git: kernel - Implement spectre mitigations part 2

Matthew Dillon dillon at
Wed Jan 10 15:25:09 PST 2018

commit 9283c84bb165f90825ff030ecf1116089353e765
Author: Matthew Dillon <dillon at>
Date:   Wed Jan 10 14:59:47 2018 -0800

    kernel - Implement spectre mitigations part 2
    * NOTE: The last few commits may have said 'IBPB' but they really
      meant 'IBRS.  The last few commits addde IBRS support, this one
      cleans that up and adds IBPB support.
    * Intel says for IBRS always-on mode (mode 2), SPEC_CTRL still has
      to be poked on every user->kernel entry as a barrier, even though
      the value is not being changed.  So make this change.  This actually
      somewhat improves performance a little on Skylake and later verses
      when I just set it globally and left it that way.
    * Implement IBPB detection and support on Intel.  At the moment
      we default to turning it off because the performance hit is pretty
      massive.  Currently the work on linux is only using IBPB for
      VMM related operations and not for user->kernel entry.
    * Enhance the machdep.spectre_mitigation sysctl to print out
      what the mode matrix is whenever you change it, in human
      readable terms.
      0 IBRS disabled			IBPB disabled
      1 IBRS mode 1 (kernel-only)		IBPB disabled
      2 IBRS mode 2 (at all times)		IBPB disabled
      4 IBRS disabled			IBPB enabled
      5 IBRS mode 1 (kernel-only)		IBPB enabled
      6 IBRS mode 2 (at all times)		IBPB enabled
      Currently we default to (1) instead of (5) when we detect that
      the microcode detects both features.  IBPB is not turned on by default
      (you can see why below).
    * Haswell and Skylake performance loss matrix using the following
      test.  This tests a high-concurrency compile, which is approximately
      a 5:1 user:kernel test with high concurrency.
      The haswell box is:  i3-4130 CPU @ 3.40GHz  (2-core/4-thread)
      The skylake box is:  i5-6500 CPU @ 3.20GHz  (4-core/4-thread)
      This does not include MMU isolation losses, which will add another
      3-4% or so in losses.
      (/usr/obj on tmpfs)
      time make -j 8 nativekernel NO_MODULES=TRUE
    	       HASWELL                 SKYLAKE
    	    IBPB=0  IBPB=1          IBPB=0  IBPB=1
        IBRS=0     0%    12%              0%     17%
        IBRS=1   >12%<   21%           >2.4%<    15%
        IBRS=2    58%    60%             23%     32%
      Note that the automatic default when microcode support is detected
      is IBRS=1, IBPB=0 (12% loss on Haswell and 2.4% loss on Skylake
      for this test).  If we add 3-4% or so for MMU isolation, a Haswell
      cpu loses around 16% and a Skylake cpu loses around 6% or so in
    	      (including 3% MMU isolation losses)
    	       HASWELL                 SKYLAKE
    	    IBPB=0  IBPB=1          IBPB=0  IBPB=1
        IBRS=0     3%    15%              3%     20%
        IBRS=1   >15%<   24%           >5.4%<    18%
        IBRS=2    61%    63%             26%     35%

Summary of changes:
 sys/cpu/x86_64/include/asmacros.h     | 156 +++++++++---------
 sys/cpu/x86_64/include/specialreg.h   |  20 +++
 sys/platform/pc64/include/pcb.h       |   1 +
 sys/platform/pc64/x86_64/exception.S  |   6 +-
 sys/platform/pc64/x86_64/genassym.c   |   1 +
 sys/platform/pc64/x86_64/vm_machdep.c | 292 ++++++++++++++++++++++++----------
 6 files changed, 311 insertions(+), 165 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list