Disable TSX when MSR_ARCH_CAPABILITIES sets TSX_CTRL.

Even with the latest microcode this is not set on all CPUs with TSX, but
is set on CPUs which don't need MDS mitigations.

MDS mitigations also mitigate TSX Asynchronous Abort (TAA) but aren't
done if the CPU claims to not be affected by MDS (MDS_NO).
According to "Deep Dive: Intel Transactional Synchronization Extensions
(Intel TSX) Asynchronous Abort" CPUs requiring additional mitigations
for this are:
06-8e-0c	Whiskey Lake (ULT refresh)
06-55-0{6,7}	2nd Gen Xeon Scalable Processors based on Cascade Lake
06-9e-0d	Coffee Lake R

Currently TSX is disabled unconditionally when possible even if TAA_NO
is set.

ok bluhm@ guenther@ deraadt@
tested by bluhm@ on i5-8365U (06-8e-0c).

5 files changed, 36 insertions, 7 deletions

diff --git a/sys/arch/amd64/amd64/acpi_machdep.c b/sys/arch/amd64/amd64/acpi_machdep.c
index ed133adf1ac..e41cd14a443 100644
--- a/sys/arch/amd64/amd64/acpi_machdep.c
+++ b/sys/arch/amd64/amd64/acpi_machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: acpi_machdep.c,v 1.88 2019/08/27 22:39:51 deraadt Exp $	*/
+/*	$OpenBSD: acpi_machdep.c,v 1.89 2019/12/20 07:49:31 jsg Exp $	*/
 /*
  * Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
  *
@@ -481,6 +481,7 @@ acpi_resume_cpu(struct acpi_softc *sc, int state)
 	acpi_resume_pm(sc, state);
 
 	cpu_ucode_apply(&cpu_info_primary);
+	cpu_tsx_disable(&cpu_info_primary);
 	fpuinit(&cpu_info_primary);
 	cpu_init(&cpu_info_primary);
 
diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
index f65f0364fc4..48ab6b5e7f3 100644
--- a/sys/arch/amd64/amd64/cpu.c
+++ b/sys/arch/amd64/amd64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.142 2019/10/12 14:05:50 kettenis Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.143 2019/12/20 07:49:31 jsg Exp $	*/
 /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
 
 /*-
@@ -632,6 +632,7 @@ cpu_attach(struct device *parent, struct device *self, void *aux)
 #ifndef SMALL_KERNEL
 		cpu_ucode_apply(ci);
 #endif
+		cpu_tsx_disable(ci);
 		identifycpu(ci);
 #ifdef MTRR
 		mem_range_attach();
@@ -980,6 +981,7 @@ cpu_hatch(void *v)
 	lapic_enable();
 	lapic_startclock();
 	cpu_ucode_apply(ci);
+	cpu_tsx_disable(ci);
 
 	if ((ci->ci_flags & CPUF_IDENTIFIED) == 0) {
 		/*
@@ -1159,6 +1161,26 @@ cpu_init_msrs(struct cpu_info *ci)
 }
 
 void
+cpu_tsx_disable(struct cpu_info *ci)
+{
+	uint64_t msr;
+	uint32_t dummy, sefflags_edx;
+
+	/* this runs before identifycpu() populates ci_feature_sefflags_edx */
+	if (cpuid_level >= 0x07)
+		CPUID_LEAF(0x7, 0, dummy, dummy, dummy, sefflags_edx);
+	if (strcmp(cpu_vendor, "GenuineIntel") == 0 &&
+	    (sefflags_edx & SEFF0EDX_ARCH_CAP)) {
+		msr = rdmsr(MSR_ARCH_CAPABILITIES);
+		if (msr & ARCH_CAPABILITIES_TSX_CTRL) {
+			msr = rdmsr(MSR_TSX_CTRL);
+			msr |= TSX_CTRL_RTM_DISABLE | TSX_CTRL_TSX_CPUID_CLEAR;
+			wrmsr(MSR_TSX_CTRL, msr);
+		}
+	}
+}
+
+void
 patinit(struct cpu_info *ci)
 {
 	extern int	pmap_pg_wc;
diff --git a/sys/arch/amd64/amd64/machdep.c b/sys/arch/amd64/amd64/machdep.c
index 375d669ac9a..f2d96f949ea 100644
--- a/sys/arch/amd64/amd64/machdep.c
+++ b/sys/arch/amd64/amd64/machdep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: machdep.c,v 1.259 2019/09/07 19:05:44 kettenis Exp $	*/
+/*	$OpenBSD: machdep.c,v 1.260 2019/12/20 07:49:31 jsg Exp $	*/
 /*	$NetBSD: machdep.c,v 1.3 2003/05/07 22:58:18 fvdl Exp $	*/
 
 /*-
@@ -316,6 +316,7 @@ cpu_startup(void)
 	cpu_ucode_setup();
 	cpu_ucode_apply(&cpu_info_primary);
 #endif
+	cpu_tsx_disable(&cpu_info_primary);
 
 	/* enter the IDT and trampoline code in the u-k maps */
 	enter_shared_special_pages();
diff --git a/sys/arch/amd64/include/cpu.h b/sys/arch/amd64/include/cpu.h
index dd41b80fd3a..e543ad53886 100644
--- a/sys/arch/amd64/include/cpu.h
+++ b/sys/arch/amd64/include/cpu.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.h,v 1.132 2019/08/09 15:20:05 pirofti Exp $	*/
+/*	$OpenBSD: cpu.h,v 1.133 2019/12/20 07:49:31 jsg Exp $	*/
 /*	$NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $	*/
 
 /*-
@@ -402,9 +402,8 @@ void	i8254_inittimecounter_simple(void);
 /* i8259.c */
 void	i8259_default_setup(void);
 
-
 void cpu_init_msrs(struct cpu_info *);
-
+void cpu_tsx_disable(struct cpu_info *);
 
 /* dkcsum.c */
 void	dkcsumattach(void);
diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h
index bb8c1539bde..c551b6fca26 100644
--- a/sys/arch/amd64/include/specialreg.h
+++ b/sys/arch/amd64/include/specialreg.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: specialreg.h,v 1.85 2019/06/14 18:13:55 kettenis Exp $	*/
+/*	$OpenBSD: specialreg.h,v 1.86 2019/12/20 07:49:31 jsg Exp $	*/
 /*	$NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $	*/
 /*	$NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $	*/
 
@@ -378,6 +378,9 @@
 #define ARCH_CAPABILITIES_SKIP_L1DFL_VMENTRY	(1 << 3)
 #define ARCH_CAPABILITIES_SSB_NO	(1 << 4)	/* Spec St Byp safe */
 #define ARCH_CAPABILITIES_MDS_NO	(1 << 5) /* microarch data-sampling */
+#define ARCH_CAPABILITIES_IF_PSCHANGE_MC_NO	(1 << 6) /* PS MCE safe */
+#define ARCH_CAPABILITIES_TSX_CTRL	(1 << 7)	/* has TSX_CTRL MSR */
+#define ARCH_CAPABILITIES_TAA_NO	(1 << 8)	/* TSX AA safe */
 #define MSR_FLUSH_CMD		0x10b
 #define FLUSH_CMD_L1D_FLUSH	0x1	/* (1ULL << 0) */
 #define	MSR_BBL_CR_ADDR		0x116	/* PII+ only */
@@ -386,6 +389,9 @@
 #define	MSR_BBL_CR_TRIG		0x11a	/* PII+ only */
 #define	MSR_BBL_CR_BUSY		0x11b	/* PII+ only */
 #define	MSR_BBL_CR_CTR3		0x11e	/* PII+ only */
+#define	MSR_TSX_CTRL		0x122
+#define TSX_CTRL_RTM_DISABLE		(1ULL << 0)
+#define TSX_CTRL_TSX_CPUID_CLEAR	(1ULL << 1)
 #define	MSR_SYSENTER_CS		0x174 	/* PII+ only */
 #define	MSR_SYSENTER_ESP	0x175 	/* PII+ only */
 #define	MSR_SYSENTER_EIP	0x176   /* PII+ only */