CommitterKonstantin Belousov (kib) (1)
AuthorKonstantin Belousov (kib) (1)
Branchesreleng/13.0 (1)


FreeBSD/src c08973d (r354649)share/man/man7 security.7, sys/amd64/amd64 pmap.c

by Konstantin Belousov (kib) on ⎇
Workaround for Intel SKL002/SKL012S errata.

Disable the use of executable 2M page mappings in EPT-format page
tables on affected CPUs.  For bhyve virtual machines, this effectively
disables all use of superpage mappings on affected CPUs.  The
vm.pmap.allow_2m_x_ept sysctl can be set to override the default and
enable mappings on affected CPUs.

Alternate approaches have been suggested, but at present we do not
believe the complexity is warranted for typical bhyve's use cases.

Reviewed by:    alc, emaste, markj, scottl
Security:       CVE-2018-12207
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D21884
DeltaFile
+67-1sys/amd64/amd64/pmap.c
+8-1share/man/man7/security.7
+5-0sys/dev/cpuctl/cpuctl.c
+1-0sys/amd64/include/pmap.h
+1-0sys/x86/include/specialreg.h
+82-25 files

UnifiedSplitRaw