2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) KATO Takenori, 1997, 1998.
6 * All rights reserved. Unpublished rights reserved under the copyright
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer as
15 * the first lines of this file unmodified.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
37 #include <sys/param.h>
38 #include <sys/kernel.h>
40 #include <sys/systm.h>
41 #include <sys/sysctl.h>
43 #include <machine/cputypes.h>
44 #include <machine/md_var.h>
45 #include <machine/psl.h>
46 #include <machine/specialreg.h>
51 static int hw_instruction_sse;
52 SYSCTL_INT(_hw, OID_AUTO, instruction_sse, CTLFLAG_RD,
53 &hw_instruction_sse, 0, "SIMD/MMX2 instructions available in CPU");
54 static int lower_sharedpage_init;
55 int hw_lower_amd64_sharedpage;
56 SYSCTL_INT(_hw, OID_AUTO, lower_amd64_sharedpage, CTLFLAG_RDTUN,
57 &hw_lower_amd64_sharedpage, 0,
58 "Lower sharedpage to work around Ryzen issue with executing code near the top of user memory");
60 * -1: automatic (default)
61 * 0: keep enable CLFLUSH
62 * 1: force disable CLFLUSH
64 static int hw_clflush_disable = -1;
72 * Work around Erratum 721 for Family 10h and 12h processors.
73 * These processors may incorrectly update the stack pointer
74 * after a long series of push and/or near-call instructions,
75 * or a long series of pop and/or near-return instructions.
77 * http://support.amd.com/us/Processor_TechDocs/41322_10h_Rev_Gd.pdf
78 * http://support.amd.com/us/Processor_TechDocs/44739_12h_Rev_Gd.pdf
80 * Hypervisors do not provide access to the errata MSR,
81 * causing #GP exception on attempt to apply the errata. The
82 * MSR write shall be done on host and persist globally
83 * anyway, so do not try to do it when under virtualization.
85 switch (CPUID_TO_FAMILY(cpu_id)) {
88 if ((cpu_feature2 & CPUID2_HV) == 0)
89 wrmsr(0xc0011029, rdmsr(0xc0011029) | 1);
94 * BIOS may fail to set InitApicIdCpuIdLo to 1 as it should per BKDG.
95 * So, do it here or otherwise some tools could be confused by
96 * Initial Local APIC ID reported with CPUID Function 1 in EBX.
98 if (CPUID_TO_FAMILY(cpu_id) == 0x10) {
99 if ((cpu_feature2 & CPUID2_HV) == 0) {
100 msr = rdmsr(MSR_NB_CFG1);
101 msr |= (uint64_t)1 << 54;
102 wrmsr(MSR_NB_CFG1, msr);
107 * BIOS may configure Family 10h processors to convert WC+ cache type
108 * to CD. That can hurt performance of guest VMs using nested paging.
109 * The relevant MSR bit is not documented in the BKDG,
110 * the fix is borrowed from Linux.
112 if (CPUID_TO_FAMILY(cpu_id) == 0x10) {
113 if ((cpu_feature2 & CPUID2_HV) == 0) {
114 msr = rdmsr(0xc001102a);
115 msr &= ~((uint64_t)1 << 24);
116 wrmsr(0xc001102a, msr);
121 * Work around Erratum 793: Specific Combination of Writes to Write
122 * Combined Memory Types and Locked Instructions May Cause Core Hang.
123 * See Revision Guide for AMD Family 16h Models 00h-0Fh Processors,
124 * revision 3.04 or later, publication 51810.
126 if (CPUID_TO_FAMILY(cpu_id) == 0x16 && CPUID_TO_MODEL(cpu_id) <= 0xf) {
127 if ((cpu_feature2 & CPUID2_HV) == 0) {
128 msr = rdmsr(MSR_LS_CFG);
129 msr |= (uint64_t)1 << 15;
130 wrmsr(MSR_LS_CFG, msr);
135 if (CPUID_TO_FAMILY(cpu_id) == 0x17 && CPUID_TO_MODEL(cpu_id) == 0x1 &&
136 (cpu_feature2 & CPUID2_HV) == 0) {
138 msr = rdmsr(0xc0011029);
140 wrmsr(0xc0011029, msr);
143 msr = rdmsr(MSR_LS_CFG);
145 wrmsr(MSR_LS_CFG, msr);
148 msr = rdmsr(0xc0011028);
150 wrmsr(0xc0011028, msr);
153 msr = rdmsr(MSR_LS_CFG);
154 msr |= 0x200000000000000;
155 wrmsr(MSR_LS_CFG, msr);
159 * Work around a problem on Ryzen that is triggered by executing
160 * code near the top of user memory, in our case the signal
161 * trampoline code in the shared page on amd64.
163 * This function is executed once for the BSP before tunables take
164 * effect so the value determined here can be overridden by the
165 * tunable. This function is then executed again for each AP and
166 * also on resume. Set a flag the first time so that value set by
167 * the tunable is not overwritten.
169 * The stepping and/or microcode versions should be checked after
170 * this issue is fixed by AMD so that we don't use this mode if not
173 if (lower_sharedpage_init == 0) {
174 lower_sharedpage_init = 1;
175 if (CPUID_TO_FAMILY(cpu_id) == 0x17 ||
176 CPUID_TO_FAMILY(cpu_id) == 0x18) {
177 hw_lower_amd64_sharedpage = 1;
183 * Initialize special VIA features
191 * Check extended CPUID for PadLock features.
193 * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/programming_guide.pdf
195 do_cpuid(0xc0000000, regs);
196 if (regs[0] >= 0xc0000001) {
197 do_cpuid(0xc0000001, regs);
202 /* Enable RNG if present. */
203 if ((val & VIA_CPUID_HAS_RNG) != 0) {
204 via_feature_rng = VIA_HAS_RNG;
205 wrmsr(0x110B, rdmsr(0x110B) | VIA_CPUID_DO_RNG);
208 /* Enable PadLock if present. */
209 if ((val & VIA_CPUID_HAS_ACE) != 0)
210 via_feature_xcrypt |= VIA_HAS_AES;
211 if ((val & VIA_CPUID_HAS_ACE2) != 0)
212 via_feature_xcrypt |= VIA_HAS_AESCTR;
213 if ((val & VIA_CPUID_HAS_PHE) != 0)
214 via_feature_xcrypt |= VIA_HAS_SHA;
215 if ((val & VIA_CPUID_HAS_PMM) != 0)
216 via_feature_xcrypt |= VIA_HAS_MM;
217 if (via_feature_xcrypt != 0)
218 wrmsr(0x1107, rdmsr(0x1107) | (1 << 28));
222 * The value for the TSC_AUX MSR and rdtscp/rdpid on the invoking CPU.
224 * Caller should prevent CPU migration.
229 KASSERT((read_rflags() & PSL_I) == 0, ("context switch possible"));
230 return (PCPU_GET(cpuid));
234 * Initialize CPU control registers
243 if ((cpu_feature & CPUID_XMM) && (cpu_feature & CPUID_FXSR)) {
244 cr4 |= CR4_FXSR | CR4_XMM;
245 cpu_fxsr = hw_instruction_sse = 1;
247 if (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE)
250 if (cpu_stdext_feature2 & CPUID_STDEXT2_PKU)
254 * If SMEP is present, we only need to flush RSB (by default)
255 * on context switches, to prevent cross-process ret2spec
256 * attacks. Do it automatically if ibrs_disable is set, to
257 * complete the mitigation.
259 * Postpone enabling the SMEP on the boot CPU until the page
260 * tables are switched from the boot loader identity mapping
261 * to the kernel tables. The boot loader enables the U bit in
265 if (cpu_stdext_feature & CPUID_STDEXT_SMEP &&
267 "machdep.mitigations.cpu_flush_rsb_ctxsw",
268 &cpu_flush_rsb_ctxsw) &&
270 cpu_flush_rsb_ctxsw = 1;
272 if (cpu_stdext_feature & CPUID_STDEXT_SMEP)
274 if (cpu_stdext_feature & CPUID_STDEXT_SMAP)
278 if (IS_BSP() && (amd_feature & AMDID_NX) != 0) {
279 msr = rdmsr(MSR_EFER) | EFER_NXE;
280 wrmsr(MSR_EFER, msr);
283 hw_ibrs_recalculate(false);
284 hw_ssb_recalculate(false);
285 amd64_syscall_ret_flush_l1d_recalc();
286 x86_rngds_mitg_recalculate(false);
287 switch (cpu_vendor_id) {
289 case CPU_VENDOR_HYGON:
292 case CPU_VENDOR_CENTAUR:
297 if ((amd_feature & AMDID_RDTSCP) != 0 ||
298 (cpu_stdext_feature2 & CPUID_STDEXT2_RDPID) != 0)
299 wrmsr(MSR_TSC_AUX, cpu_auxmsr());
303 initializecpucache(void)
307 * CPUID with %eax = 1, %ebx returns
308 * Bits 15-8: CLFLUSH line size
309 * (Value * 8 = cache line size in bytes)
311 if ((cpu_feature & CPUID_CLFSH) != 0)
312 cpu_clflush_line_size = ((cpu_procinfo >> 8) & 0xff) * 8;
314 * XXXKIB: (temporary) hack to work around traps generated
315 * when CLFLUSHing APIC register window under virtualization
316 * environments. These environments tend to disable the
317 * CPUID_SS feature even though the native CPU supports it.
319 TUNABLE_INT_FETCH("hw.clflush_disable", &hw_clflush_disable);
320 if (vm_guest != VM_GUEST_NO && hw_clflush_disable == -1) {
321 cpu_feature &= ~CPUID_CLFSH;
322 cpu_stdext_feature &= ~CPUID_STDEXT_CLFLUSHOPT;
326 * The kernel's use of CLFLUSH{,OPT} can be disabled manually
327 * by setting the hw.clflush_disable tunable.
329 if (hw_clflush_disable == 1) {
330 cpu_feature &= ~CPUID_CLFSH;
331 cpu_stdext_feature &= ~CPUID_STDEXT_CLFLUSHOPT;