git: kernel - Implement spectre mitigations part 1

Matthew Dillon dillon at crater.dragonflybsd.org
Tue Jan 9 21:42:56 PST 2018


commit 8ed0657196b63163619ab4783b55acf8c1dc13c3
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Tue Jan 9 21:36:18 2018 -0800

    kernel - Implement spectre mitigations part 1
    
    * Implement machdep.spectre_mitigation.  This can be set as a tunable
      or sysctl'd later.  The tunable is only applicable if the BIOS has
      the appropriate microcode, otherwise you have to update the microcode
      first and then use sysctl to set the mode.
    
      This works similarly to Linux's IBRS support.
    
      mode 0 - Spectre IBPB MSRs disabled
    
      mode 1 - Sets IBPB MSR on USER->KERN transition and clear it
    	   on KERN->USER.
    
      mode 2 - Leave IBPB set globally.  Do not toggle on USER->KERN or
    	   KERN->USER transitions.
    
    * Retest spectre microcode MSRs on microcode update.
    
    * Spectre mode 1 is enabled by default if the microcode supports it.
      (we might change this to disabled by default, I'm still mulling it
      over).
    
    * General performance effects (not counting the MMU separation mode,
      which is machdep.meltdown_mitigation and adds another 3% in overhead):
    
      Skylake loses around 5% for mode 1 and 12% for mode 2, verses mode 0.
      Haswell loses around 12% for mode 1 and 53% for mode 2, verses mode 0.
    
      Add another 3% if MMU separation is also turned on (aka
      machdep.meltdown_mitigation).
    
    * General system call overhead effects on Skylake:
    
      machdep.meltdown_mitigation=0, machdep.spectre_mitigation=0	103ns
      machdep.meltdown_mitigation=1, machdep.spectre_mitigation=0	360ns
      machdep.meltdown_mitigation=1, machdep.spectre_mitigation=1	848ns
      machdep.meltdown_mitigation=1, machdep.spectre_mitigation=2	404ns
    
      Note that mode 1 has better overall performance for mixed user+kernel
      workloads despite having a much higher system call overhead, whereas
      mode 2 has lower system call overhead but generally lower overall
      performance because IBPB is enabled in usermode.

Summary of changes:
 sys/cpu/x86_64/include/asmacros.h     | 238 +++++++++++++++++++++-------------
 sys/cpu/x86_64/include/frame.h        |   8 +-
 sys/dev/misc/cpuctl/cpuctl.c          |   6 +
 sys/platform/pc64/include/pcb.h       |   2 +
 sys/platform/pc64/x86_64/exception.S  |   6 +-
 sys/platform/pc64/x86_64/genassym.c   |   8 +-
 sys/platform/pc64/x86_64/machdep.c    |  45 ++++++-
 sys/platform/pc64/x86_64/vm_machdep.c | 211 +++++++++++++++++++++++++++++-
 8 files changed, 423 insertions(+), 101 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/8ed0657196b63163619ab4783b55acf8c1dc13c3


-- 
DragonFly BSD source repository


More information about the Commits mailing list