Received: by mail.netbsd.org (Postfix, from userid 605)
	id 235F484D7F; Tue, 12 Nov 2019 18:28:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 9B16484D7A
	for <source-changes@NetBSD.org>; Tue, 12 Nov 2019 18:28:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id If4YdgmdfFVE for <source-changes@netbsd.org>;
	Tue, 12 Nov 2019 18:28:41 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id EAF7784C2B
	for <source-changes@NetBSD.org>; Tue, 12 Nov 2019 18:28:40 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id E438AFA95; Tue, 12 Nov 2019 18:28:40 +0000 (UTC)
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
MIME-Version: 1.0
Date: Tue, 12 Nov 2019 18:28:40 +0000
From: "Martin Husemann" <martin@netbsd.org>
Subject: CVS commit: [netbsd-8] src/sys/arch/x86
To: source-changes@NetBSD.org
X-Mailer: log_accum
Message-Id: <20191112182840.E438AFA95@cvs.NetBSD.org>
Sender: source-changes-owner@NetBSD.org
List-Id: source-changes.NetBSD.org
Precedence: bulk
Reply-To: source-changes-d@NetBSD.org
Mail-Reply-To: "Martin Husemann" <martin@netbsd.org>
Mail-Followup-To: source-changes-d@NetBSD.org
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20source-changes&body=unsubscribe%20source-changes>

Module Name:	src
Committed By:	martin
Date:		Tue Nov 12 18:28:40 UTC 2019

Modified Files:
	src/sys/arch/x86/include [netbsd-8]: specialreg.h
	src/sys/arch/x86/x86 [netbsd-8]: spectre.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1433):

	sys/arch/x86/include/specialreg.h: revision 1.157
	sys/arch/x86/x86/spectre.c: revision 1.31

Mitigation for CVE-2019-11135: TSX Asynchronous Abort (TAA).

Two sysctls are added:
	machdep.taa.mitigated = {0/1} user-settable
	machdep.taa.method = {string} constructed by the kernel

There are two cases:

  (1) If the CPU is affected by MDS, then the MDS mitigation will also
mitigate TAA, and we have nothing else to do. We make the 'mitigated' leaf
read-only, and force:

	machdep.taa.mitigated = machdep.mds.mitigated
	machdep.taa.method = [MDS]

The kernel already enables the MDS mitigation by default.

  (2) If the CPU is not affected by MDS but is affected by TAA, then we use
the new TSX_CTRL MSR to disable RTM. This MSR is provided via a microcode
update, now available on the Intel website. The kernel will automatically
enable the TAA mitigation if the updated microcode is present. If the new
microcode is not present, the user can load it via cpuctl, and set
machdep.taa.mitigated=1.


To generate a diff of this commit:
cvs rdiff -u -r1.98.2.15 -r1.98.2.16 src/sys/arch/x86/include/specialreg.h
cvs rdiff -u -r1.19.2.4 -r1.19.2.5 src/sys/arch/x86/x86/spectre.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.