Index: head/sys/amd64/amd64/machdep.c =================================================================== --- head/sys/amd64/amd64/machdep.c +++ head/sys/amd64/amd64/machdep.c @@ -1778,10 +1778,17 @@ vty_set_preferred(VTY_VT); TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable); + TUNABLE_INT_FETCH("machdep.mitigations.ibrs.disable", &hw_ibrs_disable); + TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable); + TUNABLE_INT_FETCH("machdep.mitigations.ssb.disable", &hw_ssb_disable); + TUNABLE_INT_FETCH("machdep.syscall_ret_l1d_flush", &syscall_ret_l1d_flush_mode); + TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable); + TUNABLE_INT_FETCH("machdep.mitigations.mds.disable", &hw_mds_disable); + TUNABLE_INT_FETCH("machdep.mitigations.taa.enable", &x86_taa_enable); finishidentcpu(); /* Final stage of CPU initialization */ Index: head/sys/x86/x86/cpu_machdep.c =================================================================== --- head/sys/x86/x86/cpu_machdep.c +++ head/sys/x86/x86/cpu_machdep.c @@ -877,6 +877,12 @@ SYSCTL_INT(_hw, OID_AUTO, ibrs_active, CTLFLAG_RD, &hw_ibrs_active, 0, "Indirect Branch Restricted Speculation active"); +SYSCTL_NODE(_machdep_mitigations, OID_AUTO, ibrs, CTLFLAG_RW, 0, + "Indirect Branch Restricted Speculation active"); + +SYSCTL_INT(_machdep_mitigations_ibrs, OID_AUTO, active, CTLFLAG_RD, + &hw_ibrs_active, 0, "Indirect Branch Restricted Speculation active"); + void hw_ibrs_recalculate(void) { @@ -907,6 +913,11 @@ CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, hw_ibrs_disable_handler, "I", "Disable Indirect Branch Restricted Speculation"); +SYSCTL_PROC(_machdep_mitigations_ibrs, OID_AUTO, disable, CTLTYPE_INT | + CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, + hw_ibrs_disable_handler, "I", + "Disable Indirect Branch Restricted Speculation"); + int hw_ssb_active; int hw_ssb_disable; @@ -914,6 +925,12 @@ &hw_ssb_active, 0, "Speculative Store Bypass Disable active"); +SYSCTL_NODE(_machdep_mitigations, OID_AUTO, ssb, CTLFLAG_RW, 0, + "Speculative Store Bypass Disable active"); + +SYSCTL_INT(_machdep_mitigations_ssb, OID_AUTO, active, CTLFLAG_RD, + &hw_ssb_active, 0, "Speculative Store Bypass Disable active"); + static void hw_ssb_set(bool enable, bool for_all_cpus) { @@ -967,6 +984,11 @@ hw_ssb_disable_handler, "I", "Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto"); +SYSCTL_PROC(_machdep_mitigations_ssb, OID_AUTO, disable, CTLTYPE_INT | + CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, + hw_ssb_disable_handler, "I", + "Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto"); + int hw_mds_disable; /* @@ -1016,6 +1038,14 @@ sysctl_hw_mds_disable_state_handler, "A", "Microarchitectural Data Sampling Mitigation state"); +SYSCTL_NODE(_machdep_mitigations, OID_AUTO, mds, CTLFLAG_RW, 0, + "Microarchitectural Data Sampling Mitigation state"); + +SYSCTL_PROC(_machdep_mitigations_mds, OID_AUTO, state, + CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, + sysctl_hw_mds_disable_state_handler, "A", + "Microarchitectural Data Sampling Mitigation state"); + _Static_assert(__offsetof(struct pcpu, pc_mds_tmp) % 64 == 0, "MDS AVX512"); void @@ -1172,6 +1202,11 @@ "Microarchitectural Data Sampling Mitigation " "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO"); +SYSCTL_PROC(_machdep_mitigations_mds, OID_AUTO, disable, CTLTYPE_INT | + CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0, + sysctl_mds_disable_handler, "I", + "Microarchitectural Data Sampling Mitigation " + "(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO"); /* * Intel Transactional Memory Asynchronous Abort Mitigation