freebsd-dev

History

Konstantin Belousov 3621ba1ede Add Intel Spec Store Bypass Disable control. Speculative Store Bypass (SSB) is a speculative execution side channel vulnerability identified by Jann Horn of Google Project Zero (GPZ) and Ken Johnson of the Microsoft Security Response Center (MSRC) https://bugs.chromium.org/p/project-zero/issues/detail?id=1528. Updated Intel microcode introduces a MSR bit to disable SSB as a mitigation for the vulnerability. Introduce a sysctl hw.spec_store_bypass_disable to provide global control over the SSBD bit, akin to the existing sysctl that controls IBRS. The sysctl can be set to one of three values: 0: off 1: on 2: auto Future work will enable applications to control SSBD on a per-process basis (when it is not enabled globally). SSBD bit detection and control was verified with prerelease microcode. Security: CVE-2018-3639 Tested by: emaste (previous version, without updated microcode) Sponsored by: The FreeBSD Foundation MFC after: 3 days		2018-05-21 21:08:19 +00:00
..
pc	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
xen	x86/xen: Consolidate xen-os.h in a single place	2015-10-21 10:04:35 +00:00
_align.h
_bus.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
_inttypes.h
_limits.h
_stdint.h
_types.h
acpica_machdep.h
apm_bios.h
asm.h	Remove lint support from system headers and MD x86 headers.	2017-11-23 11:40:16 +00:00
asmacros.h	Make the common interrupt entry point labels local labels.	2018-05-14 17:27:53 +00:00
atomic.h	Add atomic_load(9) and atomic_store(9) operations.	2017-12-19 09:59:20 +00:00
bus_dma.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
bus.h
clock.h
counter.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
cpu.h	amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits	2018-03-06 14:28:37 +00:00
cpufunc.h	Add STAC and CLAC instructions wrappers.	2018-01-14 12:39:50 +00:00
cputypes.h	Remove 'cpu' and 'cpu_class' on amd64.	2016-09-15 17:05:54 +00:00
db_machdep.h	Fix printing of negative offsets (typically from frame pointers) again.	2017-03-26 18:46:35 +00:00
dump.h
efi.h	Revert r330780, it was improperly tested and results in taking a spin	2018-03-11 20:13:15 +00:00
elf.h
endian.h
exec.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
fdt.h
float.h
floatingpoint.h	spdx: initial adoption of licensing ID tags.	2017-11-18 14:26:50 +00:00
fpu.h	Remove unused error return from API that cannot fail	2018-02-23 20:15:19 +00:00
frame.h	PTI for amd64.	2018-01-17 11:44:21 +00:00
gdb_machdep.h	amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits	2018-03-06 14:28:37 +00:00
ieeefp.h	spdx: initial adoption of licensing ID tags.	2017-11-18 14:26:50 +00:00
in_cksum.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
intr_machdep.h	Restore r331606 with a bugfix to setup cpuset_domain[] earlier on all	2018-03-28 18:47:35 +00:00
iodev.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
kdb.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
limits.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
md_var.h	Add Intel Spec Store Bypass Disable control.	2018-05-21 21:08:19 +00:00
memdev.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
metadata.h	Move amd64 metadata.h to x86 and share with i386	2016-01-07 19:47:26 +00:00
minidump.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
mp_watchdog.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
nexusvar.h
npx.h
ofw_machdep.h
param.h	spdx: initial adoption of licensing ID tags.	2017-11-18 14:26:50 +00:00
pcb.h	PTI: Trap if we returned to userspace with kernel (full) page table	2018-01-19 22:10:29 +00:00
pci_cfgreg.h
pcpu.h	Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be	2018-04-27 12:44:20 +00:00
pmap.h	Use PCID to optimize PTI.	2018-01-27 11:49:37 +00:00
pmc_mdep.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
ppireg.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
proc.h	Amd64 user_ldt_deref() is not used outside sys_machdep.c. Mark it as	2018-01-17 11:21:03 +00:00
profile.h	Remove lint support from system headers and MD x86 headers.	2017-11-23 11:40:16 +00:00
psl.h
ptrace.h
pvclock.h	Generalized parts of the XEN timer code into a generic pvclock	2015-02-04 08:26:43 +00:00
reg.h
reloc.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
resource.h
runq.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
segments.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
setjmp.h
sf_buf.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
sgx.h	Add support for Intel Software Guard Extensions (Intel SGX).	2017-08-16 10:38:06 +00:00
sgxreg.h	Add support for Intel Software Guard Extensions (Intel SGX).	2017-08-16 10:38:06 +00:00
sigframe.h
signal.h
smp.h	x86: improve reservation of AP trampoline memory	2018-04-05 14:39:51 +00:00
specialreg.h
stack.h	Merge stack(9) implementations for i386 and amd64 under x86/.	2015-09-11 03:24:07 +00:00
stdarg.h
sysarch.h
timerreg.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
trap.h
tss.h	sys: further adoption of SPDX licensing ID tags.	2017-11-20 19:43:44 +00:00
ucontext.h
vdso.h
vm.h	sys/amd64: further adoption of SPDX licensing ID tags.	2017-11-27 15:03:07 +00:00
vmm_dev.h	Add the ability to control the CPU topology of created VMs	2018-04-08 19:24:49 +00:00
vmm_instruction_emul.h	Add a new variant of the GLA2GPA ioctl for use by the debug server.	2018-02-26 19:19:05 +00:00
vmm.h	vmmdev: return EFAULT when trying to read beyond VM system memory max address	2018-05-15 17:20:58 +00:00
vmparam.h	Improve VM page queue scalability.	2018-04-24 21:15:54 +00:00