPUID_SEF_AVX512_4VNNIW        __BIT(2)
 #define CPUID_SEF_AVX512_4FMAPS        __BIT(3)
+#define CPUID_SEF_MD_CLEAR     __BIT(10)
 #define CPUID_SEF_TSX_FORCE_ABORT __BIT(13) /* MSR_TSX_FORCE_ABORT bit 0 */
 #define CPUID_SEF_IBRS         __BIT(26) /* IBRS / IBPB Speculation Control */
 #define CPUID_SEF_STIBP                __BIT(27) /* STIBP Speculation Control */
@@ -747,6 +748,7 @@
 #define        IA32_ARCH_RSBA          0x04
 #define        IA32_ARCH_SKIP_L1DFL_VMENTRY 0x08
 #define        IA32_ARCH_SSB_NO        0x10
+#define        IA32_ARCH_MDS_NO        0x20
 #define MSR_IA32_FLUSH_CMD     0x10b
 #define        IA32_FLUSH_CMD_L1D_FLUSH 0x01
 #define MSR_TSX_FORCE_ABORT    0x10f
diff -r 0a508a6bf141 -r b3593270d6d9 sys/arch/x86/x86/spectre.c
--- a/sys/arch/x86/x86/spectre.c        Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/x86/x86/spectre.c        Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: spectre.c,v 1.26 2019/04/27 10:40:17 maxv Exp $        */
+/*     $NetBSD: spectre.c,v 1.27 2019/05/14 16:59:26 maxv Exp $        */
 
 /*
  * Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.26 2019/04/27 10:40:17 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.27 2019/05/14 16:59:26 maxv Exp $");
 
 #include "opt_spectre.h"
 
@@ -549,6 +549,226 @@
 
 /* -------------------------------------------------------------------------- */
 
+enum mds_mitigation {
+       MDS_MITIGATION_NONE,
+       MDS_MITIGATION_VERW,
+       MDS_MITIGATION_MDS_NO
+};
+
+static char mds_mitigation_name[64] = "(none)";
+
+static enum mds_mitigation mds_mitigation_method = MDS_MITIGATION_NONE;
+static bool mds_mitigation_enabled __read_mostly = false;
+
+static volatile unsigned long mds_cpu_barrier1 __cacheline_aligned;
+static volatile unsigned long mds_cpu_barrier2 __cacheline_aligned;
+
+#ifdef __x86_64__
+static void
+mds_disable_hotpatch(void)
+{
+       extern uint8_t nomds_leave, nomds_leave_end;
+       u_long psl, cr0;
+       uint8_t *bytes;
+       size_t size;
+
+       x86_patch_window_open(&psl, &cr0);
+
+       bytes = &nomds_leave;
+       size = (size_t)&nomds_leave_end - (size_t)&nomds_leave;
+       x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+       x86_patch_window_close(psl, cr0);
+}
+
+static void
+mds_enable_hotpatch(void)
+{
+       extern uint8_t mds_leave, mds_leave_end;
+       u_long psl, cr0;
+       uint8_t *bytes;
+       size_t size;
+
+       x86_patch_window_open(&psl, &cr0);
+
+       bytes = &mds_leave;
+       size = (size_t)&mds_leave_end - (size_t)&mds_leave;
+       x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+       x86_patch_window_close(psl, cr0);
+}
+#else
+/* MDS not supported on i386 */
+static void
+mds_disable_hotpatch(void)
+{
+       panic("%s: impossible", __func__);
+}
+static void
+mds_enable_hotpatch(void)
+{
+       panic("%s: impossible", __func__);
+}
+#endif
+
+static void
+mitigation_mds_apply_cpu(struct cpu_info *ci, bool enabled)
+{
+       switch (mds_mitigation_method) {
+       case MDS_MITIGATION_NONE:
+       case MDS_MITIGATION_MDS_NO:
+               panic("impossible");
+       case MDS_MITIGATION_VERW:
+               /* cpu0 is the one that does the hotpatch job */
+               if (ci == &cpu_info_primary) {
+                       if (enabled) {
+                               mds_enable_hotpatch();
+                       } else {
+                               mds_disable_hotpatch();
+                       }
+               }
+               break;
+       }
+}
+
+static void
+mitigation_mds_change_cpu(void *arg1, void *arg2)
+{
+       struct cpu_info *ci = curcpu();
+       bool enabled = (bool)arg1;
+       u_long psl = 0;
+
+       /* Rendez-vous 1. */
+       psl = x86_read_psl();
+       x86_disable_intr();
+
+       atomic_dec_ulong(&mds_cpu_barrier1);
+       while (atomic_cas_ulong(&mds_cpu_barrier1, 0, 0) != 0) {
+               x86_pause();
+       }
+
+       mitigation_mds_apply_cpu(ci, enabled);
+
+       /* Rendez-vous 2. */
+       atomic_dec_ulong(&mds_cpu_barrier2);
+       while (atomic_cas_ulong(&mds_cpu_barrier2, 0, 0) != 0) {
+               x86_pause();
+       }
+
+       /* Write back and invalidate cache, flush pipelines. */
+       wbinvd();
+       x86_flush();
+
+       x86_write_psl(psl);
+}
+
+static void
+mds_detect_method(void)
+{
+       u_int descs[4];
+       uint64_t msr;
+
+       if (cpu_vendor != CPUVENDOR_INTEL) {
+               mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+               return;
+       }
+
+       x86_cpuid(0x7, descs);
+       if (descs[3] & CPUID_SEF_ARCH_CAP) {
+               msr = rdmsr(MSR_IA32_ARCH_CAPABILITIES);
+               if (msr & IA32_ARCH_MDS_NO) {
+                       mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+                       return;
+               }
+       }
+
+#ifdef __x86_64__
+       if (descs[3] & CPUID_SEF_MD_CLEAR) {
+               mds_mitigation_method = MDS_MITIGATION_VERW;
+       }
+#endif
+}
+
+static void
+mds_set_name(void)
+{
+       char name[64] = "";
+
+       if (!mds_mitigation_enabled) {
+               strlcat(name, "(none)", sizeof(name));
+       } else {



Home | Main Index | Thread Index | Old Index