freebsd-nq/sys/x86
Scott Long e372160177 TSX Asynchronous Abort mitigation for Intel CVE-2019-11135.
This CVE has already been announced in FreeBSD SA-19:26.mcu.

Mitigation for TAA involves either turning off TSX or turning on the
VERW mitigation used for MDS. Some CPUs will also be self-mitigating
for TAA and require no software workaround.

Control knobs are:
machdep.mitigations.taa.enable:
        0 - no software mitigation is enabled
        1 - attempt to disable TSX
        2 - use the VERW mitigation
        3 - automatically select the mitigation based on processor
	    features.

machdep.mitigations.taa.state:
        inactive        - no mitigation is active/enabled
        TSX disable     - TSX is disabled in the bare metal CPU as well as
                        - any virtualized CPUs
        VERW            - VERW instruction clears CPU buffers
	not vulnerable	- The CPU has identified itself as not being
			  vulnerable

Nothing in the base FreeBSD system uses TSX.  However, the instructions
are straight-forward to add to custom applications and require no kernel
support, so the mitigation is provided for users with untrusted
applications and tenants.

Reviewed by:	emaste, imp, kib, scottph
Sponsored by:	Intel
Differential Revision:	22374
2019-11-16 00:26:42 +00:00
..
acpica Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
bios sys/x86: further adoption of SPDX licensing ID tags. 2017-11-27 15:11:47 +00:00
conf Floppy driver really only works on x86 2019-08-12 22:58:50 +00:00
cpufreq Extract eventfilter declarations to sys/_eventfilter.h 2019-05-20 00:38:23 +00:00
include TSX Asynchronous Abort mitigation for Intel CVE-2019-11135. 2019-11-16 00:26:42 +00:00
iommu Complete the removal of the "wire_count" field from struct vm_page. 2019-09-25 16:11:35 +00:00
isa Fix amd64/i386 LINT build after r344982 2019-03-11 19:46:15 +00:00
pci Add pci_early function to detect Intel stolen memory. 2018-10-31 23:17:00 +00:00
x86 TSX Asynchronous Abort mitigation for Intel CVE-2019-11135. 2019-11-16 00:26:42 +00:00
xen xen: fix dispatching of NMIs 2019-11-12 10:31:28 +00:00