| commit | 375bb03e4563970aee0a2a500e742732a6c8a975 | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Tue, 1 May 2018 03:50:13 +0000 (30 20:50 -0700) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Tue, 8 May 2018 17:01:20 +0000 (8 10:01 -0700) | ||
| tree | 23d9ffe26e81f159010d5177cce1fe6dc4ad93e3 | treesnapshot (tar.gz zip) |
| parent | 85b330488d50cf339de9949ba74ca1faed71d996 | commitdiff |
kernel - Flesh out Spectre mitigation support
* Add handling for all modes for AMD CPUs, including support for
IBRS_AUTO and STIBP_AUTO (always-on) bits which will be added
to future cpus.
* Add STIBP handling to Intel CPUs. I can't find definitions for
AUTO (always-on) modes for Intel, so those are still not supported
(no current CPU has AUTO support yet anyway).
* Current DragonFlyBSD defaults: Will enable IBRS_AUTO and STIBP_AUTO
(always on) support by default if the cpu has it. Will NOT enable IBRS
or STIBP (non-auto) toggling by default. Will not enable IBPB by default.
IBPB is currently not enabled by default. The overhead is an enormous
~2uS. We will follow Linux in this regard.
* Change the machdep.spectre_mitigation sysctl to take a string of
features to enable. Change machdep.spectre_support to display a
string of features supported. Possible features are:
IBRS Indirect Branch Restricted Speculation (U->K and K->U)
STIBP Single Thread Indirect Branch Prediction (U->K and K->U)
IBPB Branch Prediction Barrier (U->K)
IBRS_AUTO IBRS always-on (set once and forget)
STIBP_AUTO STIBP always-on (set once and forget)
The machdep.spectre_support sysctl tells you whats available.
* Refactor tr_pcb_gflags into tr_pcb_spec_ctrl[2] to make it easier
for the assembly code to program the SPEC_CTRL MSR.
* Note that some of the above bits will never be supported by current
hardware and exist to allow future hardware to support these features
in a less expensive manner.
* Also note that for Meltdown, AMD is immune and the meltdown mitigation
will not be enabled. Intel is vulnerable and the mitigation will be
enabled by default. See sysctl machdep.meltdown_mitigation.
* Add handling for all modes for AMD CPUs, including support for
IBRS_AUTO and STIBP_AUTO (always-on) bits which will be added
to future cpus.
* Add STIBP handling to Intel CPUs. I can't find definitions for
AUTO (always-on) modes for Intel, so those are still not supported
(no current CPU has AUTO support yet anyway).
* Current DragonFlyBSD defaults: Will enable IBRS_AUTO and STIBP_AUTO
(always on) support by default if the cpu has it. Will NOT enable IBRS
or STIBP (non-auto) toggling by default. Will not enable IBPB by default.
IBPB is currently not enabled by default. The overhead is an enormous
~2uS. We will follow Linux in this regard.
* Change the machdep.spectre_mitigation sysctl to take a string of
features to enable. Change machdep.spectre_support to display a
string of features supported. Possible features are:
IBRS Indirect Branch Restricted Speculation (U->K and K->U)
STIBP Single Thread Indirect Branch Prediction (U->K and K->U)
IBPB Branch Prediction Barrier (U->K)
IBRS_AUTO IBRS always-on (set once and forget)
STIBP_AUTO STIBP always-on (set once and forget)
The machdep.spectre_support sysctl tells you whats available.
* Refactor tr_pcb_gflags into tr_pcb_spec_ctrl[2] to make it easier
for the assembly code to program the SPEC_CTRL MSR.
* Note that some of the above bits will never be supported by current
hardware and exist to allow future hardware to support these features
in a less expensive manner.
* Also note that for Meltdown, AMD is immune and the meltdown mitigation
will not be enabled. Intel is vulnerable and the mitigation will be
enabled by default. See sysctl machdep.meltdown_mitigation.