From owner-svn-src-all@freebsd.org Wed Jan 31 15:08:47 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A478ED0469 for ; Wed, 31 Jan 2018 15:08:47 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9437287BDF for ; Wed, 31 Jan 2018 15:08:46 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-wm0-x232.google.com with SMTP id f71so8848884wmf.0 for ; Wed, 31 Jan 2018 07:08:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=sLwBJUsnHg+FsJP1Wlti0bEvvQKck5Wvb3bw9VmRCCA=; b=LJaNqP0iB1A+cxDSe4m3k1v7cTpdzrK8nbSFtAyJKGF//8lRn0HOPlYLvZyt4ZVtx3 3MHAzGLLfe85vKfVQjJWlBXNZZJOjzkd8+/ZWROCg8PEzlDgic5hbbC8TSKuvwzLG3Zg OOV4AWPbM85vlLlMzur7rQzQr47EqhMwnj5gYwe5mSeIVqh1dovax/oNA+gr9odzJ7jt g0b0UZeV962PWnrfbNfsKOXzYeMfhP8VlpKY9i4IP87obQ6L7pFAG4z81iwLYpBfR0Ze HFMrvqmhOATiBg9h3tAFu/RnvbQR0qpO+ky0HyCXnmvIiItnG1P29VI030RJ1ETkxqGE tP4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=sLwBJUsnHg+FsJP1Wlti0bEvvQKck5Wvb3bw9VmRCCA=; b=sWQTDw79NkukCBHvMERE+OTgrYDv6o4/1Ty6oEojaHGzzAR3Tvt1KCc+7ejFwAz0KH DL/ZDiZ2q1l1pgqpcBqBMBymLDWpOxIvzQ9K8uK/9ILqgtxPVDDKLBntS/cp3IaDnaC7 JCqjM39S0HpS+3QTFBg6S8oRt1RdYSF8knau8JxNZX/5hq4znuHAq2hq1QtWm/o514dk W/Svsi+T7ZtJ1XRkISB6ij0PwXpL/+BxuSLIGykVONOtwAZd1tzOVoQxOpw8ZIoPe8uq uTwVfkPXrOTMqDXQh5y+0EB5X2LU7bewF7YxrwTQJbrqvLukd8B89yslQdxNuH8Scnc7 iF5w== X-Gm-Message-State: AKwxytdkVixzrAorkWfW7qiVmeBSQThh9aYoEkNaRr1ENjVy9bprh8oA /LvT3KGOKu7ndjJM7iAkK465u/DAO9Q= X-Google-Smtp-Source: AH8x226XTyzVfztusqjuqLxxuEVTMbdY8bD4k+H/zgGkWdBXhtBPjM4+p+CgI+7OPqWT2BB7t2bZqQ== X-Received: by 10.80.135.156 with SMTP id a28mr5715914eda.51.1517411325312; Wed, 31 Jan 2018 07:08:45 -0800 (PST) Received: from mutt-hbsd (exit1.ipredator.se. [197.231.221.211]) by smtp.gmail.com with ESMTPSA id z49sm9153451edd.93.2018.01.31.07.08.42 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 31 Jan 2018 07:08:44 -0800 (PST) Date: Wed, 31 Jan 2018 10:08:30 -0500 From: Shawn Webb To: Konstantin Belousov Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328625 - in head/sys: amd64/amd64 amd64/ia32 amd64/include dev/cpuctl i386/i386 x86/include x86/x86 Message-ID: <20180131150830.xjovkkavh44kkegv@mutt-hbsd> References: <201801311436.w0VEaRrZ030839@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="okxnasalwif4s3f7" Content-Disposition: inline In-Reply-To: <201801311436.w0VEaRrZ030839@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20171215 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2018 15:08:47 -0000 --okxnasalwif4s3f7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 31, 2018 at 02:36:27PM +0000, Konstantin Belousov wrote: > Author: kib > Date: Wed Jan 31 14:36:27 2018 > New Revision: 328625 > URL: https://svnweb.freebsd.org/changeset/base/328625 >=20 > Log: > IBRS support, AKA Spectre hardware mitigation. > =20 > It is coded according to the Intel document 336996-001, reading of the > patches posted on lkml, and some additional consultations with Intel. > =20 > For existing processors, you need a microcode update which adds IBRS > CPU features, and to manually enable it by setting the tunable/sysctl > hw.ibrs_disable to 0. Current status can be checked in sysctl > hw.ibrs_active. The mitigation might be inactive if the CPU feature > is not patched in, or if CPU reports that IBRS use is not required, by > IA32_ARCH_CAP_IBRS_ALL bit. > =20 > Sponsored by: The FreeBSD Foundation > MFC after: 1 week > Differential revision: https://reviews.freebsd.org/D14029 Hey Kostik, Thank you very much for your work on this. I'm curious why you disable IBPB for userland. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --okxnasalwif4s3f7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlpx2+oACgkQaoRlj1JF bu5ayQ//WhBuFx+pvL212qCVpw5/wjFxN+cSizCXu1vBieNPGwTDlXm659GUtcD+ DBCFcKd92gQTnVGzgnNviuIZ67o5kdKl/DEhAdqKbPNKtiLZUGkFVyzq4aVVoqnZ gD2TLLIAeAoBWtejujvXF+T6dX7zybWYWgpDTVqYPY05s6dW9ui32Lo1KOrpznrR /SjhDRz2tiM3CxPyiTwTIdzOXFlkkNc9qYWwIfgV4rKPB+UdiOWpwrgmYBXZn+Sw kS/sbexo/rsyn9iCkwoKAJyo34YZHNqHu/5c3SdDn7/NsD/gmV7EZ85zxVXVT57E GJ++WgG53SLoMTDbWZW8YrrYUZFy+vNBoYVUQvNgULIVkUJbwetXw28PoLGaDwBD zaA79T95SUGlsV36p4qCpFnUQ4pzPVxukydISBHxJ2MA+ecarwGyTRYktK2BTpJe BAlkcyRt2NYxp8lo7KQ/SGS60M7LSEwAoJGl2ZYf2DO8KfFg1g/Pgnt3NsvyWkQy IINDDw96nNpV+8vv+BlfLs0hv582MTCVToBJ/Hkm2C1RCkrdULsWZpR73Nysk3D8 +o+38fTZ5ZeqvDyUeSgEfYfZt00QYSApUVUUFA8W1MQbXFnuDso3/ptmNUaPXwBJ aOvtA/0rkplFUFMDFy8fD48NH9rtTd8kCK01hhLzi0aAYnN+3+o= =Go35 -----END PGP SIGNATURE----- --okxnasalwif4s3f7--