CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2019/05/28 08:23:51
Modified files:
sys/arch/amd64/amd64: Tag: OPENBSD_6_4 cpu.c genassym.cf
identcpu.c locore.S mainbus.c vector.S
vmm.c vmm_support.S
sys/arch/amd64/conf: Tag: OPENBSD_6_4 Makefile.amd64 files.amd64
sys/arch/amd64/include: Tag: OPENBSD_6_4 codepatch.h cpu.h
cpu_full.h cpufunc.h specialreg.h
vmmvar.h
Added files:
sys/arch/amd64/amd64: Tag: OPENBSD_6_4 mds.S
Log message:
Mitigate Intel's Microarchitectural Data Sampling vulnerability.
If the CPU has the new VERW behavior than that is used, otherwise
use the proper sequence from Intel's "Deep Dive" doc is used in the
return-to-userspace and enter-VMM-guest paths. The enter-C3-idle
path is not mitigated because it's only a problem when SMT/HT is
enabled: mitigating everything when that's enabled would be a _huge_
set of changes that we see no point in doing.
Update vmm(4) to pass through the MSR bits so that guests can apply
the optimal mitigation.
VMM help and specific feedback from mlarkin@
vendor-portability help from jsg@ and kettenis@
from guenther@; ok kettenis@ mlarkin@ deraadt@ jsg@
OpenBSD 6.4 errata 018
