untrusted comment: signature from openbsd 6.2 base secret key
RWRVWzAMgtyg7gI3HHkyyKZFWbPqPy5hjyeXxOtIsMjnPeelNccjK9nakZ0/3uzd3vfqOIi6OYOhgDL3of0YHrPyIskivI2J1gA=

OpenBSD 6.2 errata 019, July 31, 2018:

On AMD cpus, set a chicken bit which turns LFENCE into a serialization
instruction against speculation.

Apply by doing:
   signify -Vep /etc/signify/openbsd-62-base.pub -x 019_amdlfence.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install a new kernel:
   KK=`sysctl -n kern.osversion | cut -d# -f1`
   cd /usr/src/sys/arch/`machine`/compile/$KK
   make obj
   make config
   make
   make install

Index: sys/arch/amd64/amd64/identcpu.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.87.2.2
diff -u -p -u -r1.87.2.2 identcpu.c
--- sys/arch/amd64/amd64/identcpu.c     22 Jun 2018 13:05:33 -0000      1.87.2.2
+++ sys/arch/amd64/amd64/identcpu.c     24 Jul 2018 17:40:44 -0000
@@ -674,6 +674,27 @@ identifycpu(struct cpu_info *ci)
       x86_print_cacheinfo(ci);

       /*
+        * "Mitigation G-2" per AMD's Whitepaper "Software Techniques
+        * for Managing Speculation on AMD Processors"
+        *
+        * By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch
+        * serializing instruction.
+        *
+        * This MSR is available on all AMD families >= 10h, except 11h
+        * where LFENCE is always serializing.
+        */
+       if (!strcmp(cpu_vendor, "AuthenticAMD")) {
+               if (ci->ci_family >= 0x10 && ci->ci_family != 0x11) {
+                       uint64_t msr;
+
+                       msr = rdmsr(MSR_DE_CFG);
+#define DE_CFG_SERIALIZE_LFENCE        (1 << 1)
+                       msr |= DE_CFG_SERIALIZE_LFENCE;
+                       wrmsr(MSR_DE_CFG, msr);
+               }
+       }
+
+       /*
        * Attempt to disable Silicon Debug and lock the configuration
        * if it's enabled and unlocked.
        */
Index: sys/arch/i386/i386/machdep.c
===================================================================
RCS file: /cvs/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.606
diff -u -p -u -r1.606 machdep.c
--- sys/arch/i386/i386/machdep.c        3 Sep 2017 07:00:53 -0000       1.606
+++ sys/arch/i386/i386/machdep.c        24 Jul 2018 17:40:44 -0000
@@ -2004,6 +2004,27 @@ identifycpu(struct cpu_info *ci)
       }

       /*
+        * "Mitigation G-2" per AMD's Whitepaper "Software Techniques
+        * for Managing Speculation on AMD Processors"
+        *
+        * By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch
+        * serializing instruction.
+        *
+        * This MSR is available on all AMD families >= 10h, except 11h
+        * where LFENCE is always serializing.
+        */
+       if (!strcmp(cpu_vendor, "AuthenticAMD")) {
+               if (ci->ci_family >= 0x10 && ci->ci_family != 0x11) {
+                       uint64_t msr;
+
+                       msr = rdmsr(MSR_DE_CFG);
+#define DE_CFG_SERIALIZE_LFENCE        (1 << 1)
+                       msr |= DE_CFG_SERIALIZE_LFENCE;
+                       wrmsr(MSR_DE_CFG, msr);
+               }
+       }
+
+       /*
        * Attempt to disable Silicon Debug and lock the configuration
        * if it's enabled and unlocked.
        */

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.