svn commit: r362383 - in stable/11/sys: amd64/amd64 dev/cpuctl x86/include x86/x86

Konstantin Belousov kib at FreeBSD.org
Fri Jun 19 13:48:24 UTC 2020 

Author: kib
Date: Fri Jun 19 13:48:23 2020
New Revision: 362383
URL: https://svnweb.freebsd.org/changeset/base/362383

Log:
  MFC r362130:
  Control for Special Register Buffer Data Sampling mitigation.

Modified:
  stable/11/sys/amd64/amd64/initcpu.c
  stable/11/sys/amd64/amd64/machdep.c
  stable/11/sys/dev/cpuctl/cpuctl.c
  stable/11/sys/x86/include/x86_var.h
  stable/11/sys/x86/x86/cpu_machdep.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/amd64/amd64/initcpu.c
==============================================================================
--- stable/11/sys/amd64/amd64/initcpu.c	Fri Jun 19 13:47:40 2020	(r362382)
+++ stable/11/sys/amd64/amd64/initcpu.c	Fri Jun 19 13:48:23 2020	(r362383)
@@ -261,6 +261,7 @@ initializecpu(void)
 	}
 	hw_ibrs_recalculate(false);
 	hw_ssb_recalculate(false);
+	x86_rngds_mitg_recalculate(false);
 	switch (cpu_vendor_id) {
 	case CPU_VENDOR_AMD:
 		init_amd();

Modified: stable/11/sys/amd64/amd64/machdep.c
==============================================================================
--- stable/11/sys/amd64/amd64/machdep.c	Fri Jun 19 13:47:40 2020	(r362382)
+++ stable/11/sys/amd64/amd64/machdep.c	Fri Jun 19 13:48:23 2020	(r362383)
@@ -1727,6 +1727,9 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
 	TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
 	TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable);
 
+	TUNABLE_INT_FETCH("machdep.mitigations.rndgs.enable",
+	    &x86_rngds_mitg_enable);
+
 	finishidentcpu();	/* Final stage of CPU initialization */
 	initializecpu();	/* Initialize CPU registers */
 	initializecpucache();

Modified: stable/11/sys/dev/cpuctl/cpuctl.c
==============================================================================
--- stable/11/sys/dev/cpuctl/cpuctl.c	Fri Jun 19 13:47:40 2020	(r362382)
+++ stable/11/sys/dev/cpuctl/cpuctl.c	Fri Jun 19 13:48:23 2020	(r362383)
@@ -544,6 +544,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread *td
 #endif
 	hw_mds_recalculate();
 	x86_taa_recalculate();
+	x86_rngds_mitg_recalculate(true);
 	printcpuinfo();
 	return (0);
 }

Modified: stable/11/sys/x86/include/x86_var.h
==============================================================================
--- stable/11/sys/x86/include/x86_var.h	Fri Jun 19 13:47:40 2020	(r362382)
+++ stable/11/sys/x86/include/x86_var.h	Fri Jun 19 13:48:23 2020	(r362383)
@@ -87,6 +87,7 @@ extern	int	hw_mds_disable;
 extern	int	hw_ssb_active;
 extern	int	x86_taa_enable;
 extern	int	cpu_flush_rsb_ctxsw;
+extern	int	x86_rngds_mitg_enable;
 
 struct	pcb;
 struct	thread;
@@ -140,6 +141,7 @@ void	hw_ibrs_recalculate(bool all_cpus);
 void	hw_mds_recalculate(void);
 void	hw_ssb_recalculate(bool all_cpus);
 void	x86_taa_recalculate(void);
+void	x86_rngds_mitg_recalculate(bool all_cpus);
 void	nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
 void	nmi_call_kdb_smp(u_int type, struct trapframe *frame);
 void	nmi_handle_intr(u_int type, struct trapframe *frame);

Modified: stable/11/sys/x86/x86/cpu_machdep.c
==============================================================================
--- stable/11/sys/x86/x86/cpu_machdep.c	Fri Jun 19 13:47:40 2020	(r362382)
+++ stable/11/sys/x86/x86/cpu_machdep.c	Fri Jun 19 13:48:23 2020	(r362383)
@@ -1364,3 +1364,57 @@ int __read_frequently cpu_flush_rsb_ctxsw;
 SYSCTL_INT(_machdep_mitigations, OID_AUTO, flush_rsb_ctxsw,
     CTLFLAG_RW | CTLFLAG_NOFETCH, &cpu_flush_rsb_ctxsw, 0,
     "Flush Return Stack Buffer on context switch");
+
+SYSCTL_NODE(_machdep_mitigations, OID_AUTO, rngds,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
+    "MCU Optimization, disable RDSEED mitigation");
+
+int x86_rngds_mitg_enable = 1;
+void
+x86_rngds_mitg_recalculate(bool all_cpus)
+{
+	if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0)
+		return;
+	x86_msr_op(MSR_IA32_MCU_OPT_CTRL,
+	    (x86_rngds_mitg_enable ? MSR_OP_OR : MSR_OP_ANDNOT) |
+	    (all_cpus ? MSR_OP_RENDEZVOUS : MSR_OP_LOCAL),
+	    IA32_RNGDS_MITG_DIS);
+}
+
+static int
+sysctl_rngds_mitg_enable_handler(SYSCTL_HANDLER_ARGS)
+{
+	int error, val;
+
+	val = x86_rngds_mitg_enable;
+	error = sysctl_handle_int(oidp, &val, 0, req);
+	if (error != 0 || req->newptr == NULL)
+		return (error);
+	x86_rngds_mitg_enable = val;
+	x86_rngds_mitg_recalculate(true);
+	return (0);
+}
+SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, enable, CTLTYPE_INT |
+    CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+    sysctl_rngds_mitg_enable_handler, "I",
+    "MCU Optimization, disabling RDSEED mitigation control "
+    "(0 - mitigation disabled (RDSEED optimized), 1 - mitigation enabled");
+
+static int
+sysctl_rngds_state_handler(SYSCTL_HANDLER_ARGS)
+{
+	const char *state;
+
+	if ((cpu_stdext_feature3 & CPUID_STDEXT3_MCUOPT) == 0) {
+		state = "Not applicable";
+	} else if (x86_rngds_mitg_enable == 0) {
+		state = "RDSEED not serialized";
+	} else {
+		state = "Mitigated";
+	}
+	return (SYSCTL_OUT(req, state, strlen(state)));
+}
+SYSCTL_PROC(_machdep_mitigations_rngds, OID_AUTO, state,
+    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+    sysctl_rngds_state_handler, "A",
+    "MCU Optimization state");

More information about the svn-src-stable mailing list