In the current implementation of the TAA mitigation if the cpuid_level
is 6 and it's an Intel CPU, the sefflags_edx variable is used without
being initialized. If the SEFF0EDX_ARCH_CAP bit is accidentally flipped
in it, the rdmsr on the unimplemented MSR_ARCH_CAPABILITIES index leads
to a #GP fault.
This change initializes the sefflags_edx variable to 0 which is
consistent with the MSR_ARCH_CAPABILITIES being unavailable.
---
sys/arch/amd64/amd64/cpu.c | 2 +-
sys/arch/i386/i386/cpu.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
index 48ab6b5e7f3..f9beff0d5e3 100644
--- a/sys/arch/amd64/amd64/cpu.c
+++ b/sys/arch/amd64/amd64/cpu.c
@@ -1164,7 +1164,7 @@ void
cpu_tsx_disable(struct cpu_info *ci)
{
uint64_t msr;
- uint32_t dummy, sefflags_edx;
+ uint32_t dummy, sefflags_edx = 0;
/* this runs before identifycpu() populates ci_feature_sefflags_edx */
if (cpuid_level >= 0x07)
diff --git a/sys/arch/i386/i386/cpu.c b/sys/arch/i386/i386/cpu.c
index b31a431c594..76f1b65bede 100644
--- a/sys/arch/i386/i386/cpu.c
+++ b/sys/arch/i386/i386/cpu.c
@@ -473,7 +473,7 @@ void
cpu_tsx_disable(struct cpu_info *ci)
{
uint64_t msr;
- uint32_t dummy, sefflags_edx;
+ uint32_t dummy, sefflags_edx = 0;
/* this runs before identifycpu() populates ci_feature_sefflags_edx */
if (cpuid_level >= 0x07)
--
2.25.0.341.g760bfbb309-goog
