---
- branch: netbsd-8
  date: Tue Nov 12 18:28:40 UTC 2019
  files:
  - new: 1.98.2.16
    old: 1.98.2.15
    path: src/sys/arch/x86/include/specialreg.h
    pathrev: src/sys/arch/x86/include/specialreg.h@1.98.2.16
    type: modified
  - new: 1.19.2.5
    old: 1.19.2.4
    path: src/sys/arch/x86/x86/spectre.c
    pathrev: src/sys/arch/x86/x86/spectre.c@1.19.2.5
    type: modified
  id: 20191112T182840Z.cdbb69a1b0336ab4a787ee26947cde47722c87fb
  log: "Pull up following revision(s) (requested by maxv in ticket #1433):\n\n\tsys/arch/x86/include/specialreg.h:
    revision 1.157\n\tsys/arch/x86/x86/spectre.c: revision 1.31\n\nMitigation for
    CVE-2019-11135: TSX Asynchronous Abort (TAA).\n\nTwo sysctls are added:\n\tmachdep.taa.mitigated
    = {0/1} user-settable\n\tmachdep.taa.method = {string} constructed by the kernel\n\nThere
    are two cases:\n\n  (1) If the CPU is affected by MDS, then the MDS mitigation
    will also\nmitigate TAA, and we have nothing else to do. We make the 'mitigated'
    leaf\nread-only, and force:\n\n\tmachdep.taa.mitigated = machdep.mds.mitigated\n\tmachdep.taa.method
    = [MDS]\n\nThe kernel already enables the MDS mitigation by default.\n\n  (2)
    If the CPU is not affected by MDS but is affected by TAA, then we use\nthe new
    TSX_CTRL MSR to disable RTM. This MSR is provided via a microcode\nupdate, now
    available on the Intel website. The kernel will automatically\nenable the TAA
    mitigation if the updated microcode is present. If the new\nmicrocode is not present,
    the user can load it via cpuctl, and set\nmachdep.taa.mitigated=1.\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys/arch/x86'
  unixtime: '1573583320'
  user: martin