From de890ea4650de4b9f1784fab7e6e8bcd1186664d Mon Sep 17 00:00:00 2001 From: Scott Long Date: Fri, 15 Nov 2019 23:27:17 +0000 Subject: [PATCH] Create a new sysctl subtree, machdep.mitigations. Its purpose is to organize knobs and indicators for code that mitigates functional and security issues in the architecture/platform. Controls for regular operational policy should still go into places security, hw, kern, etc. The machdep root node is inherently architecture dependent, but mitigations tend to be architecture dependent as well. Some cases like Spectre do cross architectural boundaries, but the mitigation code for them tends to be architecture dependent anyways, and multiple architectures won't be active in the same image of the kernel. Many mitigation knobs already exist in the system, and they will be moved with compat naming in the future. Going forward, mitigations should collect in machdep.mitigations. Reviewed by: imp, brooks, rwatson, emaste, jhb Sponsored by: Intel --- sys/kern/kern_mib.c | 2 ++ sys/sys/sysctl.h | 1 + 2 files changed, 3 insertions(+) diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 54cdff14824..daf452f6cc9 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -78,6 +78,8 @@ SYSCTL_ROOT_NODE(CTL_HW, hw, CTLFLAG_RW, 0, "hardware"); SYSCTL_ROOT_NODE(CTL_MACHDEP, machdep, CTLFLAG_RW, 0, "machine dependent"); +SYSCTL_NODE(_machdep, OID_AUTO, mitigations, CTLFLAG_RW, 0, + "Machine dependent platform mitigations."); SYSCTL_ROOT_NODE(CTL_USER, user, CTLFLAG_RW, 0, "user-level"); SYSCTL_ROOT_NODE(CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0, diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index c01ca3605bd..7e3e983a7eb 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1094,6 +1094,7 @@ SYSCTL_DECL(_hw_bus); SYSCTL_DECL(_hw_bus_devices); SYSCTL_DECL(_hw_bus_info); SYSCTL_DECL(_machdep); +SYSCTL_DECL(_machdep_mitigations); SYSCTL_DECL(_user); SYSCTL_DECL(_compat); SYSCTL_DECL(_regression);