From owner-svn-doc-head@freebsd.org  Wed May 15 23:32:58 2019
Return-Path: <owner-svn-doc-head@freebsd.org>
Delivered-To: svn-doc-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CC8915A5240;
 Wed, 15 May 2019 23:32:58 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4ADB475DD8;
 Wed, 15 May 2019 23:32:58 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 246E918AFF;
 Wed, 15 May 2019 23:32:58 +0000 (UTC)
 (envelope-from gordon@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x4FNWwjF033246;
 Wed, 15 May 2019 23:32:58 GMT (envelope-from gordon@FreeBSD.org)
Received: (from gordon@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x4FNWvZW033241;
 Wed, 15 May 2019 23:32:57 GMT (envelope-from gordon@FreeBSD.org)
Message-Id: <201905152332.x4FNWvZW033241@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gordon set sender to
 gordon@FreeBSD.org using -f
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Wed, 15 May 2019 23:32:57 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r53031 - in head/share/security: advisories
 patches/SA-19:07
X-SVN-Group: doc-head
X-SVN-Commit-Author: gordon
X-SVN-Commit-Paths: in head/share/security: advisories patches/SA-19:07
X-SVN-Commit-Revision: 53031
X-SVN-Commit-Repository: doc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4ADB475DD8
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.95 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.95)[-0.948,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-doc-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the doc tree for head
 <svn-doc-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-head/>
List-Post: <mailto:svn-doc-head@freebsd.org>
List-Help: <mailto:svn-doc-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 23:32:59 -0000

Author: gordon (src committer)
Date: Wed May 15 23:32:56 2019
New Revision: 53031
URL: https://svnweb.freebsd.org/changeset/doc/53031

Log:
  Republish the SA-19:07.mds advisory due to 12.0-RELEASE i386 panic.
  
  Approved by:	so

Added:
  head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch   (contents, props changed)
  head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch.asc   (contents, props changed)
Modified:
  head/share/security/advisories/FreeBSD-SA-19:07.mds.asc
  head/share/security/patches/SA-19:07/mds.12.0.patch
  head/share/security/patches/SA-19:07/mds.12.0.patch.asc

Modified: head/share/security/advisories/FreeBSD-SA-19:07.mds.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-19:07.mds.asc	Wed May 15 19:52:47 2019	(r53030)
+++ head/share/security/advisories/FreeBSD-SA-19:07.mds.asc	Wed May 15 23:32:56 2019	(r53031)
@@ -14,7 +14,7 @@ Credits:        Refer to Intel's security advisory at 
                 detailed acknowledgements.
 Affects:        All supported versions of FreeBSD.
 Corrected:      2019-05-14 17:04:00 UTC (stable/12, 12.0-STABLE)
-                2019-05-14 23:19:08 UTC (releng/12.0, 12.0-RELEASE-p4)
+                2019-05-15 13:44:27 UTC (releng/12.0, 12.0-RELEASE-p5)
                 2019-05-14 17:05:02 UTC (stable/11, 11.3-PRERELEASE)
                 2019-05-14 23:20:16 UTC (releng/11.2, 11.2-RELEASE-p10)
 CVE Name:       CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
@@ -31,6 +31,7 @@ v1.1   2019-05-15  Fixed date on microcode update pack
 v1.2   2019-05-15  Userland startup microcode update details added.
                    Add language specifying which manufacturers is affected.
 v1.3   2019-05-15  Minor quoting nit for the HT disable loader config.
+v2.0   2019-05-15  Rerelease 12.0-RELEASE patch as -p5 due to i386 panic bug.
 
 I.   Background
 
@@ -104,16 +105,29 @@ FreeBSD release branches.
 a) Download the relevant patch from the location below, and verify the
 detached PGP signature using your PGP utility.
 
+[*** v2.0 NOTE *** Only applies to 12.0-RELEASE ***]
+Due to an error in the 12.0-RELEASE affecting the i386 architecture, a new
+set of patches is being released.  If your 12.0-RELEASE sources are not yet
+patched using the initially published patch, then you need to apply the
+mds.12.0.patch. If your sources are already updated, or patched with the
+patch from the initial advisory, then you need to apply the incremental
+patch, named mds.12.0.p4p5.patch
+
 [FreeBSD 12.0-STABLE]
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12-stable.patch
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12-stable.patch.asc
 # gpg --verify mds.12-stable.patch.asc
 
-[FreeBSD 12.0-RELEASE]
+[FreeBSD 12.0-RELEASE, not patched with initial SA-19:07.mds patch]
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.patch
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.patch.asc
 # gpg --verify mds.12.0.patch.asc
 
+[FreeBSD 12.0-RELEASE, patched with initial SA-19:07.mds patch]
+# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.p4p5.patch
+# fetch https://security.FreeBSD.org/patches/SA-19:07/mds.12.0.p4p5.patch.asc
+# gpg --verify mds.12.0.p4p5.patch.asc
+
 [FreeBSD 11.3-PRERELEASE]
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11-stable.patch
 # fetch https://security.FreeBSD.org/patches/SA-19:07/mds.11-stable.patch.asc
@@ -170,7 +184,7 @@ affected branch.
 Branch/path                                                      Revision
 - -------------------------------------------------------------------------
 stable/12/                                                        r347567
-releng/12.0/                                                      r346594
+releng/12.0/                                                      r347632
 stable/11/                                                        r347568
 releng/11.2/                                                      r347595
 - -------------------------------------------------------------------------
@@ -194,19 +208,19 @@ The latest revision of this advisory is available at
 <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc>
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcbGNfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzciUJfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cIlKw/+MxbSJYXnq2icpzhouV84BYjLSO4INwckgtYRnHNuS3DnxFctbu4NMqLp
-JIualHdDoX3qSbiZrZ0sEY5+gvFrfgOfIbtsSopT3qnyBKF2w97M1lYxI8ylnGRM
-pYv+pV4MVvagl8xwvhScHq2ylSLU0x6tN2UV2htD98coaEnzNNAiPU049p8Hd3vk
-29kZPr9nYNRqww3kacoWUoLhv5JF11P0Ez0Xh+YVU2kuvV7uh/Q1RVvtr94T30wk
-xQSQCoHfeNQFP/S/Mz4aze2p/NgZkEcNXl2JgZMBiMcoKHuIWCUSCLG3zVfCnDwl
-AANWt3q+LJI/dQ/6BWUuc7qejuQx2/qBjoPILbi9yf3/MS5waouOaGn04iQQhKcQ
-iE4g4YqyyeZYY7A8BGZedu8vICq4C5BluLUzLuvGdWW8sRTaRNgnCz5Pl3mzPU9k
-rbvlk6vO97z7TURdS8DeCcxwyiNsLTeFjZBHrZK+k1xLcKuFGCq4/nv/HHNiW0/e
-jOUwycDhd2W3zmRDwtnnwu6/49K/qK029b2wBmQdLOW7EDBVrBsPiFSuhBw3QCJg
-j4zPv6o9r7PheqcnTTEMJm4ZWVeCMFLoXMz4C7CICoZHLUaRxx+BTQyu6wnz2/f+
-Ivm/MrtmtVegZwI2oF+rl9PNSMr+jpPdj5QHHPM/J5ETiwKPoPI=
-=W6aR
+5cKc2w//UxEu2JWDEJnpGuYv/Hh+PAEsWjzG2mCuFmriF7//deJTbwWybJk0DXhU
+n6HCdw47nG/uVaeVOw921BRpJMK9bqpqr80VXKturOacS6kaQmMCXS+ZyPytZT0K
+XJIgM3QrHsUUd6FnCHZ6Z6PBRLWl72RvNm8b2ZUE32puALlEeDCcd9PP3pyPITgj
+iU3gP05GafKzG/7liqQuWPffRqAq4oQyQYCjkRfBdPNlacACvbtAXNnDPnwkfIqg
+Si2Svj2TDS0eTxC5fspQtdWkKru50ZHTFFsoNhT33uX9L1Yr8ui+ajRG0Zxd81fj
+0YGGat9QhzF6R2dywU75wXRveM/VMXj2wy5/CWBVI9kY84SeqcDDdkksG3iMC63Q
+ebkZF38kbZ85Xwpi3z2yHxw16yKg0pLNryW/GBp0xyJz5ivFhgpeFWEHfmjmiX+u
+Ka0E5RgCHh/eNAihbU8XN9MLnHToaX3mlEM+He+YsAXCMutaiSKaFpUhEs7uVmqu
+r8YIYLbxJcIfqrRyIJtn9RpWisxJfo/RVLyE3QDg7Pg5x6QeVysyuYkbeOdIk75e
+KW5B0b3eKh8Xu0mZqexdL9Hb1kEii5RxbSU5qLYoKfkMSo4/dLKgJwYZH61EC5cP
+dEj/KaIAdMA0VMi8XQfAsPIR4FKhKcd5tUazjBaW97WJjha0dog=
+=StiT
 -----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch	Wed May 15 23:32:56 2019	(r53031)
@@ -0,0 +1,20 @@
+Index: sys/i386/i386/initcpu.c
+===================================================================
+--- sys/i386/i386/initcpu.c	(revision 347631)
++++ sys/i386/i386/initcpu.c	(revision 347632)
+@@ -745,7 +745,6 @@
+ 		cpu_fxsr = hw_instruction_sse = 1;
+ 	}
+ #if defined(PAE) || defined(PAE_TABLES)
+-	hw_mds_recalculate();
+ 	if ((amd_feature & AMDID_NX) != 0) {
+ 		uint64_t msr;
+ 
+@@ -755,6 +754,7 @@
+ 		elf32_nxstack = 1;
+ 	}
+ #endif
++	hw_mds_recalculate();
+ }
+ 
+ void

Added: head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-19:07/mds.12.0.p4p5.patch.asc	Wed May 15 23:32:56 2019	(r53031)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzciVtfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cK2Ww/9GtlX5nZh0wb2cHXO/qJ3Us4dT9U66lGLrLqNID+bYMvosoTjS4K//lwz
+RME/1CX2N5zXxzB3a3zqiTVS4MiaY22hT5Xjq0tXNd3JjolpIuEM2pmU9zx/Y1pA
+gfn0F3Ke4V5vBVvON7CpCJ+gccq7baLfPDcGs+sRhBFCanoDLc94BKkMDmjJQ8Ch
+0soLccxOMVpn2+/95pQsKbl2j40GYiyW+a+DjHlnvof6b+BO6cM84uJfcmiA/pd8
+myWd0HEjJOh8Ji3Ujsruhq/uGOHF2hMnY2qI2wQ4ndhfBz3nfDdQOyHva2LrmGeb
+CY7MSw3d+/3TuNyeW+DiVcfPrPRDGaVSOdm4b48JQhBOaj/MBhuO0qrA5GHPBt7X
+2PHZbQC4yaKzB2YJ5hH/ifTYQY/Pr9lrunosfYXsgVl7YPRXdJ15xJw8aMafh9DW
+17hk0FoYdG5BaafClNlP2kajuktsyjCOZvfs0NZ9Bba0Xeq5L9BPFQu9SWMKHpB1
+L+RE16Dxh0zk4YRfcBnG37rrVjqwq+qpPZANNi6kkB53c99TNOnx6gJcKkiI1dA0
+HdCHI7iu+ldfs88u7LG56MRuZw34rZCA8mirRx4FGEgRbNh164VoVnop1lx26AXO
+LOei7IMuUkT8TWHKj8+v2IbVOW/aKtP59f+eDuq+Y6oTmDXcOeM=
+=eIZs
+-----END PGP SIGNATURE-----

Modified: head/share/security/patches/SA-19:07/mds.12.0.patch
==============================================================================
--- head/share/security/patches/SA-19:07/mds.12.0.patch	Wed May 15 19:52:47 2019	(r53030)
+++ head/share/security/patches/SA-19:07/mds.12.0.patch	Wed May 15 23:32:56 2019	(r53031)
@@ -1,8 +1,8 @@
 Index: sys/amd64/amd64/exception.S
 ===================================================================
---- sys/amd64/amd64/exception.S	(revision 347487)
-+++ sys/amd64/amd64/exception.S	(working copy)
-@@ -512,6 +512,7 @@ fast_syscall_common:
+--- sys/amd64/amd64/exception.S	(revision 347593)
++++ sys/amd64/amd64/exception.S	(revision 347632)
+@@ -512,6 +512,7 @@
  	testl	$TDF_ASTPENDING | TDF_NEEDRESCHED,TD_FLAGS(%rax)
  	jne	3f
  	call	handle_ibrs_exit
@@ -10,7 +10,7 @@ Index: sys/amd64/amd64/exception.S
  	/* Restore preserved registers. */
  	MEXITCOUNT
  	movq	TF_RDI(%rsp),%rdi	/* bonus; preserve arg 1 */
-@@ -1157,6 +1158,7 @@ ld_regs:
+@@ -1157,6 +1158,7 @@
  	jz	2f			/* keep running with kernel GS.base */
  	cli
  	call	handle_ibrs_exit_rs
@@ -20,9 +20,9 @@ Index: sys/amd64/amd64/exception.S
  	pushq	%rdx
 Index: sys/amd64/amd64/genassym.c
 ===================================================================
---- sys/amd64/amd64/genassym.c	(revision 347487)
-+++ sys/amd64/amd64/genassym.c	(working copy)
-@@ -233,6 +233,9 @@ ASSYM(PC_PTI_STACK, offsetof(struct pcpu, pc_pti_s
+--- sys/amd64/amd64/genassym.c	(revision 347593)
++++ sys/amd64/amd64/genassym.c	(revision 347632)
+@@ -233,6 +233,9 @@
  ASSYM(PC_PTI_STACK_SZ, PC_PTI_STACK_SZ);
  ASSYM(PC_PTI_RSP0, offsetof(struct pcpu, pc_pti_rsp0));
  ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
@@ -34,9 +34,9 @@ Index: sys/amd64/amd64/genassym.c
  ASSYM(LA_ISR, LAPIC_ISR0 * LAPIC_MEM_MUL);
 Index: sys/amd64/amd64/initcpu.c
 ===================================================================
---- sys/amd64/amd64/initcpu.c	(revision 347487)
-+++ sys/amd64/amd64/initcpu.c	(working copy)
-@@ -253,6 +253,7 @@ initializecpu(void)
+--- sys/amd64/amd64/initcpu.c	(revision 347593)
++++ sys/amd64/amd64/initcpu.c	(revision 347632)
+@@ -253,6 +253,7 @@
  	}
  	hw_ibrs_recalculate();
  	hw_ssb_recalculate(false);
@@ -46,9 +46,9 @@ Index: sys/amd64/amd64/initcpu.c
  		init_amd();
 Index: sys/amd64/amd64/machdep.c
 ===================================================================
---- sys/amd64/amd64/machdep.c	(revision 347487)
-+++ sys/amd64/amd64/machdep.c	(working copy)
-@@ -1878,6 +1878,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
+--- sys/amd64/amd64/machdep.c	(revision 347593)
++++ sys/amd64/amd64/machdep.c	(revision 347632)
+@@ -1878,6 +1878,7 @@
  
  	TUNABLE_INT_FETCH("hw.ibrs_disable", &hw_ibrs_disable);
  	TUNABLE_INT_FETCH("hw.spec_store_bypass_disable", &hw_ssb_disable);
@@ -58,8 +58,8 @@ Index: sys/amd64/amd64/machdep.c
  
 Index: sys/amd64/amd64/support.S
 ===================================================================
---- sys/amd64/amd64/support.S	(revision 347487)
-+++ sys/amd64/amd64/support.S	(working copy)
+--- sys/amd64/amd64/support.S	(revision 347593)
++++ sys/amd64/amd64/support.S	(revision 347632)
 @@ -1,8 +1,13 @@
  /*-
 + * Copyright (c) 2018-2019 The FreeBSD Foundation
@@ -74,7 +74,7 @@ Index: sys/amd64/amd64/support.S
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
-@@ -1586,3 +1591,246 @@ ENTRY(flush_l1d_sw)
+@@ -1586,3 +1591,246 @@
  	ret
  #undef	L1D_FLUSH_SIZE
  END(flush_l1d_sw)
@@ -323,8 +323,8 @@ Index: sys/amd64/amd64/support.S
 +END(mds_handler_silvermont)
 Index: sys/amd64/include/pcpu.h
 ===================================================================
---- sys/amd64/include/pcpu.h	(revision 347487)
-+++ sys/amd64/include/pcpu.h	(working copy)
+--- sys/amd64/include/pcpu.h	(revision 347593)
++++ sys/amd64/include/pcpu.h	(revision 347632)
 @@ -76,7 +76,11 @@
  	uint32_t pc_pcid_gen;						\
  	uint32_t pc_smp_tlb_done;	/* TLB op acknowledgement */	\
@@ -340,9 +340,9 @@ Index: sys/amd64/include/pcpu.h
  #define	PC_DBREG_CMD_LOAD	1
 Index: sys/dev/cpuctl/cpuctl.c
 ===================================================================
---- sys/dev/cpuctl/cpuctl.c	(revision 347487)
-+++ sys/dev/cpuctl/cpuctl.c	(working copy)
-@@ -521,6 +521,7 @@ cpuctl_do_eval_cpu_features(int cpu, struct thread
+--- sys/dev/cpuctl/cpuctl.c	(revision 347593)
++++ sys/dev/cpuctl/cpuctl.c	(revision 347632)
+@@ -521,6 +521,7 @@
  	hw_ibrs_recalculate();
  	restore_cpu(oldcpu, is_bound, td);
  	hw_ssb_recalculate(true);
@@ -352,9 +352,9 @@ Index: sys/dev/cpuctl/cpuctl.c
  }
 Index: sys/i386/i386/exception.s
 ===================================================================
---- sys/i386/i386/exception.s	(revision 347487)
-+++ sys/i386/i386/exception.s	(working copy)
-@@ -518,6 +518,8 @@ doreti_exit:
+--- sys/i386/i386/exception.s	(revision 347593)
++++ sys/i386/i386/exception.s	(revision 347632)
+@@ -518,6 +518,8 @@
  2:	movl	$handle_ibrs_exit,%eax
  	pushl	%ecx			/* preserve enough call-used regs */
  	call	*%eax
@@ -365,9 +365,9 @@ Index: sys/i386/i386/exception.s
  	movl	PCPU(TRAMPSTK), %edx
 Index: sys/i386/i386/genassym.c
 ===================================================================
---- sys/i386/i386/genassym.c	(revision 347487)
-+++ sys/i386/i386/genassym.c	(working copy)
-@@ -222,6 +222,9 @@ ASSYM(PC_KESP0, offsetof(struct pcpu, pc_kesp0));
+--- sys/i386/i386/genassym.c	(revision 347593)
++++ sys/i386/i386/genassym.c	(revision 347632)
+@@ -222,6 +222,9 @@
  ASSYM(PC_TRAMPSTK, offsetof(struct pcpu, pc_trampstk));
  ASSYM(PC_COPYOUT_BUF, offsetof(struct pcpu, pc_copyout_buf));
  ASSYM(PC_IBPB_SET, offsetof(struct pcpu, pc_ibpb_set));
@@ -379,21 +379,21 @@ Index: sys/i386/i386/genassym.c
  ASSYM(LA_EOI, LAPIC_EOI * LAPIC_MEM_MUL);
 Index: sys/i386/i386/initcpu.c
 ===================================================================
---- sys/i386/i386/initcpu.c	(revision 347487)
-+++ sys/i386/i386/initcpu.c	(working copy)
-@@ -745,6 +745,7 @@ initializecpu(void)
- 		cpu_fxsr = hw_instruction_sse = 1;
+--- sys/i386/i386/initcpu.c	(revision 347593)
++++ sys/i386/i386/initcpu.c	(revision 347632)
+@@ -754,6 +754,7 @@
+ 		elf32_nxstack = 1;
  	}
- #if defined(PAE) || defined(PAE_TABLES)
+ #endif
 +	hw_mds_recalculate();
- 	if ((amd_feature & AMDID_NX) != 0) {
- 		uint64_t msr;
+ }
  
+ void
 Index: sys/i386/i386/support.s
 ===================================================================
---- sys/i386/i386/support.s	(revision 347487)
-+++ sys/i386/i386/support.s	(working copy)
-@@ -472,3 +472,194 @@ ENTRY(handle_ibrs_exit)
+--- sys/i386/i386/support.s	(revision 347593)
++++ sys/i386/i386/support.s	(revision 347632)
+@@ -472,3 +472,194 @@
  	movb	$0,PCPU(IBPB_SET)
  1:	ret
  END(handle_ibrs_exit)
@@ -590,8 +590,8 @@ Index: sys/i386/i386/support.s
 +END(mds_handler_silvermont)
 Index: sys/i386/include/pcpu.h
 ===================================================================
---- sys/i386/include/pcpu.h	(revision 347487)
-+++ sys/i386/include/pcpu.h	(working copy)
+--- sys/i386/include/pcpu.h	(revision 347593)
++++ sys/i386/include/pcpu.h	(revision 347632)
 @@ -77,10 +77,14 @@
  	struct	sx pc_copyout_slock;					\
  	char	*pc_copyout_buf;					\
@@ -611,8 +611,8 @@ Index: sys/i386/include/pcpu.h
  
 Index: sys/x86/include/specialreg.h
 ===================================================================
---- sys/x86/include/specialreg.h	(revision 347487)
-+++ sys/x86/include/specialreg.h	(working copy)
+--- sys/x86/include/specialreg.h	(revision 347593)
++++ sys/x86/include/specialreg.h	(revision 347632)
 @@ -425,6 +425,7 @@
  /*
   * CPUID instruction 7 Structured Extended Features, leaf 0 edx info
@@ -631,9 +631,9 @@ Index: sys/x86/include/specialreg.h
   * CPUID manufacturers identifiers
 Index: sys/x86/include/x86_var.h
 ===================================================================
---- sys/x86/include/x86_var.h	(revision 347487)
-+++ sys/x86/include/x86_var.h	(working copy)
-@@ -85,6 +85,7 @@ extern	uint64_t xsave_mask;
+--- sys/x86/include/x86_var.h	(revision 347593)
++++ sys/x86/include/x86_var.h	(revision 347632)
+@@ -85,6 +85,7 @@
  extern	u_int	max_apic_id;
  extern	int	pti;
  extern	int	hw_ibrs_active;
@@ -641,7 +641,7 @@ Index: sys/x86/include/x86_var.h
  extern	int	hw_ssb_active;
  
  struct	pcb;
-@@ -139,6 +140,7 @@ int	isa_nmi(int cd);
+@@ -139,6 +140,7 @@
  void	handle_ibrs_entry(void);
  void	handle_ibrs_exit(void);
  void	hw_ibrs_recalculate(void);
@@ -651,9 +651,9 @@ Index: sys/x86/include/x86_var.h
  void	nmi_call_kdb_smp(u_int type, struct trapframe *frame);
 Index: sys/x86/x86/cpu_machdep.c
 ===================================================================
---- sys/x86/x86/cpu_machdep.c	(revision 347487)
-+++ sys/x86/x86/cpu_machdep.c	(working copy)
-@@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$");
+--- sys/x86/x86/cpu_machdep.c	(revision 347593)
++++ sys/x86/x86/cpu_machdep.c	(revision 347632)
+@@ -61,6 +61,7 @@
  #include <sys/systm.h>
  #include <sys/bus.h>
  #include <sys/cpu.h>
@@ -661,7 +661,7 @@ Index: sys/x86/x86/cpu_machdep.c
  #include <sys/kdb.h>
  #include <sys/kernel.h>
  #include <sys/ktr.h>
-@@ -915,7 +916,204 @@ SYSCTL_PROC(_hw, OID_AUTO, spec_store_bypass_disab
+@@ -915,7 +916,204 @@
      hw_ssb_disable_handler, "I",
      "Speculative Store Bypass Disable (0 - off, 1 - on, 2 - auto");
  

Modified: head/share/security/patches/SA-19:07/mds.12.0.patch.asc
==============================================================================
--- head/share/security/patches/SA-19:07/mds.12.0.patch.asc	Wed May 15 19:52:47 2019	(r53030)
+++ head/share/security/patches/SA-19:07/mds.12.0.patch.asc	Wed May 15 23:32:56 2019	(r53031)
@@ -1,18 +1,18 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzbTz5fFIAAAAAALgAo
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzciVhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
 MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cK7PRAAiK8IWVyHOwKuCTq95qQ7l57bJPeciIthl7qweKeilQy1/k4NnQBN3ix0
-ZHBDxUaeu4AyIz7AZR0h38DZtYdDx1lYc7v3F7ydf5GAd2cmzHFDLcj/85LExF2e
-8tmMaB/9sXS2aSrqvYkSRpHZRjxZbBNHCGXWboyYXjcgtVij5/2qhKEELxx2IasO
-AQU0aOMdgkkKNkWyabGfT2bEObP8CCszymrarOLYHEglYxt4GuRKD88Tlosk7Ks4
-4Gzk+sw9zKJzFRBj3kf0gocd6gbesAmPAl+zrx6Uv4m6yfsaX+3LZDG/nOPiLqmq
-sEkVNusYC2PtauurrP6PL4IdAy4wyf1Br+9Cfag7ZQBwONZVLIwU+hwnlYJaz64l
-pyZ0JP0HWNH668fUsQx+WLADW6JNnMZvK4CsCawcph1CIWzKVUk9LQCrwwz1T66e
-r0Kgt4UjAv+k5jIDRaL7k6Cgs15bhDplad4UBz7c7jiBaQVs8nn+XsbzkfhMp1eH
-VwQN1x/j0cLWsIiz75jT3pIKqqMeQSD6/l9HT+dMXdlpsESTBubCfahzg4g6hc5K
-Bix71M41d30pPhvwXGeEEh3t1YvxigyhbjP6vRGl3w6nCSNriSS4kljXDfOrrKdi
-Eutxciow24U8phAeILxbgFthKvvNuEntmfw9Y/vS6u8BvYvKeQQ=
-=oWiG
+5cKnFRAApFnndBamehRcWQUIZOUimyK3RIFtNR/jM05kuN4wDGxiiUSf1Zpzq5/S
+aUJ/lLb++U7QeTV61rRGTo/3u6BApay40C78cDaCsc5mtobI5EX1P3BrF0zs3STm
+J0IUp28EY6bvhBKxhiP/IouDaJKt5z2cm6eDFfpqJpIbrNL8DnR6zr0iaLHb78HL
+IW9mTxvotHxwUDq+X+YbFsqB1I3bzgCMamfX7vewA65hZWySCzPD/Ts2P6Jq8Jqk
+xHtdZWdWPtgLVyQz4Vca2kSq3anePznAJKGd9CHM0NxO3hdWgsTtbhgj1lsl6z1F
+qcvuwWq5/HdR6WIdOAMVN9gBLcESuayu/y/RL6Dr/3BTvdfGfK1LMuI/XlnGxfU6
+GbOiJBTGdOY7cPXfwNjvTxDeVLGXd918+/dLdsR7qo0kWBm1yoCpTmQgVRis8xVZ
+2fQ++aXJQGwY42JffQ6hh4Wkwt1BPUokf1iHDdIVebYQHPze068s5PSFxN116IdQ
+iHDT8eNSI/Sng0z9WMIHJQj/Sgqu74M1qafIaV3hyDQlWlrX5wPI0/CoJWRKTUAS
+2LFLNz3rgWgwGZR1LhCXXIr21wjWcZe+GOJ75KCRg+jcP00WOguWREaKX2WvPaUL
+ctY3ZyNl+BJ3h4dg8HeRTxNJDZEFwx8AmyuGxBgTE49wGDePnnE=
+=35zn
 -----END PGP SIGNATURE-----