FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=releng%2F11.2 2019-05-14T23:20:16Z 2019-05-14T23:20:16Z Gordon Tetlow gordon@FreeBSD.org 2019-05-14T23:20:16Z urn:sha1:2b339970bb820e532194281f0c493f2d8048dbec Approved by: so Security: FreeBSD-SA-19:07.mds Security: CVE-2018-12126 Security: CVE-2018-12127 Security: CVE-2018-12130 Security: CVE-2019-11091 2018-05-29T13:54:34Z John Baldwin jhb@FreeBSD.org 2018-05-29T13:54:34Z urn:sha1:a2779864973307b3068dea45dc57ec179157f2f6 Kernel debuggers depend on symbol names to find stack frames with a trapframe rather than a normal stack frame. The labels used for the shared interrupt entry point for the PTI and non-PTI cases did not match the existing patterns confusing debuggers. Add the '.L' prefix to mark these symbols as local so they are not visible in the symbol table. Approved by: re (kib) 2018-05-29T13:24:42Z Konstantin Belousov kib@FreeBSD.org 2018-05-29T13:24:42Z urn:sha1:cd72d1f6e3471b4bc420b3aaae494312e71af429 Enable IBRS when entering an interrupt handler from usermode. Approved by: re (marius) 2018-05-24T13:17:24Z Konstantin Belousov kib@FreeBSD.org 2018-05-24T13:17:24Z urn:sha1:84881e1818a0b0652f41ba66050d261ce2850ec5 Add Intel Spec Store Bypass Disable control. This also includes the i386/include/pcpu.h part of the r334018. Security: CVE-2018-3639 Approved by: re (gjb) 2018-03-29T02:50:57Z Eitan Adler eadler@FreeBSD.org 2018-03-29T02:50:57Z urn:sha1:4ab2e064d7950be84256d671a7ae93f87cc6aa36 This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code. Revert with prejudice. This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes. Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes. Requested by: gjb (re) 2018-03-15T20:40:27Z Kyle Evans kevans@FreeBSD.org 2018-03-15T20:40:27Z urn:sha1:bc41e1f177596139d37e502249cc703b5ebd12f1 2018-03-15T19:31:39Z Kyle Evans kevans@FreeBSD.org 2018-03-15T19:31:39Z urn:sha1:41de0f0777e41865dccfe434437aac07ce5054e4 r322278 (imp): Fail to open efirt device when no EFI on system. libefivar expects opening /dev/efi to indicate if the we can make efi runtime calls. With a null routine, it was always succeeding leading efi_variables_supported() to return the wrong value. Only succeed if we have an efi_runtime table. Also, while I'm hear, out of an abundance of caution, add a likely redundant check to make sure efi_systbl is not NULL before dereferencing it. I know it can't be NULL if efi_cfgtbl is non-NULL, but the compiler doesn't. r324177 (andrew): To prepare for adding EFI runtime services support on arm64 move the machine independent parts of the existing code to a new file that can be shared between amd64 and arm64. Care has been taken to ensure that the MFC of r324177 did not clobber cherry-picked MFC's. 2018-03-14T03:19:51Z Eitan Adler eadler@FreeBSD.org 2018-03-14T03:19:51Z urn:sha1:be5d0b9566b13fdf8cabebb63334cbec12bfc409 These changes are incomplete but are making it difficult to determine what other changes can/should be merged. No objections from: pfg 2018-03-07T20:50:28Z John Baldwin jhb@FreeBSD.org 2018-03-07T20:50:28Z urn:sha1:cad650d8d253b8e83b995bcaeb7a12e0ed3c2af0 Currently most of the debug registers are not saved and restored during VM transitions allowing guest and host debug register values to leak into the opposite context. One result is that hardware watchpoints do not work reliably within a guest under VT-x. Due to differences in SVM and VT-x, slightly different approaches are used. For VT-x: - Enable debug register save/restore for VM entry/exit in the VMCS for DR7 and MSR_DEBUGCTL. - Explicitly save DR0-3,6 of the guest. - Explicitly save DR0-3,6-7, MSR_DEBUGCTL, and the trap flag from %rflags for the host. Note that because DR6 is "software" managed and not stored in the VMCS a kernel debugger which single steps through VM entry could corrupt the guest DR6 (since a single step trap taken after loading the guest DR6 could alter the DR6 register). To avoid this, explicitly disable single-stepping via the trace flag before loading the guest DR6. A determined debugger could still defeat this by setting a breakpoint after the guest DR6 was loaded and then single-stepping. For SVM: - Enable debug register caching in the VMCB for DR6/DR7. - Explicitly save DR0-3 of the guest. - Explicitly save DR0-3,6-7, and MSR_DEBUGCTL for the host. Since SVM saves the guest DR6 in the VMCB, the race with single-stepping described for VT-x does not exist. For both platforms, expose all of the guest DRx values via --get-drX and --set-drX flags to bhyvectl. 2018-02-17T18:00:01Z Konstantin Belousov kib@FreeBSD.org 2018-02-17T18:00:01Z urn:sha1:19435b85e934e0a0f134a72912eeb554d9fea688 328166,328177,328199,328202,328205,328468,328470,328624,328625,328627, 328628,329214,329297,329365: Meltdown mitigation by PTI, PCID optimization of PTI, and kernel use of IBRS for some mitigations of Spectre. Tested by: emaste, Arshan Khanifar <arshankhanifar@gmail.com> Discussed with: jkim Sponsored by: The FreeBSD Foundation