CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2019/05/17 13:07:16
Modified files:
sys/arch/amd64/amd64: cpu.c genassym.cf identcpu.c locore.S
mainbus.c vmm.c vmm_support.S
sys/arch/amd64/conf: Makefile.amd64 files.amd64
sys/arch/amd64/include: codepatch.h cpu.h specialreg.h vmmvar.h
Added files:
sys/arch/amd64/amd64: mds.S
Log message:
Mitigate Intel's Microarchitectural Data Sampling vulnerability.
If the CPU has the new VERW behavior than that is used, otherwise
use the proper sequence from Intel's "Deep Dive" doc is used in the
return-to-userspace and enter-VMM-guest paths. The enter-C3-idle
path is not mitigated because it's only a problem when SMT/HT is
enabled: mitigating everything when that's enabled would be a _huge_
set of changes that we see no point in doing.
Update vmm(4) to pass through the MSR bits so that guests can apply
the optimal mitigation.
VMM help and specific feedback from mlarkin@
vendor-portability help from jsg@ and kettenis@
ok kettenis@ mlarkin@ deraadt@ jsg@
