-
Notifications
You must be signed in to change notification settings - Fork 274
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).
It requires a microcode update, now available on the Intel website. The microcode modifies the behavior of the VERW instruction, and makes it flush internal CPU buffers. We hotpatch the return-to-userland path to add VERW. Two sysctls are added: machdep.mds.mitigated = {0/1} user-settable machdep.mds.method = {string} constructed by the kernel The kernel will automatically enable the mitigation if the updated microcode is present. If the new microcode is not present, the user can load it via cpuctl, and set machdep.mds.mitigated=1.
- Loading branch information
maxv
authored and
maxv
committed
May 14, 2019
1 parent
9df3c93
commit afab82a
Showing
5 changed files
with
299 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.