3621ba1ede
Speculative Store Bypass (SSB) is a speculative execution side channel vulnerability identified by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1528. Updated Intel microcode introduces a MSR bit to disable SSB as a mitigation for the vulnerability. Introduce a sysctl hw.spec_store_bypass_disable to provide global control over the SSBD bit, akin to the existing sysctl that controls IBRS. The sysctl can be set to one of three values: 0: off 1: on 2: auto Future work will enable applications to control SSBD on a per-process basis (when it is not enabled globally). SSBD bit detection and control was verified with prerelease microcode. Security: CVE-2018-3639 Tested by: emaste (previous version, without updated microcode) Sponsored by: The FreeBSD Foundation MFC after: 3 days
79 lines
3.2 KiB
C
79 lines
3.2 KiB
C
/*-
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*
|
|
* Copyright (c) 1995 Bruce D. Evans.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the author nor the names of contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _MACHINE_MD_VAR_H_
|
|
#define _MACHINE_MD_VAR_H_
|
|
|
|
#include <x86/x86_var.h>
|
|
|
|
extern uint64_t *vm_page_dump;
|
|
extern int hw_lower_amd64_sharedpage;
|
|
extern int hw_ibrs_disable;
|
|
extern int hw_ssb_disable;
|
|
|
|
/*
|
|
* The file "conf/ldscript.amd64" defines the symbol "kernphys". Its
|
|
* value is the physical address at which the kernel is loaded.
|
|
*/
|
|
extern char kernphys[];
|
|
|
|
struct savefpu;
|
|
struct sysentvec;
|
|
|
|
void amd64_conf_fast_syscall(void);
|
|
void amd64_db_resume_dbreg(void);
|
|
void amd64_lower_shared_page(struct sysentvec *);
|
|
void amd64_syscall(struct thread *td, int traced);
|
|
void doreti_iret(void) __asm(__STRING(doreti_iret));
|
|
void doreti_iret_fault(void) __asm(__STRING(doreti_iret_fault));
|
|
void ld_ds(void) __asm(__STRING(ld_ds));
|
|
void ld_es(void) __asm(__STRING(ld_es));
|
|
void ld_fs(void) __asm(__STRING(ld_fs));
|
|
void ld_gs(void) __asm(__STRING(ld_gs));
|
|
void ld_fsbase(void) __asm(__STRING(ld_fsbase));
|
|
void ld_gsbase(void) __asm(__STRING(ld_gsbase));
|
|
void ds_load_fault(void) __asm(__STRING(ds_load_fault));
|
|
void es_load_fault(void) __asm(__STRING(es_load_fault));
|
|
void fs_load_fault(void) __asm(__STRING(fs_load_fault));
|
|
void gs_load_fault(void) __asm(__STRING(gs_load_fault));
|
|
void fsbase_load_fault(void) __asm(__STRING(fsbase_load_fault));
|
|
void gsbase_load_fault(void) __asm(__STRING(gsbase_load_fault));
|
|
void fpstate_drop(struct thread *td);
|
|
void pagezero(void *addr);
|
|
void setidt(int idx, alias_for_inthand_t *func, int typ, int dpl, int ist);
|
|
void sse2_pagezero(void *addr);
|
|
struct savefpu *get_pcb_user_save_td(struct thread *td);
|
|
struct savefpu *get_pcb_user_save_pcb(struct pcb *pcb);
|
|
|
|
#endif /* !_MACHINE_MD_VAR_H_ */
|