- Implement machdep.spectre_mitigation. This can be set as a tunable or sysctl'd later. The tunable is only applicable if the BIOS has the appropriate microcode, otherwise you have to update the microcode first and then use sysctl to set the mode.
This works similarly to Linux's IBRS support.
mode 0 - Spectre IBPB MSRs disabled
mode 1 - Sets IBPB MSR on USER->KERN transition and clear it on KERN->USER.
mode 2 - Leave IBPB set globally. Do not toggle on USER->KERN or KERN->USER transitions.
- Retest spectre microcode MSRs on microcode update.
- Spectre mode 1 is enabled by default if the microcode supports it. (we might change this to disabled by default, I'm still mulling it over).
- General performance effects (not counting the MMU separation mode, which is machdep.meltdown_mitigation and adds another 3% in overhead):
Skylake loses around 5% for mode 1 and 12% for mode 2, verses mode 0. Haswell loses around 12% for mode 1 and 53% for mode 2, verses mode 0.
Add another 3% if MMU separation is also turned on (aka machdep.meltdown_mitigation).
- General system call overhead effects on Skylake:
machdep.meltdown_mitigation=0, machdep.spectre_mitigation=0 103ns machdep.meltdown_mitigation=1, machdep.spectre_mitigation=0 360ns machdep.meltdown_mitigation=1, machdep.spectre_mitigation=1 848ns machdep.meltdown_mitigation=1, machdep.spectre_mitigation=2 404ns
Note that mode 1 has better overall performance for mixed user+kernel workloads despite having a much higher system call overhead, whereas mode 2 has lower system call overhead but generally lower overall performance because IBPB is enabled in usermode.
8ed0657196 kernel - Implement spectre mitigations part 1
sys/cpu/x86_64/include/asmacros.h | 238 +++++++++++++++++++++-------------
sys/cpu/x86_64/include/frame.h | 8 +-
sys/dev/misc/cpuctl/cpuctl.c | 6 +
sys/platform/pc64/include/pcb.h | 2 +
sys/platform/pc64/x86_64/exception.S | 6 +-
sys/platform/pc64/x86_64/genassym.c | 8 +-
sys/platform/pc64/x86_64/machdep.c | 45 ++++++-
sys/platform/pc64/x86_64/vm_machdep.c | 211 +++++++++++++++++++++++++++++-
8 files changed, 423 insertions(+), 101 deletions(-)