Diffusion FreeBSD src repository c30578feeb82

Provide part of the mitigation for L1TF-VMM.
c30578feeb82
Actions

Description

Provide part of the mitigation for L1TF-VMM.

On the guest entry in bhyve, flush L1 data cache, using either L1D
flush command MSR if available, or by reading enough uninteresting
data to fill whole cache.

Flush is automatically enabled on CPUs which do not report RDCL_NO,
and can be disabled with the hw.vmm.l1d_flush tunable/kenv.

Security: CVE-2018-3646
Reviewed by: emaste. jhb, Tony Luck <tony.luck@intel.com>
Sponsored by: The FreeBSD Foundation

Details

Provenance

kib	Authored on Aug 14 2018, 5:29 PM

Parents

rG5f9f192dc531: Drop 0-byte IPv6 fragments.

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (3)

Path

Size

sys/

amd64/

vmm/

intel/

vmx.c

vmx_genassym.c

vmx_support.S

rGc30578feeb82

View Options

sys/amd64/vmm/intel/vmx.c

View Options

sys/amd64/vmm/intel/vmx_genassym.c

View Options

sys/amd64/vmm/intel/vmx_support.S

Provide part of the mitigation for L1TF-VMM.c30578feeb82Actions

Description

Details

Event Timeline

Changes (3)

rGc30578feeb82

sys/amd64/vmm/intel/vmx.c

sys/amd64/vmm/intel/vmx_genassym.c

sys/amd64/vmm/intel/vmx_support.S

Provide part of the mitigation for L1TF-VMM.
c30578feeb82
Actions