kernel - Flesh out Spectre mitigation support

Operating Systems / DragonFlyBSD - Matthew Dillon [] - 8 May 2018 17:01 EDT

- Add handling for all modes for AMD CPUs, including support for IBRS_AUTO and STIBP_AUTO (always-on) bits which will be added to future cpus.

- Add STIBP handling to Intel CPUs. I can't find definitions for AUTO (always-on) modes for Intel, so those are still not supported (no current CPU has AUTO support yet anyway).

- Current DragonFlyBSD defaults: Will enable IBRS_AUTO and STIBP_AUTO (always on) support by default if the cpu has it. Will NOT enable IBRS or STIBP (non-auto) toggling by default. Will not enable IBPB by default.

IBPB is currently not enabled by default. The overhead is an enormous ~2uS. We will follow Linux in this regard.

- Change the machdep.spectre_mitigation sysctl to take a string of features to enable. Change machdep.spectre_support to display a string of features supported. Possible features are:

IBRS Indirect Branch Restricted Speculation (U->K and K->U) STIBP Single Thread Indirect Branch Prediction (U->K and K->U) IBPB Branch Prediction Barrier (U->K) IBRS_AUTO IBRS always-on (set once and forget) STIBP_AUTO STIBP always-on (set once and forget)

The machdep.spectre_support sysctl tells you whats available.

- Refactor tr_pcb_gflags into tr_pcb_spec_ctrl[2] to make it easier for the assembly code to program the SPEC_CTRL MSR.

- Note that some of the above bits will never be supported by current hardware and exist to allow future hardware to support these features in a less expensive manner.

- Also note that for Meltdown, AMD is immune and the meltdown mitigation will not be enabled. Intel is vulnerable and the mitigation will be enabled by default. See sysctl machdep.meltdown_mitigation.

375bb03e45 kernel - Flesh out Spectre mitigation support
sys/cpu/x86_64/include/asmacros.h | 31 +--
sys/cpu/x86_64/include/frame.h | 2 +-
sys/cpu/x86_64/include/specialreg.h | 42 +++-
sys/platform/pc64/include/pcb.h | 9 +-
sys/platform/pc64/x86_64/genassym.c | 12 +-
sys/platform/pc64/x86_64/machdep.c | 44 ++--
sys/platform/pc64/x86_64/vm_machdep.c | 438 +++++++++++++++++++++++-----------
7 files changed, 381 insertions(+), 197 deletions(-)


  • Share