diff options
author | Konstantin Belousov <kib@FreeBSD.org> | 2018-05-21 21:08:19 +0000 |
---|---|---|
committer | Konstantin Belousov <kib@FreeBSD.org> | 2018-05-21 21:08:19 +0000 |
commit | 3621ba1ede73c9bdc77a7b41965bdd70c6767b15 (patch) | |
tree | 360c1b0f1bdbfe53cc958303275299e77beadfa3 /sys/amd64/include/md_var.h | |
parent | 9be4bbbb21b3d3ba9d002ce7dc52fb212ffc0a77 (diff) | |
download | src-3621ba1ede73c9bdc77a7b41965bdd70c6767b15.tar.gz src-3621ba1ede73c9bdc77a7b41965bdd70c6767b15.zip |
Add Intel Spec Store Bypass Disable control.
Speculative Store Bypass (SSB) is a speculative execution side channel
vulnerability identified by Jann Horn of Google Project Zero (GPZ) and
Ken Johnson of the Microsoft Security Response Center (MSRC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528.
Updated Intel microcode introduces a MSR bit to disable SSB as a
mitigation for the vulnerability.
Introduce a sysctl hw.spec_store_bypass_disable to provide global
control over the SSBD bit, akin to the existing sysctl that controls
IBRS. The sysctl can be set to one of three values:
0: off
1: on
2: auto
Future work will enable applications to control SSBD on a per-process
basis (when it is not enabled globally).
SSBD bit detection and control was verified with prerelease microcode.
Security: CVE-2018-3639
Tested by: emaste (previous version, without updated microcode)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=334005
Diffstat (limited to 'sys/amd64/include/md_var.h')
-rw-r--r-- | sys/amd64/include/md_var.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/amd64/include/md_var.h b/sys/amd64/include/md_var.h index 63dabaf40470..b2a987417282 100644 --- a/sys/amd64/include/md_var.h +++ b/sys/amd64/include/md_var.h @@ -39,6 +39,7 @@ extern uint64_t *vm_page_dump; extern int hw_lower_amd64_sharedpage; extern int hw_ibrs_disable; +extern int hw_ssb_disable; /* * The file "conf/ldscript.amd64" defines the symbol "kernphys". Its |