Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).

It requires a microcode update, now available on the Intel website. The
microcode modifies the behavior of the VERW instruction, and makes it flush
internal CPU buffers. We hotpatch the return-to-userland path to add VERW.

Two sysctls are added:

	machdep.mds.mitigated = {0/1} user-settable
	machdep.mds.method = {string} constructed by the kernel

The kernel will automatically enable the mitigation if the updated
microcode is present. If the new microcode is not present, the user can
load it via cpuctl, and set machdep.mds.mitigated=1.

sys/arch/amd64/amd64/amd64_trap.S

@@ -1,4 +1,4 @@
-/*	$NetBSD: amd64_trap.S,v 1.46 2019/02/11 14:59:32 cherry Exp $	*/
+/*	$NetBSD: amd64_trap.S,v 1.47 2019/05/14 16:59:25 maxv Exp $	*/
 
 /*
  * Copyright (c) 1998, 2007, 2008, 2017 The NetBSD Foundation, Inc.
@@ -281,6 +281,7 @@ IDTVEC(trap02)
 	call	_C_LABEL(nmitrap)
 
 .Lnmileave:
+	MDS_LEAVE
 	SVS_LEAVE_NMI
 	IBRS_LEAVE
 	INTR_RESTORE_GPRS
@@ -369,6 +370,7 @@ IDTVEC(trap08)
 	incq	CPUVAR(NTRAP)
 	call	_C_LABEL(doubletrap)
 
+	MDS_LEAVE
 	SVS_LEAVE_ALTSTACK
 	IBRS_LEAVE
 	INTR_RESTORE_GPRS

sys/arch/amd64/amd64/locore.S

@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.180 2019/03/09 08:42:25 maxv Exp $	*/
+/*	$NetBSD: locore.S,v 1.181 2019/05/14 16:59:25 maxv Exp $	*/
 
 /*
  * Copyright-o-rama!
@@ -1483,6 +1483,7 @@ IDTVEC_END(osyscall)
 	TEXT_USER_BEGIN
 	_ALIGN_TEXT
 LABEL(syscall_sysret)
+	MDS_LEAVE
 	SVS_LEAVE
 	IBRS_LEAVE
 	INTR_RESTORE_GPRS
@@ -1574,6 +1575,7 @@ END(pagezero)
 	_ALIGN_TEXT
 LABEL(intrfastexit)
 	NOT_XEN(cli;)
+	MDS_LEAVE
 	SVS_LEAVE
 	IBRS_LEAVE
 	INTR_RESTORE_GPRS
@@ -1721,3 +1723,18 @@ LABEL(noibrs_enter_end)
 LABEL(noibrs_leave)
 	NOIBRS_LEAVE
 LABEL(noibrs_leave_end)
+
+	.globl	mds_leave, mds_leave_end
+
+LABEL(mds_leave)
+	testb	$SEL_UPL,TF_CS(%rsp)
+	jz	1234f
+	pushq	$GSEL(GDATA_SEL, SEL_KPL)
+	verw	(%rsp)
+	addq	$8,%rsp
+1234:
+LABEL(mds_leave_end)
+
+LABEL(nomds_leave)
+	NOMDS_LEAVE
+LABEL(nomds_leave_end)

sys/arch/amd64/include/frameasm.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: frameasm.h,v 1.42 2019/02/11 14:59:32 cherry Exp $	*/
+/*	$NetBSD: frameasm.h,v 1.43 2019/05/14 16:59:25 maxv Exp $	*/
 
 #ifndef _AMD64_MACHINE_FRAMEASM_H
 #define _AMD64_MACHINE_FRAMEASM_H
@@ -48,6 +48,7 @@
 #define HP_NAME_IBRS_LEAVE	10
 #define HP_NAME_SVS_ENTER_NMI	11
 #define HP_NAME_SVS_LEAVE_NMI	12
+#define HP_NAME_MDS_LEAVE	13
 
 #define HOTPATCH(name, size) \
 123:						; \
@@ -85,6 +86,18 @@
 	.byte 0xEB, (IBRS_LEAVE_BYTES-2)	/* jmp */	; \
 	.fill	(IBRS_LEAVE_BYTES-2),1,0xCC
 
+/*
+ * MDS
+ */
+
+#define MDS_LEAVE_BYTES	20
+#define MDS_LEAVE \
+	HOTPATCH(HP_NAME_MDS_LEAVE, MDS_LEAVE_BYTES)		; \
+	NOMDS_LEAVE
+#define NOMDS_LEAVE \
+	.byte 0xEB, (MDS_LEAVE_BYTES-2)	/* jmp */		; \
+	.fill	(MDS_LEAVE_BYTES-2),1,0xCC
+
 #define	SWAPGS	NOT_XEN(swapgs)
 
 /*

sys/arch/x86/include/specialreg.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: specialreg.h,v 1.143 2019/03/13 05:22:07 msaitoh Exp $	*/
+/*	$NetBSD: specialreg.h,v 1.144 2019/05/14 16:59:26 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1991 The Regents of the University of California.
@@ -426,6 +426,7 @@
 /* %edx */
 #define CPUID_SEF_AVX512_4VNNIW	__BIT(2)
 #define CPUID_SEF_AVX512_4FMAPS	__BIT(3)
+#define CPUID_SEF_MD_CLEAR	__BIT(10)
 #define CPUID_SEF_TSX_FORCE_ABORT __BIT(13) /* MSR_TSX_FORCE_ABORT bit 0 */
 #define CPUID_SEF_IBRS		__BIT(26) /* IBRS / IBPB Speculation Control */
 #define CPUID_SEF_STIBP		__BIT(27) /* STIBP Speculation Control */
@@ -747,6 +748,7 @@
 #define 	IA32_ARCH_RSBA		0x04
 #define 	IA32_ARCH_SKIP_L1DFL_VMENTRY 0x08
 #define 	IA32_ARCH_SSB_NO	0x10
+#define 	IA32_ARCH_MDS_NO	0x20
 #define MSR_IA32_FLUSH_CMD	0x10b
 #define 	IA32_FLUSH_CMD_L1D_FLUSH 0x01
 #define MSR_TSX_FORCE_ABORT	0x10f