Print this page
8956 Implement KPTI
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/i86pc/os/mlsetup.c
+++ new/usr/src/uts/i86pc/os/mlsetup.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2012 Gary Mills
23 23 *
24 24 * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
25 25 * Copyright (c) 2011 by Delphix. All rights reserved.
26 - * Copyright 2016 Joyent, Inc.
26 + * Copyright 2018 Joyent, Inc.
27 27 */
28 28 /*
29 29 * Copyright (c) 2010, Intel Corporation.
30 30 * All rights reserved.
31 31 */
32 32
33 33 #include <sys/types.h>
34 34 #include <sys/sysmacros.h>
35 35 #include <sys/disp.h>
36 36 #include <sys/promif.h>
37 37 #include <sys/clock.h>
38 38 #include <sys/cpuvar.h>
39 39 #include <sys/stack.h>
40 40 #include <vm/as.h>
41 41 #include <vm/hat.h>
42 42 #include <sys/reboot.h>
43 43 #include <sys/avintr.h>
44 44 #include <sys/vtrace.h>
45 45 #include <sys/proc.h>
46 46 #include <sys/thread.h>
47 47 #include <sys/cpupart.h>
48 48 #include <sys/pset.h>
49 49 #include <sys/copyops.h>
50 50 #include <sys/pg.h>
51 51 #include <sys/disp.h>
52 52 #include <sys/debug.h>
53 53 #include <sys/sunddi.h>
54 54 #include <sys/x86_archext.h>
55 55 #include <sys/privregs.h>
56 56 #include <sys/machsystm.h>
57 57 #include <sys/ontrap.h>
58 58 #include <sys/bootconf.h>
59 59 #include <sys/boot_console.h>
60 60 #include <sys/kdi_machimpl.h>
61 61 #include <sys/archsystm.h>
62 62 #include <sys/promif.h>
63 63 #include <sys/pci_cfgspace.h>
64 64 #include <sys/bootvfs.h>
65 65 #include <sys/tsc.h>
66 66 #ifdef __xpv
67 67 #include <sys/hypervisor.h>
68 68 #else
69 69 #include <sys/xpv_support.h>
70 70 #endif
71 71
72 72 /*
73 73 * some globals for patching the result of cpuid
74 74 * to solve problems w/ creative cpu vendors
75 75 */
76 76
77 77 extern uint32_t cpuid_feature_ecx_include;
78 78 extern uint32_t cpuid_feature_ecx_exclude;
79 79 extern uint32_t cpuid_feature_edx_include;
80 80 extern uint32_t cpuid_feature_edx_exclude;
81 81
82 82 /*
83 83 * Set console mode
84 84 */
85 85 static void
86 86 set_console_mode(uint8_t val)
87 87 {
88 88 struct bop_regs rp = {0};
89 89
90 90 rp.eax.byte.ah = 0x0;
91 91 rp.eax.byte.al = val;
92 92 rp.ebx.word.bx = 0x0;
93 93
94 94 BOP_DOINT(bootops, 0x10, &rp);
95 95 }
96 96
97 97
98 98 /*
99 99 * Setup routine called right before main(). Interposing this function
100 100 * before main() allows us to call it in a machine-independent fashion.
101 101 */
102 102 void
103 103 mlsetup(struct regs *rp)
104 104 {
105 105 u_longlong_t prop_value;
106 106 extern struct classfuncs sys_classfuncs;
107 107 extern disp_t cpu0_disp;
108 108 extern char t0stack[];
109 109 extern int post_fastreboot;
110 110 extern uint64_t plat_dr_options;
111 111
112 112 ASSERT_STACK_ALIGNED();
113 113
114 114 /*
115 115 * initialize cpu_self
116 116 */
117 117 cpu[0]->cpu_self = cpu[0];
118 118
119 119 #if defined(__xpv)
120 120 /*
121 121 * Point at the hypervisor's virtual cpu structure
122 122 */
123 123 cpu[0]->cpu_m.mcpu_vcpu_info = &HYPERVISOR_shared_info->vcpu_info[0];
124 124 #endif
125 125
126 126 /*
127 127 * check if we've got special bits to clear or set
128 128 * when checking cpu features
129 129 */
130 130
131 131 if (bootprop_getval("cpuid_feature_ecx_include", &prop_value) != 0)
132 132 cpuid_feature_ecx_include = 0;
133 133 else
134 134 cpuid_feature_ecx_include = (uint32_t)prop_value;
135 135
136 136 if (bootprop_getval("cpuid_feature_ecx_exclude", &prop_value) != 0)
137 137 cpuid_feature_ecx_exclude = 0;
138 138 else
139 139 cpuid_feature_ecx_exclude = (uint32_t)prop_value;
140 140
|
↓ open down ↓ |
104 lines elided |
↑ open up ↑ |
141 141 if (bootprop_getval("cpuid_feature_edx_include", &prop_value) != 0)
142 142 cpuid_feature_edx_include = 0;
143 143 else
144 144 cpuid_feature_edx_include = (uint32_t)prop_value;
145 145
146 146 if (bootprop_getval("cpuid_feature_edx_exclude", &prop_value) != 0)
147 147 cpuid_feature_edx_exclude = 0;
148 148 else
149 149 cpuid_feature_edx_exclude = (uint32_t)prop_value;
150 150
151 +#if !defined(__xpv)
151 152 /*
153 + * Check to see if KPTI has been explicitly enabled or disabled.
154 + * We have to check this before init_desctbls().
155 + */
156 + if (bootprop_getval("kpti", &prop_value) == 0) {
157 + kpti_enable = (uint64_t)(prop_value == 1);
158 + prom_printf("unix: forcing kpti to %s due to boot argument\n",
159 + (kpti_enable == 1) ? "ON" : "OFF");
160 + } else {
161 + kpti_enable = 1;
162 + }
163 +
164 + if (bootprop_getval("pcid", &prop_value) == 0 && prop_value == 0) {
165 + prom_printf("unix: forcing pcid to OFF due to boot argument\n");
166 + x86_use_pcid = 0;
167 + } else if (kpti_enable != 1) {
168 + x86_use_pcid = 0;
169 + }
170 +#endif
171 +
172 + /*
152 173 * Initialize idt0, gdt0, ldt0_default, ktss0 and dftss.
153 174 */
154 175 init_desctbls();
155 176
156 177 /*
157 178 * lgrp_init() and possibly cpuid_pass1() need PCI config
158 179 * space access
159 180 */
160 181 #if defined(__xpv)
161 182 if (DOMAIN_IS_INITDOMAIN(xen_info))
162 183 pci_cfgspace_init();
163 184 #else
164 185 pci_cfgspace_init();
165 186 /*
166 187 * Initialize the platform type from CPU 0 to ensure that
167 188 * determine_platform() is only ever called once.
168 189 */
169 190 determine_platform();
170 191 #endif
171 192
172 193 /*
173 194 * The first lightweight pass (pass0) through the cpuid data
174 195 * was done in locore before mlsetup was called. Do the next
175 196 * pass in C code.
176 197 *
177 198 * The x86_featureset is initialized here based on the capabilities
178 199 * of the boot CPU. Note that if we choose to support CPUs that have
179 200 * different feature sets (at which point we would almost certainly
180 201 * want to set the feature bits to correspond to the feature
181 202 * minimum) this value may be altered.
182 203 */
183 204 cpuid_pass1(cpu[0], x86_featureset);
184 205
185 206 #if !defined(__xpv)
186 207 if ((get_hwenv() & HW_XEN_HVM) != 0)
187 208 xen_hvm_init();
188 209
189 210 /*
190 211 * Before we do anything with the TSCs, we need to work around
191 212 * Intel erratum BT81. On some CPUs, warm reset does not
192 213 * clear the TSC. If we are on such a CPU, we will clear TSC ourselves
193 214 * here. Other CPUs will clear it when we boot them later, and the
194 215 * resulting skew will be handled by tsc_sync_master()/_slave();
195 216 * note that such skew already exists and has to be handled anyway.
196 217 *
197 218 * We do this only on metal. This same problem can occur with a
198 219 * hypervisor that does not happen to virtualise a TSC that starts from
199 220 * zero, regardless of CPU type; however, we do not expect hypervisors
200 221 * that do not virtualise TSC that way to handle writes to TSC
201 222 * correctly, either.
202 223 */
203 224 if (get_hwenv() == HW_NATIVE &&
204 225 cpuid_getvendor(CPU) == X86_VENDOR_Intel &&
205 226 cpuid_getfamily(CPU) == 6 &&
206 227 (cpuid_getmodel(CPU) == 0x2d || cpuid_getmodel(CPU) == 0x3e) &&
207 228 is_x86_feature(x86_featureset, X86FSET_TSC)) {
208 229 (void) wrmsr(REG_TSC, 0UL);
209 230 }
210 231
211 232 /*
212 233 * Patch the tsc_read routine with appropriate set of instructions,
213 234 * depending on the processor family and architecure, to read the
214 235 * time-stamp counter while ensuring no out-of-order execution.
215 236 * Patch it while the kernel text is still writable.
216 237 *
217 238 * Note: tsc_read is not patched for intel processors whose family
218 239 * is >6 and for amd whose family >f (in case they don't support rdtscp
219 240 * instruction, unlikely). By default tsc_read will use cpuid for
220 241 * serialization in such cases. The following code needs to be
221 242 * revisited if intel processors of family >= f retains the
222 243 * instruction serialization nature of mfence instruction.
223 244 * Note: tsc_read is not patched for x86 processors which do
224 245 * not support "mfence". By default tsc_read will use cpuid for
225 246 * serialization in such cases.
226 247 *
227 248 * The Xen hypervisor does not correctly report whether rdtscp is
228 249 * supported or not, so we must assume that it is not.
229 250 */
230 251 if ((get_hwenv() & HW_XEN_HVM) == 0 &&
231 252 is_x86_feature(x86_featureset, X86FSET_TSCP))
232 253 patch_tsc_read(TSC_TSCP);
233 254 else if (cpuid_getvendor(CPU) == X86_VENDOR_AMD &&
234 255 cpuid_getfamily(CPU) <= 0xf &&
235 256 is_x86_feature(x86_featureset, X86FSET_SSE2))
236 257 patch_tsc_read(TSC_RDTSC_MFENCE);
237 258 else if (cpuid_getvendor(CPU) == X86_VENDOR_Intel &&
238 259 cpuid_getfamily(CPU) <= 6 &&
239 260 is_x86_feature(x86_featureset, X86FSET_SSE2))
240 261 patch_tsc_read(TSC_RDTSC_LFENCE);
241 262
242 263 #endif /* !__xpv */
243 264
244 265 #if defined(__i386) && !defined(__xpv)
245 266 /*
246 267 * Some i386 processors do not implement the rdtsc instruction,
247 268 * or at least they do not implement it correctly. Patch them to
248 269 * return 0.
249 270 */
250 271 if (!is_x86_feature(x86_featureset, X86FSET_TSC))
251 272 patch_tsc_read(TSC_NONE);
252 273 #endif /* __i386 && !__xpv */
253 274
254 275 #if defined(__amd64) && !defined(__xpv)
255 276 patch_memops(cpuid_getvendor(CPU));
256 277 #endif /* __amd64 && !__xpv */
257 278
258 279 #if !defined(__xpv)
259 280 /* XXPV what, if anything, should be dorked with here under xen? */
260 281
261 282 /*
262 283 * While we're thinking about the TSC, let's set up %cr4 so that
263 284 * userland can issue rdtsc, and initialize the TSC_AUX value
264 285 * (the cpuid) for the rdtscp instruction on appropriately
265 286 * capable hardware.
266 287 */
267 288 if (is_x86_feature(x86_featureset, X86FSET_TSC))
268 289 setcr4(getcr4() & ~CR4_TSD);
269 290
270 291 if (is_x86_feature(x86_featureset, X86FSET_TSCP))
271 292 (void) wrmsr(MSR_AMD_TSCAUX, 0);
272 293
273 294 /*
274 295 * Let's get the other %cr4 stuff while we're here. Note, we defer
275 296 * enabling CR4_SMAP until startup_end(); however, that's importantly
276 297 * before we start other CPUs. That ensures that it will be synced out
277 298 * to other CPUs.
278 299 */
279 300 if (is_x86_feature(x86_featureset, X86FSET_DE))
280 301 setcr4(getcr4() | CR4_DE);
281 302
282 303 if (is_x86_feature(x86_featureset, X86FSET_SMEP))
283 304 setcr4(getcr4() | CR4_SMEP);
284 305 #endif /* __xpv */
285 306
286 307 /*
287 308 * initialize t0
288 309 */
289 310 t0.t_stk = (caddr_t)rp - MINFRAME;
290 311 t0.t_stkbase = t0stack;
291 312 t0.t_pri = maxclsyspri - 3;
292 313 t0.t_schedflag = TS_LOAD | TS_DONT_SWAP;
293 314 t0.t_procp = &p0;
294 315 t0.t_plockp = &p0lock.pl_lock;
295 316 t0.t_lwp = &lwp0;
296 317 t0.t_forw = &t0;
297 318 t0.t_back = &t0;
298 319 t0.t_next = &t0;
299 320 t0.t_prev = &t0;
300 321 t0.t_cpu = cpu[0];
301 322 t0.t_disp_queue = &cpu0_disp;
302 323 t0.t_bind_cpu = PBIND_NONE;
303 324 t0.t_bind_pset = PS_NONE;
304 325 t0.t_bindflag = (uchar_t)default_binding_mode;
305 326 t0.t_cpupart = &cp_default;
306 327 t0.t_clfuncs = &sys_classfuncs.thread;
307 328 t0.t_copyops = NULL;
308 329 THREAD_ONPROC(&t0, CPU);
309 330
310 331 lwp0.lwp_thread = &t0;
311 332 lwp0.lwp_regs = (void *)rp;
312 333 lwp0.lwp_procp = &p0;
313 334 t0.t_tid = p0.p_lwpcnt = p0.p_lwprcnt = p0.p_lwpid = 1;
314 335
315 336 p0.p_exec = NULL;
316 337 p0.p_stat = SRUN;
317 338 p0.p_flag = SSYS;
318 339 p0.p_tlist = &t0;
319 340 p0.p_stksize = 2*PAGESIZE;
320 341 p0.p_stkpageszc = 0;
321 342 p0.p_as = &kas;
322 343 p0.p_lockp = &p0lock;
323 344 p0.p_brkpageszc = 0;
324 345 p0.p_t1_lgrpid = LGRP_NONE;
325 346 p0.p_tr_lgrpid = LGRP_NONE;
326 347 psecflags_default(&p0.p_secflags);
327 348
328 349 sigorset(&p0.p_ignore, &ignoredefault);
329 350
330 351 CPU->cpu_thread = &t0;
331 352 bzero(&cpu0_disp, sizeof (disp_t));
332 353 CPU->cpu_disp = &cpu0_disp;
333 354 CPU->cpu_disp->disp_cpu = CPU;
334 355 CPU->cpu_dispthread = &t0;
335 356 CPU->cpu_idle_thread = &t0;
336 357 CPU->cpu_flags = CPU_READY | CPU_RUNNING | CPU_EXISTS | CPU_ENABLE;
337 358 CPU->cpu_dispatch_pri = t0.t_pri;
338 359
339 360 CPU->cpu_id = 0;
340 361
341 362 CPU->cpu_pri = 12; /* initial PIL for the boot CPU */
342 363
343 364 /*
344 365 * The kernel doesn't use LDTs unless a process explicitly requests one.
345 366 */
346 367 p0.p_ldt_desc = null_sdesc;
347 368
348 369 /*
349 370 * Initialize thread/cpu microstate accounting
350 371 */
351 372 init_mstate(&t0, LMS_SYSTEM);
352 373 init_cpu_mstate(CPU, CMS_SYSTEM);
353 374
354 375 /*
355 376 * Initialize lists of available and active CPUs.
356 377 */
357 378 cpu_list_init(CPU);
358 379
359 380 pg_cpu_bootstrap(CPU);
360 381
361 382 /*
362 383 * Now that we have taken over the GDT, IDT and have initialized
363 384 * active CPU list it's time to inform kmdb if present.
364 385 */
365 386 if (boothowto & RB_DEBUG)
366 387 kdi_idt_sync();
367 388
368 389 if (BOP_GETPROPLEN(bootops, "efi-systab") < 0) {
369 390 /*
370 391 * In BIOS system, explicitly set console to text mode (0x3)
371 392 * if this is a boot post Fast Reboot, and the console is set
372 393 * to CONS_SCREEN_TEXT.
373 394 */
374 395 if (post_fastreboot &&
375 396 boot_console_type(NULL) == CONS_SCREEN_TEXT) {
376 397 set_console_mode(0x3);
377 398 }
378 399 }
379 400
380 401 /*
381 402 * If requested (boot -d) drop into kmdb.
382 403 *
383 404 * This must be done after cpu_list_init() on the 64-bit kernel
384 405 * since taking a trap requires that we re-compute gsbase based
385 406 * on the cpu list.
386 407 */
387 408 if (boothowto & RB_DEBUGENTER)
388 409 kmdb_enter();
389 410
390 411 cpu_vm_data_init(CPU);
391 412
392 413 rp->r_fp = 0; /* terminate kernel stack traces! */
393 414
394 415 prom_init("kernel", (void *)NULL);
395 416
396 417 /* User-set option overrides firmware value. */
397 418 if (bootprop_getval(PLAT_DR_OPTIONS_NAME, &prop_value) == 0) {
398 419 plat_dr_options = (uint64_t)prop_value;
399 420 }
400 421 #if defined(__xpv)
401 422 /* No support of DR operations on xpv */
402 423 plat_dr_options = 0;
403 424 #else /* __xpv */
404 425 /* Flag PLAT_DR_FEATURE_ENABLED should only be set by DR driver. */
405 426 plat_dr_options &= ~PLAT_DR_FEATURE_ENABLED;
406 427 #ifndef __amd64
407 428 /* Only enable CPU/memory DR on 64 bits kernel. */
408 429 plat_dr_options &= ~PLAT_DR_FEATURE_MEMORY;
409 430 plat_dr_options &= ~PLAT_DR_FEATURE_CPU;
410 431 #endif /* __amd64 */
411 432 #endif /* __xpv */
412 433
413 434 /*
414 435 * Get value of "plat_dr_physmax" boot option.
415 436 * It overrides values calculated from MSCT or SRAT table.
416 437 */
417 438 if (bootprop_getval(PLAT_DR_PHYSMAX_NAME, &prop_value) == 0) {
418 439 plat_dr_physmax = ((uint64_t)prop_value) >> PAGESHIFT;
419 440 }
420 441
421 442 /* Get value of boot_ncpus. */
422 443 if (bootprop_getval(BOOT_NCPUS_NAME, &prop_value) != 0) {
423 444 boot_ncpus = NCPU;
424 445 } else {
425 446 boot_ncpus = (int)prop_value;
426 447 if (boot_ncpus <= 0 || boot_ncpus > NCPU)
427 448 boot_ncpus = NCPU;
428 449 }
429 450
430 451 /*
431 452 * Set max_ncpus and boot_max_ncpus to boot_ncpus if platform doesn't
432 453 * support CPU DR operations.
433 454 */
434 455 if (plat_dr_support_cpu() == 0) {
435 456 max_ncpus = boot_max_ncpus = boot_ncpus;
436 457 } else {
437 458 if (bootprop_getval(PLAT_MAX_NCPUS_NAME, &prop_value) != 0) {
438 459 max_ncpus = NCPU;
439 460 } else {
440 461 max_ncpus = (int)prop_value;
441 462 if (max_ncpus <= 0 || max_ncpus > NCPU) {
442 463 max_ncpus = NCPU;
443 464 }
444 465 if (boot_ncpus > max_ncpus) {
445 466 boot_ncpus = max_ncpus;
446 467 }
447 468 }
448 469
449 470 if (bootprop_getval(BOOT_MAX_NCPUS_NAME, &prop_value) != 0) {
450 471 boot_max_ncpus = boot_ncpus;
451 472 } else {
452 473 boot_max_ncpus = (int)prop_value;
453 474 if (boot_max_ncpus <= 0 || boot_max_ncpus > NCPU) {
454 475 boot_max_ncpus = boot_ncpus;
455 476 } else if (boot_max_ncpus > max_ncpus) {
456 477 boot_max_ncpus = max_ncpus;
457 478 }
458 479 }
459 480 }
460 481
461 482 /*
462 483 * Initialize the lgrp framework
463 484 */
464 485 lgrp_init(LGRP_INIT_STAGE1);
465 486
466 487 if (boothowto & RB_HALT) {
467 488 prom_printf("unix: kernel halted by -h flag\n");
468 489 prom_enter_mon();
469 490 }
470 491
471 492 ASSERT_STACK_ALIGNED();
472 493
473 494 /*
474 495 * Fill out cpu_ucode_info. Update microcode if necessary.
475 496 */
476 497 ucode_check(CPU);
477 498
478 499 if (workaround_errata(CPU) != 0)
479 500 panic("critical workaround(s) missing for boot cpu");
480 501 }
481 502
482 503
483 504 void
484 505 mach_modpath(char *path, const char *filename)
485 506 {
486 507 /*
487 508 * Construct the directory path from the filename.
488 509 */
489 510
490 511 int len;
491 512 char *p;
492 513 const char isastr[] = "/amd64";
493 514 size_t isalen = strlen(isastr);
494 515
495 516 len = strlen(SYSTEM_BOOT_PATH "/kernel");
496 517 (void) strcpy(path, SYSTEM_BOOT_PATH "/kernel ");
497 518 path += len + 1;
498 519
499 520 if ((p = strrchr(filename, '/')) == NULL)
500 521 return;
501 522
502 523 while (p > filename && *(p - 1) == '/')
503 524 p--; /* remove trailing '/' characters */
504 525 if (p == filename)
505 526 p++; /* so "/" -is- the modpath in this case */
506 527
507 528 /*
508 529 * Remove optional isa-dependent directory name - the module
509 530 * subsystem will put this back again (!)
510 531 */
511 532 len = p - filename;
512 533 if (len > isalen &&
513 534 strncmp(&filename[len - isalen], isastr, isalen) == 0)
514 535 p -= isalen;
515 536
516 537 /*
517 538 * "/platform/mumblefrotz" + " " + MOD_DEFPATH
518 539 */
519 540 len += (p - filename) + 1 + strlen(MOD_DEFPATH) + 1;
520 541 (void) strncpy(path, filename, p - filename);
521 542 }
|
↓ open down ↓ |
360 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX