Page MenuHomeFreeBSD

x86: AMD Zen2: Zenbleed chicken bit mitigation
ClosedPublic

Authored by olce on Sep 11 2023, 8:21 PM.
Tags
None
Referenced Files
F103233766: D41817.diff
Fri, Nov 22, 11:51 AM
Unknown Object (File)
Wed, Nov 20, 4:13 PM
Unknown Object (File)
Mon, Nov 18, 11:13 PM
Unknown Object (File)
Sun, Nov 10, 5:14 PM
Unknown Object (File)
Sat, Nov 9, 2:17 AM
Unknown Object (File)
Fri, Nov 8, 4:40 PM
Unknown Object (File)
Wed, Nov 6, 11:42 PM
Unknown Object (File)
Tue, Nov 5, 8:56 AM
Subscribers

Details

Summary

Applies only to bare-metal Zen2 processors. The system currently automatically
applies it to all of them.

Tunable/sysctl 'machdep.mitigations.zenbleed.enable' can be used to forcibly
enable or disable the mitigation at boot or run-time. Possible values are: 0:
Mitigation disabled, 1: Mitigation enabled, 2: Run the automatic determination.
Currently, value 2 is the default and has identical effect as value 1. This
might change in the future if we choose to take into account microcode revisions
in the automatic determination process.

The tunable/sysctl value is simply ignored on non-applicable CPU models, which
is useful to apply the same configuration on a set of machines that do not all
have Zen2 processors. Trying to set it to any integer value not listed above is
silently equivalent to setting it to value 2 (automatic determination).

The current mitigation state can be queried through sysctl
'machdep.mitigations.zenbleed.state', which returns "Not applicable",
"Mitigation enabled" or "Mitigation disabled". Note that this state is not
guaranteed to be accurate in case of intervening modifications of the
corresponding chicken bit directly via cpuctl(4) (this includes the
cpucontrol(8) utility). Resetting the desired policy through
'machdep.mitigations.zenbleed.enable' (possibly to its current value) will reset
the hardware state and ensure that the reported state is again coherent with it.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce requested review of this revision.Sep 11 2023, 8:21 PM

There is security(7)

This revision is now accepted and ready to land.Sep 12 2023, 11:40 PM

Also, I started writing a mitigations.7 in D41794

This change felt a little bit verbose to me, compared to the equivalent Linux change. But, I think we do want to rationalize all of the mitigations and make the enables consistent so that they all have off / on / automatic, with the intent that in a normal configuration all can be set to automatic. And we should report status as off (forced), off (does not apply to this hw), etc. So all of that said I think this is fine and may be a good starting point for more common mitigation controls.

This change felt a little bit verbose to me, compared to the equivalent Linux change. But, I think we do want to rationalize all of the mitigations and make the enables consistent so that they all have off / on / automatic, with the intent that in a normal configuration all can be set to automatic. And we should report status as off (forced), off (does not apply to this hw), etc. So all of that said I think this is fine and may be a good starting point for more common mitigation controls.

I agree. It would be great that both the administrative handling of mitigations (the different knobs, for control and reporting) and how they are internally applied are factored out, with the benefits of consistency for users and having to patch less locations for developers. I'll probably give a shot as a follow-up, but I don't plan to do it immediately.

This revision was automatically updated to reflect the committed changes.