From: brynet Date: Mon, 23 Jul 2018 23:25:02 +0000 (+0000) Subject: Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=53804715d8fde5e72865af861c39dcb67b54e672;p=openbsd Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for Managing Speculation on AMD Processors" By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing instruction. Tested on AMD FX-4100 "Bulldozer", and Linux guest in SVM vmd(8) ok deraadt@ mlarkin@ --- diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c index 182fda698e8..6e0aee2b401 100644 --- a/sys/arch/amd64/amd64/identcpu.c +++ b/sys/arch/amd64/amd64/identcpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: identcpu.c,v 1.102 2018/07/12 14:11:11 guenther Exp $ */ +/* $OpenBSD: identcpu.c,v 1.103 2018/07/23 23:25:02 brynet Exp $ */ /* $NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $ */ /* @@ -641,6 +641,26 @@ identifycpu(struct cpu_info *ci) x86_print_cacheinfo(ci); + /* + * "Mitigation G-2" per AMD's Whitepaper "Software Techniques + * for Managing Speculation on AMD Processors" + * + * By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch + * serializing instruction. + * + * This MSR is available on all AMD families >= 10h, except 11h + * where LFENCE is always serializing. + */ + if (!strcmp(cpu_vendor, "AuthenticAMD")) { + if (ci->ci_family >= 0x10 && ci->ci_family != 0x11) { + uint64_t msr; + + msr = rdmsr(MSR_DE_CFG); + msr |= DE_CFG_SERIALIZE_LFENCE; + wrmsr(MSR_DE_CFG, msr); + } + } + /* * Attempt to disable Silicon Debug and lock the configuration * if it's enabled and unlocked. diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h index 06921429587..1b32d30fd9c 100644 --- a/sys/arch/amd64/include/specialreg.h +++ b/sys/arch/amd64/include/specialreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: specialreg.h,v 1.75 2018/07/03 08:42:32 jsg Exp $ */ +/* $OpenBSD: specialreg.h,v 1.76 2018/07/23 23:25:03 brynet Exp $ */ /* $NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $ */ /* $NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $ */ @@ -513,6 +513,7 @@ #define MSR_DE_CFG 0xc0011029 /* Decode Configuration */ #define DE_CFG_721 0x00000001 /* errata 721 */ +#define DE_CFG_SERIALIZE_LFENCE (1 << 1) /* Enable serializing lfence */ #define IPM_C1E_CMP_HLT 0x10000000 #define IPM_SMI_CMP_HLT 0x08000000