Page MenuHomeFreeBSD
Files F148356741

D22374.id64405.diff
No OneTemporary
Actions

D22374.id64405.diff
View Options

Index: sys/amd64/amd64/machdep.c
===================================================================
--- sys/amd64/amd64/machdep.c
+++ sys/amd64/amd64/machdep.c
@@ -1779,6 +1779,7 @@
TUNABLE_INT_FETCH("machdep.syscall_ret_l1d_flush",
&syscall_ret_l1d_flush_mode);
TUNABLE_INT_FETCH("hw.mds_disable", &hw_mds_disable);
+ TUNABLE_INT_FETCH("machdep.mitigations.taa", &x86_taa_disable);
finishidentcpu(); /* Final stage of CPU initialization */
initializecpu(); /* Initialize CPU registers */
Index: sys/dev/cpuctl/cpuctl.c
===================================================================
--- sys/dev/cpuctl/cpuctl.c
+++ sys/dev/cpuctl/cpuctl.c
@@ -546,6 +546,7 @@
pmap_allow_2m_x_ept_recalculate();
#endif
hw_mds_recalculate();
+ x86_taa_recalculate();
printcpuinfo();
return (0);
}
Index: sys/kern/kern_mib.c
===================================================================
--- sys/kern/kern_mib.c
+++ sys/kern/kern_mib.c
@@ -78,6 +78,8 @@
"hardware");
SYSCTL_ROOT_NODE(CTL_MACHDEP, machdep, CTLFLAG_RW, 0,
"machine dependent");
+SYSCTL_NODE(_machdep, OID_AUTO, mitigations, CTLFLAG_RW, 0,
+ "Machine dependent platform mitigations.");
SYSCTL_ROOT_NODE(CTL_USER, user, CTLFLAG_RW, 0,
"user-level");
SYSCTL_ROOT_NODE(CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0,
Index: sys/sys/sysctl.h
===================================================================
--- sys/sys/sysctl.h
+++ sys/sys/sysctl.h
@@ -1094,6 +1094,7 @@
SYSCTL_DECL(_hw_bus_devices);
SYSCTL_DECL(_hw_bus_info);
SYSCTL_DECL(_machdep);
+SYSCTL_DECL(_machdep_mitigations);
SYSCTL_DECL(_user);
SYSCTL_DECL(_compat);
SYSCTL_DECL(_regression);
Index: sys/x86/include/x86_var.h
===================================================================
--- sys/x86/include/x86_var.h
+++ sys/x86/include/x86_var.h
@@ -93,6 +93,7 @@
extern int hw_ibrs_active;
extern int hw_mds_disable;
extern int hw_ssb_active;
+extern int x86_taa_disable;
struct pcb;
struct thread;
@@ -136,6 +137,7 @@
void hw_ibrs_recalculate(void);
void hw_mds_recalculate(void);
void hw_ssb_recalculate(bool all_cpus);
+void x86_taa_recalculate(void);
void nmi_call_kdb(u_int cpu, u_int type, struct trapframe *frame);
void nmi_call_kdb_smp(u_int type, struct trapframe *frame);
void nmi_handle_intr(u_int type, struct trapframe *frame);
Index: sys/x86/x86/cpu_machdep.c
===================================================================
--- sys/x86/x86/cpu_machdep.c
+++ sys/x86/x86/cpu_machdep.c
@@ -1135,6 +1135,194 @@
"Microarchitectural Data Sampling Mitigation "
"(0 - off, 1 - on VERW, 2 - on SW, 3 - on AUTO");
+
+/*
+ * Intel Transactional Memory Asynchronous Abort Mitigation
+ * CVE-2019-11135
+ */
+int x86_taa_disable;
+int x86_taa_state;
+enum {
+ TAA_NONE = 0,
+ TAA_TSX_DISABLE = 1,
+ TAA_VERW = 2,
+ TAA_AUTO = 3
+};
+
+static void
+taa_set_one(bool enable)
+{
+ uint64_t v;
+
+ v = rdmsr(MSR_IA32_TSX_CTRL);
+ if (enable)
+ v |= (uint64_t)(IA32_TSX_CTRL_RTM_DISABLE |
+ IA32_TSX_CTRL_TSX_CPUID_CLEAR);
+ else
+ v &= ~(uint64_t)(IA32_TSX_CTRL_RTM_DISABLE |
+ IA32_TSX_CTRL_TSX_CPUID_CLEAR);
+
+ wrmsr(MSR_IA32_TSX_CTRL, v);
+}
+
+static void
+taa_set(bool enable, bool all)
+{
+ struct thread *td;
+ int bound_cpu, i, is_bound;
+
+ if (all) {
+ td = curthread;
+ thread_lock(td);
+ is_bound = sched_is_bound(td);
+ bound_cpu = td->td_oncpu;
+ CPU_FOREACH(i) {
+ sched_bind(td, i);
+ taa_set_one(enable);
+ }
+ if (is_bound)
+ sched_bind(td, bound_cpu);
+ else
+ sched_unbind(td);
+ thread_unlock(td);
+ } else
+ taa_set_one(enable);
+}
+
+void
+x86_taa_recalculate(void)
+{
+ static int taa_saved_mds_disable = 0;
+ int taa_need = 0, taa_state = 0;
+ int mds_disable = 0, need_mds_recalc = 0;
+
+ /* Check CPUID.07h.EBX.HLE and RTM for the presence of TSX */
+ if ((cpu_stdext_feature & CPUID_STDEXT_HLE) == 0 ||
+ (cpu_stdext_feature & CPUID_STDEXT_RTM) == 0) {
+ /* TSX is not present */
+ x86_taa_state = 0;
+ return;
+ }
+
+ /* Check to see what mitigation options the CPU gives us */
+ if (cpu_ia32_arch_caps & IA32_ARCH_CAP_TAA_NO)
+ /* CPU is not suseptible to TAA */
+ taa_need = TAA_NONE;
+ else if (cpu_ia32_arch_caps & IA32_ARCH_CAP_TSX_CTRL)
+ /*
+ * CPU can turn off TSX. This is the next best option
+ * if TAA_NO hardware mitigation isn't present
+ */
+ taa_need = TAA_TSX_DISABLE;
+ else {
+ /* No TSX/TAA specific remedies are available. */
+ if (x86_taa_disable == TAA_TSX_DISABLE) {
+ if (bootverbose)
+ printf("TSX control not available\n");
+ return;
+ } else
+ taa_need = TAA_VERW;
+ }
+
+ /* Can we automatically take action, or are we being forced? */
+ if (x86_taa_disable == TAA_AUTO)
+ taa_state = taa_need;
+ else
+ taa_state = x86_taa_disable;
+
+ /* No state change, nothing to do */
+ if (taa_state == x86_taa_state) {
+ if (bootverbose)
+ printf("No TSX change made\n");
+ return;
+ }
+
+ /* Does the MSR need to be turned on or off? */
+ if (taa_state == TAA_TSX_DISABLE)
+ taa_set(true, true);
+ else if (x86_taa_state == TAA_TSX_DISABLE)
+ taa_set(false, true);
+
+ /* Does MDS need to be set to turn on VERW? */
+ if (taa_state == TAA_VERW) {
+ taa_saved_mds_disable = hw_mds_disable;
+ mds_disable = hw_mds_disable = 1;
+ need_mds_recalc = 1;
+ } else if (x86_taa_state == TAA_VERW) {
+ mds_disable = hw_mds_disable = taa_saved_mds_disable;
+ need_mds_recalc = 1;
+ }
+ if (need_mds_recalc) {
+ hw_mds_recalculate();
+ if (mds_disable != hw_mds_disable) {
+ if (bootverbose)
+ printf("Cannot change MDS state for TAA\n");
+ /* Don't update our state */
+ return;
+ }
+ }
+
+ x86_taa_state = taa_state;
+ return;
+}
+
+static void
+taa_recalculate_boot(void * arg __unused)
+{
+
+ x86_taa_recalculate();
+}
+SYSINIT(taa_recalc, SI_SUB_SMP, SI_ORDER_ANY, taa_recalculate_boot, NULL);
+
+static int
+sysctl_taa_handler(SYSCTL_HANDLER_ARGS)
+{
+ int error, val;
+
+ val = x86_taa_disable;
+ error = sysctl_handle_int(oidp, &val, 0, req);
+ if (error != 0 || req->newptr == NULL)
+ return (error);
+ if (val < 0 || val > 3)
+ return (EINVAL);
+ x86_taa_disable = val;
+ x86_taa_recalculate();
+ return (0);
+}
+
+SYSCTL_PROC(_machdep_mitigations, OID_AUTO, taa, CTLTYPE_INT |
+ CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_taa_handler, "I",
+ "TSX Asynchronous Abort Mitigation "
+ "(0 - off, 1 - disable TSX, 2 - VERW, 3 - on AUTO");
+
+static int
+sysctl_taa_state_handler(SYSCTL_HANDLER_ARGS)
+{
+ const char *state;
+
+ switch (x86_taa_state) {
+ case TAA_NONE:
+ state = "inactive";
+ break;
+ case TAA_TSX_DISABLE:
+ state = "TSX disabled";
+ break;
+ case TAA_VERW:
+ state = "VERW";
+ break;
+ default:
+ state = "unknown";
+ }
+
+ return (SYSCTL_OUT(req, state, strlen(state)));
+}
+
+SYSCTL_PROC(_machdep_mitigations, OID_AUTO, taa_state,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_taa_state_handler, "A",
+ "Transactional Memory Asynchronous Abort Mitigation state");
+
/*
* Enable and restore kernel text write permissions.
* Callers must ensure that disable_wp()/restore_wp() are executed

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 18, 8:20 AM (17 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29893880
Default Alt Text
D22374.id64405.diff (6 KB)

Event Timeline