Do not consider CAP_RDCL_NO as an indicator for all MDS vulnerabilities

handled by hardware. Reported by: Anthony Steinhauser <asteinhauser@google.com> admbugs: 962 Sponsored by: The FreeBSD Foundation MFC after: 1 week
2020-05-20 21:22:25 +00:00 · 2020-05-20 21:22:25 +00:00 · 36e1ad61e8
commit 36e1ad61e8
parent 3e9470482a
1 changed files with 3 additions and 3 deletions
--- a/sys/x86/x86/cpu_machdep.c
+++ b/sys/x86/x86/cpu_machdep.c
@ -1078,11 +1078,11 @@ hw_mds_recalculate(void)
 	 * reported.  For instance, hypervisor might unknowingly
 	 * filter the cap out.
 	 * For the similar reasons, and for testing, allow to enable
-	 * mitigation even for RDCL_NO or MDS_NO caps.
+	 * mitigation even when MDS_NO cap is set.
 	 */
 	if (cpu_vendor_id != CPU_VENDOR_INTEL || hw_mds_disable == 0 ||
-	    ((cpu_ia32_arch_caps & (IA32_ARCH_CAP_RDCL_NO |
-	    IA32_ARCH_CAP_MDS_NO)) != 0 && hw_mds_disable == 3)) {
+	    ((cpu_ia32_arch_caps & IA32_ARCH_CAP_MDS_NO) != 0 &&
+	    hw_mds_disable == 3)) {
 		mds_handler = mds_handler_void;
 	} else if (((cpu_stdext_feature3 & CPUID_STDEXT3_MD_CLEAR) != 0 &&
 	    hw_mds_disable == 3) || hw_mds_disable == 1) {