CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/03/16 23:49:41
Modified files:
sys/arch/amd64/amd64: cpu.c identcpu.c locore.S vmm_support.S
sys/arch/amd64/include: specialreg.h
Log message:
Use VERW to mitigate the RFDS (Register File Data Sampling) vulnerability
present in Intel Atom CPUs, reordering some ASM in return-to-userspace and
start/resume-vmx-guest to reduce the number of kernel values still live in
registers when VERW is used. This mitigation requires updated firmware which
has affected CPUs report RFDS_CLEAR in dmesg.
Firmware packaging by jsg@ and sthen@
Logic for interpreting intel's flags by jsg@ after lots of discussion
between him, deraadt@, and I
ok deraadt@
