Module Name: src
Committed By: maxv
Date: Tue May 22 08:15:26 UTC 2018
Modified Files:
src/sys/arch/amd64/conf: GENERIC
src/sys/arch/i386/conf: GENERIC
src/sys/arch/x86/x86: spectre.c x86_machdep.c
Log Message:
Clarify the parameters for the SpectreV2 mitigation.
Add:
machdep.spectre_v2.swmitigated
Rename:
machdep.spectre_v2.mitigated -> machdep.spectre_v2.hwmitigated
Change the method string, to combine both the hardware and software
mitigations. swmitigated is set at compile time, hwmitigated can be
set by the user.
Examples:
spectre_v2.swmitigated = 1
spectre_v2.hwmitigated = 0
spectre_v2.method = [GCC retpoline]
spectre_v2.swmitigated = 0
spectre_v2.hwmitigated = 0
spectre_v2.method = (none)
spectre_v2.swmitigated = 1
spectre_v2.hwmitigated = 1
spectre_v2.method = [GCC retpoline] + [Intel IBRS]
To generate a diff of this commit:
cvs rdiff -u -r1.491 -r1.492 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.1178 -r1.1179 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.12 -r1.13 src/sys/arch/x86/x86/spectre.c
cvs rdiff -u -r1.113 -r1.114 src/sys/arch/x86/x86/x86_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.491 src/sys/arch/amd64/conf/GENERIC:1.492
--- src/sys/arch/amd64/conf/GENERIC:1.491 Tue May 15 01:53:27 2018
+++ src/sys/arch/amd64/conf/GENERIC Tue May 22 08:15:26 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.491 2018/05/15 01:53:27 thorpej Exp $
+# $NetBSD: GENERIC,v 1.492 2018/05/22 08:15:26 maxv Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.491 $"
+#ident "GENERIC-$Revision: 1.492 $"
maxusers 64 # estimated number of users
@@ -78,6 +78,7 @@ options SYSCTL_INCLUDE_DESCR # Include
options SVS # Separate Virtual Space
makeoptions SPECTRE_V2_GCC_MITIGATION=1 # GCC Spectre variant 2
# migitation
+options SPECTRE_V2_GCC_MITIGATION
# CPU features
acpicpu* at cpu? # ACPI CPU (including frequency scaling)
Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1178 src/sys/arch/i386/conf/GENERIC:1.1179
--- src/sys/arch/i386/conf/GENERIC:1.1178 Tue May 15 01:53:27 2018
+++ src/sys/arch/i386/conf/GENERIC Tue May 22 08:15:26 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1178 2018/05/15 01:53:27 thorpej Exp $
+# $NetBSD: GENERIC,v 1.1179 2018/05/22 08:15:26 maxv Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1178 $"
+#ident "GENERIC-$Revision: 1.1179 $"
maxusers 64 # estimated number of users
@@ -31,6 +31,7 @@ options USER_LDT # user-settable LDT; u
#options PAE # PAE mode (36 bits physical addressing)
makeoptions SPECTRE_V2_GCC_MITIGATION=1 # GCC Spectre variant 2
# migitation
+options SPECTRE_V2_GCC_MITIGATION
# CPU features
acpicpu* at cpu? # ACPI CPU (including frequency scaling)
Index: src/sys/arch/x86/x86/spectre.c
diff -u src/sys/arch/x86/x86/spectre.c:1.12 src/sys/arch/x86/x86/spectre.c:1.13
--- src/sys/arch/x86/x86/spectre.c:1.12 Tue May 22 07:11:53 2018
+++ src/sys/arch/x86/x86/spectre.c Tue May 22 08:15:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: spectre.c,v 1.12 2018/05/22 07:11:53 maxv Exp $ */
+/* $NetBSD: spectre.c,v 1.13 2018/05/22 08:15:26 maxv Exp $ */
/*
* Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,9 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.12 2018/05/22 07:11:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.13 2018/05/22 08:15:26 maxv Exp $");
+
+#include "opt_spectre.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -62,22 +64,32 @@ char spec_v2_mitigation_name[64] = "(non
static void
spec_v2_set_name(void)
{
- const char *name;
+ char name[64] = "";
+ size_t nmitig = 0;
+
+#if defined(SPECTRE_V2_GCC_MITIGATION)
+ strlcat(name, "[GCC retpoline]", sizeof(name));
+ nmitig++;
+#endif
if (!spec_v2_mitigation_enabled) {
- name = "(none)";
+ if (nmitig == 0)
+ strlcat(name, "(none)", sizeof(name));
} else {
+ if (nmitig)
+ strlcat(name, " + ", sizeof(name));
switch (mitigation_v2_method) {
case MITIGATION_AMD_DIS_IND:
- name = "AMD DIS_IND";
+ strlcat(name, "[AMD DIS_IND]", sizeof(name));
break;
case MITIGATION_INTEL_IBRS:
- name = "Intel IBRS";
+ strlcat(name, "[Intel IBRS]", sizeof(name));
break;
default:
panic("%s: impossible", __func__);
}
}
+
strlcpy(spec_v2_mitigation_name, name,
sizeof(spec_v2_mitigation_name));
}
Index: src/sys/arch/x86/x86/x86_machdep.c
diff -u src/sys/arch/x86/x86/x86_machdep.c:1.113 src/sys/arch/x86/x86/x86_machdep.c:1.114
--- src/sys/arch/x86/x86/x86_machdep.c:1.113 Tue May 22 07:11:53 2018
+++ src/sys/arch/x86/x86/x86_machdep.c Tue May 22 08:15:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: x86_machdep.c,v 1.113 2018/05/22 07:11:53 maxv Exp $ */
+/* $NetBSD: x86_machdep.c,v 1.114 2018/05/22 08:15:26 maxv Exp $ */
/*-
* Copyright (c) 2002, 2006, 2007 YAMAMOTO Takashi,
@@ -31,13 +31,16 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.113 2018/05/22 07:11:53 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.114 2018/05/22 08:15:26 maxv Exp $");
#include "opt_modular.h"
#include "opt_physmem.h"
#include "opt_splash.h"
#include "opt_kaslr.h"
#include "opt_svs.h"
+#ifndef XEN
+#include "opt_spectre.h"
+#endif
#include <sys/types.h>
#include <sys/param.h>
@@ -1303,12 +1306,23 @@ SYSCTL_SETUP(sysctl_machdep_setup, "sysc
CTL_MACHDEP, CTL_CREATE);
sysctl_createv(clog, 0, &spec_rnode, NULL,
CTLFLAG_READWRITE,
- CTLTYPE_BOOL, "mitigated",
- SYSCTL_DESCR("Whether Spectre Variant 2 is mitigated"),
+ CTLTYPE_BOOL, "hwmitigated",
+ SYSCTL_DESCR("Whether Spectre Variant 2 is HW-mitigated"),
sysctl_machdep_spectreV2_mitigated, 0,
&spec_v2_mitigation_enabled, 0,
CTL_CREATE, CTL_EOL);
sysctl_createv(clog, 0, &spec_rnode, NULL,
+ CTLFLAG_PERMANENT | CTLFLAG_IMMEDIATE,
+ CTLTYPE_BOOL, "swmitigated",
+ SYSCTL_DESCR("Whether Spectre Variant 2 is SW-mitigated"),
+#if defined(SPECTRE_V2_GCC_MITIGATION)
+ NULL, 1,
+#else
+ NULL, 0,
+#endif
+ NULL, 0,
+ CTL_CREATE, CTL_EOL);
+ sysctl_createv(clog, 0, &spec_rnode, NULL,
CTLFLAG_PERMANENT,
CTLTYPE_STRING, "method",
SYSCTL_DESCR("Mitigation method in use"),
