CVS commit: src/sys/arch/x86

Tue, 22 May 2018 10:15:05 -0700 

Module Name:    src
Committed By:   maxv
Date:           Tue May 22 17:14:47 UTC 2018

Modified Files:
        src/sys/arch/x86/include: specialreg.h
        src/sys/arch/x86/x86: spectre.c

Log Message:
Extend the AMD NONARCH method to family 17h. The AMD spec states that for
17h care must be taken when handling sibling threads.

The concern is that if we have a protected two-thread process running on
two siblings, and context switch one thread to another unprotected thread,
disabling the SSB protection on one logical core will disable SSB on its
sibling too (which is still running the protected thread).

All of that doesn't matter to us, because the SSB value we set is
system-wide, not per-process.


To generate a diff of this commit:
cvs rdiff -u -r1.123 -r1.124 src/sys/arch/x86/include/specialreg.h
cvs rdiff -u -r1.17 -r1.18 src/sys/arch/x86/x86/spectre.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/x86/include/specialreg.h
diff -u src/sys/arch/x86/include/specialreg.h:1.123 src/sys/arch/x86/include/specialreg.h:1.124
--- src/sys/arch/x86/include/specialreg.h:1.123	Tue May 22 10:20:04 2018
+++ src/sys/arch/x86/include/specialreg.h	Tue May 22 17:14:46 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: specialreg.h,v 1.123 2018/05/22 10:20:04 maxv Exp $	*/
+/*	$NetBSD: specialreg.h,v 1.124 2018/05/22 17:14:46 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1991 The Regents of the University of California.
@@ -860,6 +860,7 @@
 #define 	LS_CFG_DIS_LS2_SQUISH	0x02000000
 #define 	LS_CFG_DIS_SSB_F15H	0x0040000000000000ULL
 #define 	LS_CFG_DIS_SSB_F16H	0x0000000200000000ULL
+#define 	LS_CFG_DIS_SSB_F17H	0x0000000000000400ULL
 
 #define MSR_IC_CFG	0xc0011021
 #define 	IC_CFG_DIS_SEQ_PREFETCH	0x00000800

Index: src/sys/arch/x86/x86/spectre.c
diff -u src/sys/arch/x86/x86/spectre.c:1.17 src/sys/arch/x86/x86/spectre.c:1.18
--- src/sys/arch/x86/x86/spectre.c:1.17	Tue May 22 16:44:42 2018
+++ src/sys/arch/x86/x86/spectre.c	Tue May 22 17:14:46 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: spectre.c,v 1.17 2018/05/22 16:44:42 maxv Exp $	*/
+/*	$NetBSD: spectre.c,v 1.18 2018/05/22 17:14:46 maxv Exp $	*/
 
 /*
  * Copyright (c) 2018 NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.17 2018/05/22 16:44:42 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: spectre.c,v 1.18 2018/05/22 17:14:46 maxv Exp $");
 
 #include "opt_spectre.h"
 
@@ -62,7 +62,8 @@ enum v4_mitigation {
 	V4_MITIGATION_INTEL_SSBD,
 	V4_MITIGATION_INTEL_SSB_NO,
 	V4_MITIGATION_AMD_NONARCH_F15H,
-	V4_MITIGATION_AMD_NONARCH_F16H
+	V4_MITIGATION_AMD_NONARCH_F16H,
+	V4_MITIGATION_AMD_NONARCH_F17H
 };
 
 static enum v2_mitigation v2_mitigation_method = V2_MITIGATION_NONE;
@@ -381,6 +382,7 @@ v4_set_name(void)
 			break;
 		case V4_MITIGATION_AMD_NONARCH_F15H:
 		case V4_MITIGATION_AMD_NONARCH_F16H:
+		case V4_MITIGATION_AMD_NONARCH_F17H:
 			strlcat(name, "[AMD NONARCH]", sizeof(name));
 			break;
 		}
@@ -426,6 +428,9 @@ v4_detect_method(void)
 		case 0x16:
 			v4_mitigation_method = V4_MITIGATION_AMD_NONARCH_F16H;
 			return;
+		case 0x17:
+			v4_mitigation_method = V4_MITIGATION_AMD_NONARCH_F17H;
+			return;
 		default:
 			break;
 		}
@@ -437,40 +442,37 @@ v4_detect_method(void)
 static void
 mitigation_v4_apply_cpu(bool enabled)
 {
-	uint64_t msr;
+	uint64_t msr, msrval = 0, msrbit = 0;
 
 	switch (v4_mitigation_method) {
 	case V4_MITIGATION_NONE:
 	case V4_MITIGATION_INTEL_SSB_NO:
 		panic("impossible");
 	case V4_MITIGATION_INTEL_SSBD:
-		msr = rdmsr(MSR_IA32_SPEC_CTRL);
-		if (enabled) {
-			msr |= IA32_SPEC_CTRL_SSBD;
-		} else {
-			msr &= ~IA32_SPEC_CTRL_SSBD;
-		}
-		wrmsr(MSR_IA32_SPEC_CTRL, msr);
+		msrval = MSR_IA32_SPEC_CTRL;
+		msrbit = IA32_SPEC_CTRL_SSBD;
 		break;
 	case V4_MITIGATION_AMD_NONARCH_F15H:
-		msr = rdmsr(MSR_LS_CFG);
-		if (enabled) {
-			msr |= LS_CFG_DIS_SSB_F15H;
-		} else {
-			msr &= ~LS_CFG_DIS_SSB_F15H;
-		}
-		wrmsr(MSR_LS_CFG, msr);
+		msrval = MSR_LS_CFG;
+		msrbit = LS_CFG_DIS_SSB_F15H;
 		break;
 	case V4_MITIGATION_AMD_NONARCH_F16H:
-		msr = rdmsr(MSR_LS_CFG);
-		if (enabled) {
-			msr |= LS_CFG_DIS_SSB_F16H;
-		} else {
-			msr &= ~LS_CFG_DIS_SSB_F16H;
-		}
-		wrmsr(MSR_LS_CFG, msr);
+		msrval = MSR_LS_CFG;
+		msrbit = LS_CFG_DIS_SSB_F16H;
+		break;
+	case V4_MITIGATION_AMD_NONARCH_F17H:
+		msrval = MSR_LS_CFG;
+		msrbit = LS_CFG_DIS_SSB_F17H;
 		break;
 	}
+
+	msr = rdmsr(msrval);
+	if (enabled) {
+		msr |= msrbit;
+	} else {
+		msr &= ~msrbit;
+	}
+	wrmsr(msrval, msr);
 }
 
 static void
@@ -512,6 +514,7 @@ static int mitigation_v4_change(bool ena
 	case V4_MITIGATION_INTEL_SSBD:
 	case V4_MITIGATION_AMD_NONARCH_F15H:
 	case V4_MITIGATION_AMD_NONARCH_F16H:
+	case V4_MITIGATION_AMD_NONARCH_F17H:
 		printf("[+] %s SpectreV4 Mitigation...",
 		    enabled ? "Enabling" : "Disabling");
 		xc = xc_broadcast(0, mitigation_v4_change_cpu,

Reply via email to