CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2019/05/28 08:23:51
Modified files: sys/arch/amd64/amd64: Tag: OPENBSD_6_4 cpu.c genassym.cf identcpu.c locore.S mainbus.c vector.S vmm.c vmm_support.S sys/arch/amd64/conf: Tag: OPENBSD_6_4 Makefile.amd64 files.amd64 sys/arch/amd64/include: Tag: OPENBSD_6_4 codepatch.h cpu.h cpu_full.h cpufunc.h specialreg.h vmmvar.h Added files: sys/arch/amd64/amd64: Tag: OPENBSD_6_4 mds.S Log message: Mitigate Intel's Microarchitectural Data Sampling vulnerability. If the CPU has the new VERW behavior than that is used, otherwise use the proper sequence from Intel's "Deep Dive" doc is used in the return-to-userspace and enter-VMM-guest paths. The enter-C3-idle path is not mitigated because it's only a problem when SMT/HT is enabled: mitigating everything when that's enabled would be a _huge_ set of changes that we see no point in doing. Update vmm(4) to pass through the MSR bits so that guests can apply the optimal mitigation. VMM help and specific feedback from mlarkin@ vendor-portability help from jsg@ and kettenis@ from guenther@; ok kettenis@ mlarkin@ deraadt@ jsg@ OpenBSD 6.4 errata 018