Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch Mitigation for INTEL-SA-00233: Microarchitectural D...
details: https://anonhg.NetBSD.org/src/rev/4a5333c03bd7
branches: trunk
changeset: 999050:4a5333c03bd7
user: maxv <maxv%NetBSD.org@localhost>
date: Tue May 14 16:59:25 2019 +0000
description:
Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).
It requires a microcode update, now available on the Intel website. The
microcode modifies the behavior of the VERW instruction, and makes it flush
internal CPU buffers. We hotpatch the return-to-userland path to add VERW.
Two sysctls are added:
machdep.mds.mitigated = {0/1} user-settable
machdep.mds.method = {string} constructed by the kernel
The kernel will automatically enable the mitigation if the updated
microcode is present. If the new microcode is not present, the user can
load it via cpuctl, and set machdep.mds.mitigated=1.
diffstat:
sys/arch/amd64/amd64/amd64_trap.S | 4 +-
sys/arch/amd64/amd64/locore.S | 19 ++-
sys/arch/amd64/include/frameasm.h | 15 ++-
sys/arch/x86/include/specialreg.h | 4 +-
sys/arch/x86/x86/spectre.c | 263 +++++++++++++++++++++++++++++++++++++-
5 files changed, 299 insertions(+), 6 deletions(-)
diffs (truncated from 426 to 300 lines):
diff -r ab02a7c19fa1 -r 4a5333c03bd7 sys/arch/amd64/amd64/amd64_trap.S
--- a/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/amd64/amd64_trap.S Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: amd64_trap.S,v 1.46 2019/02/11 14:59:32 cherry Exp $ */
+/* $NetBSD: amd64_trap.S,v 1.47 2019/05/14 16:59:25 maxv Exp $ */
/*
* Copyright (c) 1998, 2007, 2008, 2017 The NetBSD Foundation, Inc.
@@ -281,6 +281,7 @@
call _C_LABEL(nmitrap)
.Lnmileave:
+ MDS_LEAVE
SVS_LEAVE_NMI
IBRS_LEAVE
INTR_RESTORE_GPRS
@@ -369,6 +370,7 @@
incq CPUVAR(NTRAP)
call _C_LABEL(doubletrap)
+ MDS_LEAVE
SVS_LEAVE_ALTSTACK
IBRS_LEAVE
INTR_RESTORE_GPRS
diff -r ab02a7c19fa1 -r 4a5333c03bd7 sys/arch/amd64/amd64/locore.S
--- a/sys/arch/amd64/amd64/locore.S Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/amd64/locore.S Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: locore.S,v 1.180 2019/03/09 08:42:25 maxv Exp $ */
+/* $NetBSD: locore.S,v 1.181 2019/05/14 16:59:25 maxv Exp $ */
/*
* Copyright-o-rama!
@@ -1483,6 +1483,7 @@
TEXT_USER_BEGIN
_ALIGN_TEXT
LABEL(syscall_sysret)
+ MDS_LEAVE
SVS_LEAVE
IBRS_LEAVE
INTR_RESTORE_GPRS
@@ -1574,6 +1575,7 @@
_ALIGN_TEXT
LABEL(intrfastexit)
NOT_XEN(cli;)
+ MDS_LEAVE
SVS_LEAVE
IBRS_LEAVE
INTR_RESTORE_GPRS
@@ -1721,3 +1723,18 @@
LABEL(noibrs_leave)
NOIBRS_LEAVE
LABEL(noibrs_leave_end)
+
+ .globl mds_leave, mds_leave_end
+
+LABEL(mds_leave)
+ testb $SEL_UPL,TF_CS(%rsp)
+ jz 1234f
+ pushq $GSEL(GDATA_SEL, SEL_KPL)
+ verw (%rsp)
+ addq $8,%rsp
+1234:
+LABEL(mds_leave_end)
+
+LABEL(nomds_leave)
+ NOMDS_LEAVE
+LABEL(nomds_leave_end)
diff -r ab02a7c19fa1 -r 4a5333c03bd7 sys/arch/amd64/include/frameasm.h
--- a/sys/arch/amd64/include/frameasm.h Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/amd64/include/frameasm.h Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: frameasm.h,v 1.42 2019/02/11 14:59:32 cherry Exp $ */
+/* $NetBSD: frameasm.h,v 1.43 2019/05/14 16:59:25 maxv Exp $ */
#ifndef _AMD64_MACHINE_FRAMEASM_H
#define _AMD64_MACHINE_FRAMEASM_H
@@ -48,6 +48,7 @@
#define HP_NAME_IBRS_LEAVE 10
#define HP_NAME_SVS_ENTER_NMI 11
#define HP_NAME_SVS_LEAVE_NMI 12
+#define HP_NAME_MDS_LEAVE 13
#define HOTPATCH(name, size) \
123: ; \
@@ -85,6 +86,18 @@
.byte 0xEB, (IBRS_LEAVE_BYTES-2) /* jmp */ ; \
.fill (IBRS_LEAVE_BYTES-2),1,0xCC
+/*
+ * MDS
+ */
+
+#define MDS_LEAVE_BYTES 20
+#define MDS_LEAVE \
+ HOTPATCH(HP_NAME_MDS_LEAVE, MDS_LEAVE_BYTES) ; \
+ NOMDS_LEAVE
+#define NOMDS_LEAVE \
+ .byte 0xEB, (MDS_LEAVE_BYTES-2) /* jmp */ ; \
+ .fill (MDS_LEAVE_BYTES-2),1,0xCC
+
#define SWAPGS NOT_XEN(swapgs)
/*
diff -r ab02a7c19fa1 -r 4a5333c03bd7 sys/arch/x86/include/specialreg.h
--- a/sys/arch/x86/include/specialreg.h Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/x86/include/specialreg.h Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: specialreg.h,v 1.143 2019/03/13 05:22:07 msaitoh Exp $ */
+/* $NetBSD: specialreg.h,v 1.144 2019/05/14 16:59:26 maxv Exp $ */
/*-
* Copyright (c) 1991 The Regents of the University of California.
@@ -426,6 +426,7 @@
/* %edx */
#define CPUID_SEF_AVX512_4VNNIW __BIT(2)
#define CPUID_SEF_AVX512_4FMAPS __BIT(3)
+#define CPUID_SEF_MD_CLEAR __BIT(10)
#define CPUID_SEF_TSX_FORCE_ABORT __BIT(13) /* MSR_TSX_FORCE_ABORT bit 0 */
#define CPUID_SEF_IBRS __BIT(26) /* IBRS / IBPB Speculation Control */
#define CPUID_SEF_STIBP __BIT(27) /* STIBP Speculation Control */
@@ -747,6 +748,7 @@
#define IA32_ARCH_RSBA 0x04
#define IA32_ARCH_SKIP_L1DFL_VMENTRY 0x08
#define IA32_ARCH_SSB_NO 0x10
+#define IA32_ARCH_MDS_NO 0x20
#define MSR_IA32_FLUSH_CMD 0x10b
#define IA32_FLUSH_CMD_L1D_FLUSH 0x01
#define MSR_TSX_FORCE_ABORT 0x10f
diff -r ab02a7c19fa1 -r 4a5333c03bd7 sys/arch/x86/x86/spectre.c
--- a/sys/arch/x86/x86/spectre.c Tue May 14 16:22:09 2019 +0000
+++ b/sys/arch/x86/x86/spectre.c Tue May 14 16:59:25 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: spectre.c,v 1.26 2019/04/27 10:40:17 maxv Exp $ */
+/* $NetBSD: spectre.c,v 1.27 2019/05/14 16:59:26 maxv Exp $ */
/*
* Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.26 2019/04/27 10:40:17 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.27 2019/05/14 16:59:26 maxv Exp $");
#include "opt_spectre.h"
@@ -549,6 +549,226 @@
/* -------------------------------------------------------------------------- */
+enum mds_mitigation {
+ MDS_MITIGATION_NONE,
+ MDS_MITIGATION_VERW,
+ MDS_MITIGATION_MDS_NO
+};
+
+static char mds_mitigation_name[64] = "(none)";
+
+static enum mds_mitigation mds_mitigation_method = MDS_MITIGATION_NONE;
+static bool mds_mitigation_enabled __read_mostly = false;
+
+static volatile unsigned long mds_cpu_barrier1 __cacheline_aligned;
+static volatile unsigned long mds_cpu_barrier2 __cacheline_aligned;
+
+#ifdef __x86_64__
+static void
+mds_disable_hotpatch(void)
+{
+ extern uint8_t nomds_leave, nomds_leave_end;
+ u_long psl, cr0;
+ uint8_t *bytes;
+ size_t size;
+
+ x86_patch_window_open(&psl, &cr0);
+
+ bytes = &nomds_leave;
+ size = (size_t)&nomds_leave_end - (size_t)&nomds_leave;
+ x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+ x86_patch_window_close(psl, cr0);
+}
+
+static void
+mds_enable_hotpatch(void)
+{
+ extern uint8_t mds_leave, mds_leave_end;
+ u_long psl, cr0;
+ uint8_t *bytes;
+ size_t size;
+
+ x86_patch_window_open(&psl, &cr0);
+
+ bytes = &mds_leave;
+ size = (size_t)&mds_leave_end - (size_t)&mds_leave;
+ x86_hotpatch(HP_NAME_MDS_LEAVE, bytes, size);
+
+ x86_patch_window_close(psl, cr0);
+}
+#else
+/* MDS not supported on i386 */
+static void
+mds_disable_hotpatch(void)
+{
+ panic("%s: impossible", __func__);
+}
+static void
+mds_enable_hotpatch(void)
+{
+ panic("%s: impossible", __func__);
+}
+#endif
+
+static void
+mitigation_mds_apply_cpu(struct cpu_info *ci, bool enabled)
+{
+ switch (mds_mitigation_method) {
+ case MDS_MITIGATION_NONE:
+ case MDS_MITIGATION_MDS_NO:
+ panic("impossible");
+ case MDS_MITIGATION_VERW:
+ /* cpu0 is the one that does the hotpatch job */
+ if (ci == &cpu_info_primary) {
+ if (enabled) {
+ mds_enable_hotpatch();
+ } else {
+ mds_disable_hotpatch();
+ }
+ }
+ break;
+ }
+}
+
+static void
+mitigation_mds_change_cpu(void *arg1, void *arg2)
+{
+ struct cpu_info *ci = curcpu();
+ bool enabled = (bool)arg1;
+ u_long psl = 0;
+
+ /* Rendez-vous 1. */
+ psl = x86_read_psl();
+ x86_disable_intr();
+
+ atomic_dec_ulong(&mds_cpu_barrier1);
+ while (atomic_cas_ulong(&mds_cpu_barrier1, 0, 0) != 0) {
+ x86_pause();
+ }
+
+ mitigation_mds_apply_cpu(ci, enabled);
+
+ /* Rendez-vous 2. */
+ atomic_dec_ulong(&mds_cpu_barrier2);
+ while (atomic_cas_ulong(&mds_cpu_barrier2, 0, 0) != 0) {
+ x86_pause();
+ }
+
+ /* Write back and invalidate cache, flush pipelines. */
+ wbinvd();
+ x86_flush();
+
+ x86_write_psl(psl);
+}
+
+static void
+mds_detect_method(void)
+{
+ u_int descs[4];
+ uint64_t msr;
+
+ if (cpu_vendor != CPUVENDOR_INTEL) {
+ mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+ return;
+ }
+
+ x86_cpuid(0x7, descs);
+ if (descs[3] & CPUID_SEF_ARCH_CAP) {
+ msr = rdmsr(MSR_IA32_ARCH_CAPABILITIES);
+ if (msr & IA32_ARCH_MDS_NO) {
+ mds_mitigation_method = MDS_MITIGATION_MDS_NO;
+ return;
+ }
+ }
+
+#ifdef __x86_64__
+ if (descs[3] & CPUID_SEF_MD_CLEAR) {
+ mds_mitigation_method = MDS_MITIGATION_VERW;
+ }
+#endif
+}
+
+static void
+mds_set_name(void)
+{
+ char name[64] = "";
+
+ if (!mds_mitigation_enabled) {
+ strlcat(name, "(none)", sizeof(name));
+ } else {
Home |
Main Index |
Thread Index |
Old Index