Commit Graph

985 Commits

Author SHA1 Message Date
Scott Long
e372160177 TSX Asynchronous Abort mitigation for Intel CVE-2019-11135.
This CVE has already been announced in FreeBSD SA-19:26.mcu.

Mitigation for TAA involves either turning off TSX or turning on the
VERW mitigation used for MDS. Some CPUs will also be self-mitigating
for TAA and require no software workaround.

Control knobs are:
machdep.mitigations.taa.enable:
        0 - no software mitigation is enabled
        1 - attempt to disable TSX
        2 - use the VERW mitigation
        3 - automatically select the mitigation based on processor
	    features.

machdep.mitigations.taa.state:
        inactive        - no mitigation is active/enabled
        TSX disable     - TSX is disabled in the bare metal CPU as well as
                        - any virtualized CPUs
        VERW            - VERW instruction clears CPU buffers
	not vulnerable	- The CPU has identified itself as not being
			  vulnerable

Nothing in the base FreeBSD system uses TSX.  However, the instructions
are straight-forward to add to custom applications and require no kernel
support, so the mitigation is provided for users with untrusted
applications and tenants.

Reviewed by:	emaste, imp, kib, scottph
Sponsored by:	Intel
Differential Revision:	22374
2019-11-16 00:26:42 +00:00
Scott Long
22d13bfd34 Revert a patch that accidentally was committed with r354729 2019-11-15 11:54:51 +00:00
Scott Long
99a6085fde Fix a typo in how the AVX512DQ feature bit is checked.
Reviewed by:	kib
Sponsored by:	Intel
2019-11-15 11:53:06 +00:00
Scott Long
837d733265 Add new bit definitions for TSX, related to the TAA issue. The actual
mitigation will follow in a future commit.

Sponsored by:	Intel
2019-11-12 19:15:16 +00:00
Konstantin Belousov
c08973d09c Workaround for Intel SKL002/SKL012S errata.
Disable the use of executable 2M page mappings in EPT-format page
tables on affected CPUs.  For bhyve virtual machines, this effectively
disables all use of superpage mappings on affected CPUs.  The
vm.pmap.allow_2m_x_ept sysctl can be set to override the default and
enable mappings on affected CPUs.

Alternate approaches have been suggested, but at present we do not
believe the complexity is warranted for typical bhyve's use cases.

Reviewed by:	alc, emaste, markj, scottl
Security:	CVE-2018-12207
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D21884
2019-11-12 18:01:33 +00:00
Roger Pau Monné
b2802351c1 xen: fix dispatching of NMIs
Currently NMIs are sent over event channels, but that defeats the
purpose of NMIs since event channels can be masked. Fix this by
issuing NMIs using a hypercall, which injects a NMI (vector #2) to the
desired vCPU.

Note that NMIs could also be triggered using the emulated local APIC,
but using a hypercall is better from a performance point of view
since it doesn't involve instruction decoding when not using x2APIC
mode.

Reported and Tested by:	avg
Sponsored by:		Citrix Systems R&D
2019-11-12 10:31:28 +00:00
Scott Long
c47c10a1f3 Add the text attribute for MDS_NO in the IA32_ARCH_CAP MSR. 2019-11-11 22:18:05 +00:00
Andriy Gapon
e688e78187 revert r354482, checking for XENHVM was a wrong way of checking for Xen 2019-11-07 21:43:31 +00:00
Andriy Gapon
bff7f83d39 IPI_TRACE is not really supported on xen
x86 stack_save_td_running() can work safely only if IPI_TRACE is a
non-maskable interrupt.  But at the moment FreeBSD/Xen does not provide
support for the NMI delivery mode.  So, mark the functionality as
unsupported similarly to other platforms without NMI.
Maybe there is a way to provide a Xen-specific working
stack_save_td_running(), but I couldn't figure it out.

MFC after:	3 weeks
Sponsored by:	Panzura
2019-11-07 21:14:59 +00:00
Andrew Gallatin
bb7aaac379 Add tunable to allow interrupts on hyperthreaded cores
Enabling interrupts on htt cores has benefits to workloads which are primarily
interrupt driven by increasing the logical cores available for interrupt handling.
The tunable is named machdep.hyperthreading_intr_allowed

Reviewed by:	kib, jhb
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D22233
2019-11-04 19:30:19 +00:00
Conrad Meyer
ebcfcba8f8 amd64: Fix typo: RDPRU bit is 0x10, not 0x04
Bit 4 != 4, of course.

X-MFC-With:	r354162
2019-10-30 04:00:44 +00:00
Conrad Meyer
706bc29b7b amd64: Define and decode new AMD64 feature bits
These are documented in revisions 3.32 of the public AMD64 Vol. 2 and
revision 3.28 of Vol. 3, published October and September 2019, respectively.
2019-10-30 01:41:14 +00:00
Conrad Meyer
1a352c3c1b hw.intrbalance: Make sysctl tunable
This allows specifying a boot-time preference in loader.conf.
2019-10-19 16:37:49 +00:00
Andriy Gapon
3aa8a8ed2d remove wmb() call from x86 cpu_reset()
The rationale is pretty much the same as in r353747.
There is no subsequent dependent store.
The store is to the regular (TSO) memory anyway.

MFC after:	23 days
2019-10-19 07:13:15 +00:00
Conrad Meyer
b1f22a0083 x86: Remove unused variable from r353712
It was in my git tree (uncommitted) and didn't get carried over to SVN in
r353712.

X-MFC-With:	r353712
2019-10-18 02:25:30 +00:00
Conrad Meyer
bb044eaf54 x86: Fetch and save standard CPUID leaf 6 in identcpu
Rather than a few scattered places in the tree.  Organize flag names in a
contiguous region of specialreg.h.

While here, delete deprecated PCOMMIT from leaf 7.

No functional change.
2019-10-18 02:18:17 +00:00
Conrad Meyer
d23e252dfa x86: Use canonical spelling of MOVDIR64B feature/instruction
The former spelling probably confused MOVDIR64B with MOVDIRI64.

MOVDIR_64B is the 64-*byte* direct store instruction; MOVDIR_I64 is the
64-*bit* direct store instruction (underscores added here for clarity; they are
not part of the canonical instruction name).

No functional change.

Sponsored by:	Dell EMC Isilon
2019-10-14 20:55:01 +00:00
Mateusz Guzik
fa43c5d49e amd64: plug spurious cld instructions
ABI already guarantees the direction is forward. Note this does not take care
of i386-specific cld's.

Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21906
2019-10-08 21:14:11 +00:00
Eric van Gyzen
a912616493 Make the hw.intrs sysctl OID read-only
The handler ignores the new value, so make the OID read-only.

I found this while working on r353111.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2019-10-04 21:46:11 +00:00
Mark Johnston
b119329d81 Complete the removal of the "wire_count" field from struct vm_page.
Convert all remaining references to that field to "ref_count" and update
comments accordingly.  No functional change intended.

Reviewed by:	alc, kib
Sponsored by:	Intel, Netflix
Differential Revision:	https://reviews.freebsd.org/D21768
2019-09-25 16:11:35 +00:00
Konstantin Belousov
a9d0e0071c x86: Fall back to leaf 0x16 if TSC frequency is obtained by CPUID and
leaf 0x15 is not functional.

This should improve automatic TSC frequency determination on
Skylake/Kabylake/... families, where 0x15 exists but does not provide
all necessary information.  SDM contains relatively strong wording
against such uses of 0x16, but Intel does not give us any other way to
obtain the frequency. Linux did the same in the commit
604dc9170f2435d27da5039a3efd757dceadc684.

Based on submission by:	Neel Chauhan <neel@neelc.org>
PR:	240475
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21777
2019-09-25 13:36:56 +00:00
Jeff Roberson
2194393787 Move phys_avail definition into MI code. It is consumed in the MI layer and
doing so adds more flexibility with less redundant code.

Reviewed by:	jhb, markj, kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D21250
2019-08-16 00:45:14 +00:00
John Baldwin
ea32110781 Stop listing "on motherboard" as the parent of nexus devices on x86.
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D21256
2019-08-14 22:13:11 +00:00
Ed Maste
ba084c18de sys/{x86,amd64}: remove one of doubled ;s
MFC after:	1 week
2019-08-13 19:39:36 +00:00
Warner Losh
c1ab04fce5 Floppy driver really only works on x86
Move the floppy driver to the x86 specific notes file.

Reviewed by: jhb, manu, jhibbits, emaste
Differential Revision: https://reviews.freebsd.org/D21208
2019-08-12 22:58:50 +00:00
Warner Losh
99e1c5ab38 Move sc out of the global file
x86 needs sc, as does sparc64. powerpc doesn't use it by default, but some old
powermac notebooks do not work with vt yet for reasons unknonw. Even so, I've
removed it from powerpc LINT. It's not in daily use there, and the intent is to
100% switch to vt now that it works for that platform to limit support burden.

All the other architectures omit some or all of the screen savers from their
lint config. Move them to the x86 NOTES files and remove the exclusions. This
reduces slightly the number of savers sparc64 compiles, but since they are in
GENERIC, the overage is adequate and if someone reaelly wants to sort them out
in sparc64 they can sweat the details and the testing.

Reviewed by: jhb (earlier version), manu (earlier version), jhibbits
Differential Revision: https://reviews.freebsd.org/D21233
2019-08-12 22:58:44 +00:00
Warner Losh
0d89c934cb Start to split out the really x86 specific NOTES from the global notes file.
Start with COMPAT_43, since it's really only relevant to x86.

Reviewed by: jhb@
Differential Revision: https://reviews.freebsd.org/D21203
2019-08-12 22:58:13 +00:00
Konstantin Belousov
b7b6b7a9c5 PR: 239143
Reported and tested by:	Wes Maag <jwmaag@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-07-14 21:08:54 +00:00
Konstantin Belousov
e2e0470dfa Ensure that mds_handler always points to a valid method.
Depending on system configuration, version, and architecture,
mds_handler might be dereferenced from doreti before
hw_mds_recalculate_boot() initialized it.  Statically assign void
method to cover all cases.

Reported by:	"Schuendehuette, Matthias (LDA IT PLM)" <matthias.schuendehuette@siemens.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2019-07-11 16:22:49 +00:00
Jonathan T. Looney
ca8929d2a3 Currently, MCA entries remain on an every-growing linked list. This means
that it becomes increasingly expensive to process a steady stream of
correctable errors. Additionally, the memory used by the MCA entries can
grow without bound.

Change the code to maintain two separate lists: a list of entries which
still need to be logged, and a list of entries which have already been
logged. Additionally, allow a user-configurable limit on the number of
entries which will be saved after they are logged. (The limit defaults
to -1 [unlimited], which is the current behavior.)

Reviewed by:	imp, jhb
MFC after:	2 weeks
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20482
2019-06-08 18:26:48 +00:00
Tycho Nightingale
56db4ebd34 another occurrence where a very large dma mapping can cause integer overflow
Submitted by:	rlibby
Sponsored by:	Dell EMC Isilon
2019-06-05 13:08:21 +00:00
Tycho Nightingale
88e9fbe568 very large dma mappings can cause integer overflow
Reviewed by:	kib
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20505
2019-06-03 19:19:35 +00:00
John Baldwin
bebcdc0073 Add a constant for the LS config MSR on AMD CPUs.
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D19506
2019-05-23 23:37:11 +00:00
Conrad Meyer
c63f1e21da Decode and name additional x86 feature bits
These are all enumerated in Intel's ISA extension reference, 37th ed.

Sponsored by:	Dell EMC Isilon
2019-05-22 23:22:36 +00:00
Andrew Gallatin
18f9bb6fe0 x86 MCA: introduce MCA hooks for different vendor implementations
This is needed for AMD SMCA processors, as SMCA uses different
MSR address for access MCA banks.

Use IA32 specific msr_ops as defualt, and use SMCA-specific msr_ops
when on an SMCA-enabled processor

Submitted by:	chandu from amd dot com
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D18055
2019-05-22 13:44:15 +00:00
Konstantin Belousov
48ec6d3bc9 Do not call hw_mds_recalculate() from initializecpu().
If MDS mitigation is enabled by the tunable but MDS microcode is not
early-loaded, software mitigation is selected.  This causes
initializecpu() to try to allocate memory which makes boot process
very unhappy.

Create SYSINIT that runs sufficiently late to succeed.

Reported by:	naddy
PR:	237968
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-05-21 22:56:21 +00:00
Stephen J. Kiernan
1177d38ce1 The older detection methods (smbios.bios.vendor and smbios.system.product)
are able to determine some virtual machines, but the vm_guest variable was
still only being set to VM_GUEST_VM.

Since we do know what some of them specifically are, we can set vm_guest
appropriately.

Also, if we see the CPUID has the HV flag, but we were unable to find a
definitive vendor in the Hypervisor CPUID Information Leaf, fall back to
the older detection methods, as they may be able to determine a specific
HV type.

Add VM_GUEST_PARALLELS value to VM_GUEST for Parallels.

Approved by:	cem
Differential Revision:	https://reviews.freebsd.org/D20305
2019-05-21 13:29:53 +00:00
Conrad Meyer
e2e050c8ef Extract eventfilter declarations to sys/_eventfilter.h
This allows replacing "sys/eventfilter.h" includes with "sys/_eventfilter.h"
in other header files (e.g., sys/{bus,conf,cpu}.h) and reduces header
pollution substantially.

EVENTHANDLER_DECLARE and EVENTHANDLER_LIST_DECLAREs were moved out of .c
files into appropriate headers (e.g., sys/proc.h, powernv/opal.h).

As a side effect of reduced header pollution, many .c files and headers no
longer contain needed definitions.  The remainder of the patch addresses
adding appropriate includes to fix those files.

LOCK_DEBUG and LOCK_FILE_LINE_ARG are moved to sys/_lock.h, as required by
sys/mutex.h since r326106 (but silently protected by header pollution prior
to this change).

No functional change (intended).  Of course, any out of tree modules that
relied on header pollution for sys/eventhandler.h, sys/lock.h, or
sys/mutex.h inclusion need to be fixed.  __FreeBSD_version has been bumped.
2019-05-20 00:38:23 +00:00
Stephen J. Kiernan
c5c8916278 Add missing setting of hv_base to the leaf that we used.
Correct setting hv_high to use regs[0], not leaf.
2019-05-19 15:07:14 +00:00
Stephen J. Kiernan
949f834a61 Instead of individual conditional statements to look for each hypervisor
type, use a table to make it easier to add more in the future, if needed.

Add VirtualBox detection to the table ("VBoxVBoxVBox" is the hypervisor
vendor string to look for.) Also add VM_GUEST_VBOX to the VM_GUEST
enumeration to indicate VirtualBox.

Save the CPUID base for the hypervisor entry that we detected. Driver code
may need to know about it in order to obtain additional CPUID features.

Approved by:	bryanv, jhb
Differential Revision:	https://reviews.freebsd.org/D16305
2019-05-17 17:21:32 +00:00
Konstantin Belousov
8f7f38457f Free microcode memory later.
With lockless DI, pmap_remove() requires operational thread lock,
which is initialized at SI_SUB_RUN_QUEUE for thread0.  Move it even
later where APs are started, the moment after which other boot memory
like trampoline stacks is already being freed.

Reported by:	gtetlow
Sponsored by:	The FreeBSD Foundation
MFC after:	30 days
2019-05-17 17:11:01 +00:00
Konstantin Belousov
7c5a46a1bc Remove resolver_qual from DEFINE_IFUNC/DEFINE_UIFUNC macros.
In all practical situations, the resolver visibility is static.

Requested by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	so (emaste)
Differential revision:	https://reviews.freebsd.org/D20281
2019-05-16 22:20:54 +00:00
Tycho Nightingale
b961c0f244 Allow loading the same DMA address multiple times without any prior
unload for the LinuxKPI.

Reviewed by:	kib, zeising
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20181
2019-05-16 17:41:16 +00:00
Ryan Libby
244081120e iommu static analysis cleanup
A static analyzer complained about a couple instances of checking a
variable against NULL after already having dereferenced it.
 - dmar_gas_alloc_region: remove the tautological NULL checks
 - dmar_release_resources / dmar_fini_fault_log: don't deref unit->regs
   unless initialized.

And while here, fix an inverted initialization check in dmar_fini_qi.

Reviewed by:	kib
Sponsored by:	Dell EMC Isilon
Differential revision:	https://reviews.freebsd.org/D20263
2019-05-16 04:24:08 +00:00
Conrad Meyer
e7e3d5223f x86: Correctly identify bhyve hypervisor
Spotted after a similar report by Olivier Cochard-Labbé.

Sponsored by:	Dell EMC Isilon
2019-05-16 01:32:54 +00:00
Konstantin Belousov
b55d4ebe5f Properly announce MD_CLEAR.
Submitted by:	Petr Lampa <lampa@fit.vutbr.cz>
MFC after:	3 days
2019-05-15 17:55:41 +00:00
Konstantin Belousov
7355a02bdd Mitigations for Microarchitectural Data Sampling.
Microarchitectural buffers on some Intel processors utilizing
speculative execution may allow a local process to obtain a memory
disclosure.  An attacker may be able to read secret data from the
kernel or from a process when executing untrusted code (for example,
in a web browser).

Reference: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Security:	CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Security:	FreeBSD-SA-19:07.mds
Reviewed by:	jhb
Tested by:	emaste, lwhsu
Approved by:	so (gtetlow)
2019-05-14 17:02:20 +00:00
Mateusz Guzik
a8c2fcb287 x86: store pending bitmapped IPIs in per-cpu areas
This gets rid of the global cpu_ipi_pending array.

While replace cmpset with fcmpset in the delivery code and opportunistically
check if given IPI is already pending.

Sponsored by:	The FreeBSD Foundation
2019-05-12 06:36:54 +00:00
Konstantin Belousov
078116a662 amd64: fix BUS_SPACE_MAXSIZE to 64bit max value.
Reviewed by:	jhb, tychon (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D20154
2019-05-07 01:18:57 +00:00
Tycho Nightingale
8d2a55ca67 zero inputs to vm_page_initfake() for predictable results
Reviewed by:	kib
Submitted by:	Anton Rang <rang at acm.org>
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D20162
2019-05-06 00:57:05 +00:00