CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	scottl <scottl@FreeBSD.org>
	Sat, 16 Nov 2019 00:26:42 +0000 (00:26 +0000)
committer	scottl <scottl@FreeBSD.org>
	Sat, 16 Nov 2019 00:26:42 +0000 (00:26 +0000)
commit	3a09fa0468485aca9c4e4dff25051160bbcd71b7
tree	4c3be410b6e4f63b4807d65d64b717abaff0be35	tree \| snapshot
parent	da088e11c9ddde80ab8043513c92628177f371c6	commit \| diff

TSX Asynchronous Abort mitigation for Intel CVE-2019-11135.
This CVE has already been announced in FreeBSD SA-19:26.mcu.

Mitigation for TAA involves either turning off TSX or turning on the
VERW mitigation used for MDS. Some CPUs will also be self-mitigating
for TAA and require no software workaround.

Control knobs are:
machdep.mitigations.taa.enable:
        0 - no software mitigation is enabled
        1 - attempt to disable TSX
        2 - use the VERW mitigation
        3 - automatically select the mitigation based on processor
    features.

machdep.mitigations.taa.state:
        inactive        - no mitigation is active/enabled
        TSX disable     - TSX is disabled in the bare metal CPU as well as
                        - any virtualized CPUs
        VERW            - VERW instruction clears CPU buffers
not vulnerable - The CPU has identified itself as not being
  vulnerable

Nothing in the base FreeBSD system uses TSX.  However, the instructions
are straight-forward to add to custom applications and require no kernel
support, so the mitigation is provided for users with untrusted
applications and tenants.

Reviewed by: emaste, imp, kib, scottph
Sponsored by: Intel
Differential Revision: 22374

sys/amd64/amd64/machdep.c		diff \| blob \| history
sys/dev/cpuctl/cpuctl.c		diff \| blob \| history
sys/x86/include/x86_var.h		diff \| blob \| history
sys/x86/x86/cpu_machdep.c		diff \| blob \| history