NetBSD/src 0tjUoja — sys/arch/x86/include specialreg.h, sys/arch/x86/x86 spectre.c
Mitigation for CVE-2019-11135: TSX Asynchronous Abort (TAA).
Two sysctls are added:
machdep.taa.mitigated = {0/1} user-settable
machdep.taa.method = {string} constructed by the kernel
There are two cases:
(1) If the CPU is affected by MDS, then the MDS mitigation will also
mitigate TAA, and we have nothing else to do. We make the 'mitigated' leaf
read-only, and force:
machdep.taa.mitigated = machdep.mds.mitigated
machdep.taa.method = [MDS]
The kernel already enables the MDS mitigation by default.
(2) If the CPU is not affected by MDS but is affected by TAA, then we use
the new TSX_CTRL MSR to disable RTM. This MSR is provided via a microcode
update, now available on the Intel website. The kernel will automatically
enable the TAA mitigation if the updated microcode is present. If the new
microcode is not present, the user can load it via cpuctl, and set
machdep.taa.mitigated=1.
UnifiedSplitRaw