Changeset View
Standalone View
sys/amd64/amd64/machdep.c
| Show First 20 Lines • Show All 1,503 Lines • ▼ Show 20 Lines | #ifdef DDB | ||||
| ksym_end = MD_FETCH(kmdp, MODINFOMD_ESYM, uintptr_t); | ksym_end = MD_FETCH(kmdp, MODINFOMD_ESYM, uintptr_t); | ||||
| db_fetch_ksymtab(ksym_start, ksym_end); | db_fetch_ksymtab(ksym_start, ksym_end); | ||||
| #endif | #endif | ||||
| efi_systbl_phys = MD_FETCH(kmdp, MODINFOMD_FW_HANDLE, vm_paddr_t); | efi_systbl_phys = MD_FETCH(kmdp, MODINFOMD_FW_HANDLE, vm_paddr_t); | ||||
| return (kmdp); | return (kmdp); | ||||
| } | } | ||||
| static int | |||||
| pti_get_default(void) | |||||
kib: This function should go into x86/x86/identcpu.c, since it will be needed for i386 too (unless I… | |||||
| { | |||||
| if (strcmp(cpu_vendor, INTEL_VENDOR_ID) == 0) | |||||
| return (1); | |||||
impUnsubmitted Not Done Inline Actionsdon't we have a list somewhere of affected versions? imp: don't we have a list somewhere of affected versions? | |||||
kibUnsubmitted Not Done Inline ActionsOnce I saw a linux code where pti was disabled for amd and enabled for everything else (e.g. via). kib: Once I saw a linux code where pti was disabled for amd and enabled for everything else (e.g. | |||||
impUnsubmitted Not Done Inline ActionsAlso, in the future Intel may come out with chips that don't suffer from metldown issues. imp: Also, in the future Intel may come out with chips that don't suffer from metldown issues. | |||||
kibUnsubmitted Not Done Inline ActionsIA32_ARCH_CAPABILITIES MSR, bit 0 But I do not think it is meaningful to add this to the code now. kib: https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side… | |||||
emasteUnsubmitted Not Done Inline ActionsAlso https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr We can assume Intel will make a change in CPUs not yet released and that they will not be vulnerable to Meltdown, but I think it is reasonable to start with this, and perhaps add a small handful of cases later (e.g. not vulnerable because too old, not vulnerable because new enough). I believe it is better to have a false positive (PTI enabled when not required); in all cases the user can choose to explicitly enable or disable it. emaste: Also https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr… | |||||
| return (0); | |||||
| } | |||||
| static void | static void | ||||
| amd64_kdb_init(void) | amd64_kdb_init(void) | ||||
| { | { | ||||
| kdb_init(); | kdb_init(); | ||||
| #ifdef KDB | #ifdef KDB | ||||
| if (boothowto & RB_KDB) | if (boothowto & RB_KDB) | ||||
| kdb_enter(KDB_WHY_BOOTFLAGS, "Boot flags requested debugger"); | kdb_enter(KDB_WHY_BOOTFLAGS, "Boot flags requested debugger"); | ||||
| #endif | #endif | ||||
| ▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | hammer_time(u_int64_t modulep, u_int64_t physfree) | ||||
| * must be able to get the icu lock, so it can't be | * must be able to get the icu lock, so it can't be | ||||
| * under witness. | * under witness. | ||||
| */ | */ | ||||
| mutex_init(); | mutex_init(); | ||||
| mtx_init(&icu_lock, "icu", NULL, MTX_SPIN | MTX_NOWITNESS); | mtx_init(&icu_lock, "icu", NULL, MTX_SPIN | MTX_NOWITNESS); | ||||
| mtx_init(&dt_lock, "descriptor tables", NULL, MTX_DEF); | mtx_init(&dt_lock, "descriptor tables", NULL, MTX_DEF); | ||||
| /* exceptions */ | /* exceptions */ | ||||
| pti = pti_get_default(); | |||||
| TUNABLE_INT_FETCH("vm.pmap.pti", &pti); | TUNABLE_INT_FETCH("vm.pmap.pti", &pti); | ||||
| for (x = 0; x < NIDT; x++) | for (x = 0; x < NIDT; x++) | ||||
| setidt(x, pti ? &IDTVEC(rsvd_pti) : &IDTVEC(rsvd), SDT_SYSIGT, | setidt(x, pti ? &IDTVEC(rsvd_pti) : &IDTVEC(rsvd), SDT_SYSIGT, | ||||
| SEL_KPL, 0); | SEL_KPL, 0); | ||||
| setidt(IDT_DE, pti ? &IDTVEC(div_pti) : &IDTVEC(div), SDT_SYSIGT, | setidt(IDT_DE, pti ? &IDTVEC(div_pti) : &IDTVEC(div), SDT_SYSIGT, | ||||
| SEL_KPL, 0); | SEL_KPL, 0); | ||||
| setidt(IDT_DB, pti ? &IDTVEC(dbg_pti) : &IDTVEC(dbg), SDT_SYSIGT, | setidt(IDT_DB, pti ? &IDTVEC(dbg_pti) : &IDTVEC(dbg), SDT_SYSIGT, | ||||
| ▲ Show 20 Lines • Show All 981 Lines • Show Last 20 Lines | |||||
This function should go into x86/x86/identcpu.c, since it will be needed for i386 too (unless I go with unconditional 4/4g split).