freebsd-nq/sys/amd64/vmm
Konstantin Belousov c1141fba00 Update L1TF workaround to sustain L1D pollution from NMI.
Current mitigation for L1TF in bhyve flushes L1D either by an explicit
WRMSR command, or by software reading enough uninteresting data to
fully populate all lines of L1D.  If NMI occurs after either of
methods is completed, but before VM entry, L1D becomes polluted with
the cache lines touched by NMI handlers.  There is no interesting data
which NMI accesses, but something sensitive might be co-located on the
same cache line, and then L1TF exposes that to a rogue guest.

Use VM entry MSR load list to ensure atomicity of L1D cache and VM
entry if updated microcode was loaded.  If only software flush method
is available, try to help the bhyve sw flusher by also flushing L1D on
NMI exit to kernel mode.

Suggested by and discussed with: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D16790
2018-08-19 18:47:16 +00:00
..
amd Add SPDX tags to vmm(4). 2018-06-13 07:02:58 +00:00
intel Update L1TF workaround to sustain L1D pollution from NMI. 2018-08-19 18:47:16 +00:00
io Add SPDX tags to vmm(4). 2018-06-13 07:02:58 +00:00
vmm_dev.c - Add the ability to run bhyve(8) within a jail(8). 2018-08-01 00:39:21 +00:00
vmm_host.c Correct undesirable interaction between caching of %cr4 in bhyve and 2018-04-24 13:44:19 +00:00
vmm_host.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_instruction_emul.c Add a new variant of the GLA2GPA ioctl for use by the debug server. 2018-02-26 19:19:05 +00:00
vmm_ioport.c Add SPDX tags to vmm(4). 2018-06-13 07:02:58 +00:00
vmm_ioport.h Add SPDX tags to vmm(4). 2018-06-13 07:02:58 +00:00
vmm_ktr.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_lapic.c sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_lapic.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_mem.c sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_mem.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_stat.c sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_stat.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
vmm_util.c sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm_util.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00
vmm.c vmmdev: return EFAULT when trying to read beyond VM system memory max address 2018-05-15 17:20:58 +00:00
x86.c Add the ability to control the CPU topology of created VMs 2018-04-08 19:24:49 +00:00
x86.h sys/amd64: further adoption of SPDX licensing ID tags. 2017-11-27 15:03:07 +00:00