Pull up following revision(s) (requested by maxv in ticket #1433):

sys/arch/x86/include/specialreg.h: revision 1.157
sys/arch/x86/x86/spectre.c: revision 1.31

Mitigation for CVE-2019-11135: TSX Asynchronous Abort (TAA).

Two sysctls are added:
machdep.taa.mitigated = {0/1} user-settable
machdep.taa.method = {string} constructed by the kernel

There are two cases:

  (1) If the CPU is affected by MDS, then the MDS mitigation will also
mitigate TAA, and we have nothing else to do. We make the 'mitigated' leaf
read-only, and force:

machdep.taa.mitigated = machdep.mds.mitigated
machdep.taa.method = [MDS]

The kernel already enables the MDS mitigation by default.

  (2) If the CPU is not affected by MDS but is affected by TAA, then we use
the new TSX_CTRL MSR to disable RTM. This MSR is provided via a microcode
update, now available on the Intel website. The kernel will automatically
enable the TAA mitigation if the updated microcode is present. If the new
microcode is not present, the user can load it via cpuctl, and set
machdep.taa.mitigated=1.

(martin)