CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2018/02/26 05:29:48
Modified files:
sys/arch/amd64/amd64: Tag: OPENBSD_6_2 cpu.c gdt.c genassym.cf
identcpu.c lapic.c locore.S locore0.S
machdep.c pmap.c spl.S trap.c vector.S
sys/arch/amd64/conf: Tag: OPENBSD_6_2 ld.script
sys/arch/amd64/include: Tag: OPENBSD_6_2 asm.h cpu.h cpufunc.h
frame.h frameasm.h gdt.h pmap.h pte.h
specialreg.h
distrib/sets/lists/base: Tag: OPENBSD_6_2 md.amd64
Added files:
sys/arch/amd64/include: Tag: OPENBSD_6_2 cpu_full.h
Log message:
Implement a workaround against the Meltdown flaw in Intel CPUs.
The following changes have been backported from OpenBSD -current.
Changes by: guent...@cvs.openbsd.org 2018/01/06 15:03:13
Modified files:
sys/arch/amd64/amd64: locore.S machdep.c
sys/arch/amd64/include: frameasm.h
Log message:
Handle %gs like %[def]s and reset set it in cpu_switchto() instead of on
every return to userspace.
ok kettenis@ mlarkin@
Changes by: mlar...@cvs.openbsd.org 2018/01/06 18:08:20
Modified files:
sys/arch/amd64/amd64: identcpu.c
sys/arch/amd64/include: cpu.h specialreg.h
Log message:
Add identcpu.c and specialreg.h definitions for the new Intel/AMD MSRs
that should help mitigate spectre. This is just the detection piece, these
features are not yet used.
Part of a larger ongoing effort to mitigate meltdown/spectre. i386 will
come later; it needs some machdep.c cleanup first.
ok kettenis@
Changes by: mlar...@cvs.openbsd.org 2018/01/07 12:56:19
Modified files:
sys/arch/amd64/amd64: locore.S locore0.S pmap.c
sys/arch/amd64/include: pte.h
Log message:
remove all PG_G global page mappings from the kernel when running on
Intel CPUs. Part of an ongoing set of commits to mitigate the Intel
"meltdown" CVE. This diff does not confer any immunity to that
vulnerability - subsequent commits are still needed and are being
worked on presently.
ok guenther, deraadt
Changes by: mlar...@cvs.openbsd.org 2018/01/12 01:21:30
Modified files:
sys/arch/amd64/amd64: identcpu.c
Log message:
IBRS -> IBRS,IBPB in identifycpu lines
CVSROOT: /cvs
Module name: src
Changes by: guent...@cvs.openbsd.org 2018/02/21 12:24:15
Modified files:
sys/arch/amd64/amd64: cpu.c gdt.c genassym.cf identcpu.c lapic.c
locore.S locore0.S machdep.c pmap.c spl.S
trap.c vector.S
sys/arch/amd64/conf: ld.script
sys/arch/amd64/include: asm.h cpu.h cpufunc.h frame.h frameasm.h
gdt.h pmap.h specialreg.h
Added files:
sys/arch/amd64/include: cpu_full.h
Log message:
Meltdown: implement user/kernel page table separation.
On Intel CPUs which speculate past user/supervisor page permission checks,
use a separate page table for userspace with only the minimum of kernel code
and data required for the transitions to/from the kernel (still marked as
supervisor-only, of course):
- the IDT (RO)
- three pages of kernel text in the .kutext section for interrupt, trap,
and syscall trampoline code (RX)
- one page of kernel data in the .kudata section for TLB flush IPIs (RW)
- the lapic page (RW, uncachable)
- per CPU: one page for the TSS+GDT (RO) and one page for trampoline
stacks (RW)
When a syscall, trap, or interrupt takes a CPU from userspace to kernel the
trampoline code switches page tables, switches stacks to the thread's real
kernel stack, then copies over the necessary bits from the trampoline stack.
On return to userspace the opposite occurs: recreate the iretq frame on the
trampoline stack, switch stack, switch page tables, and return to userspace.
mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing
issues on MP in particular, and drove the final push to completion.
Many rounds of testing by naddy@, sthen@, and others
Thanks to Alex Wilson from Joyent for early discussions about trampolines
and their data requirements.
Per-CPU page layout mostly inspired by DragonFlyBSD.
ok mlarkin@ deraadt@
CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2018/02/22 13:18:59
Modified files:
sys/arch/amd64/include: specialreg.h
Log message:
The GNU assembler does not understand 1ULL, so replace the constant
with 1. Then it compiles with gcc, sign and size do not matter
here.
OK mlarkin@
CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2018/02/22 13:27:14
Modified files:
sys/arch/amd64/include: cpu_full.h
Log message:
The compile time assertion for cpu info did not work with gcc.
Rephrase the condition in a way that both gcc and clang accept it.
OK guenther@
CVSROOT: /cvs
Module name: src
Changes by: guent...@cvs.openbsd.org 2018/02/22 13:36:40
Modified files:
sys/arch/amd64/amd64: pmap.c
Log message:
Set the PG_G (global) bit on the special page table entries that are shared
between the u-k and u+k tables, because they're actually in *all* tables.
ok bluhm@ kettenis@ mlarkin@
OpenBSD 6.2 errata 009
