058ce8c21c
are added:
machdep.spectre_v4.mitigated = {0/1} user-settable
machdep.spectre_v4.affected = {0/1} set by the kernel
The mitigation is not enabled by default yet. It is not tested either,
because no microcode update has been published yet.
On current CPUs a microcode/bios update must be applied for SSBD to be
available. The user can then set mitigated=1. Even with an update applied
the kernel will set affected=1.
On future CPUs, where the problem will presumably be fixed by default,
the CPU will report SSB_NO, and the kernel will set affected=0. In this
case we also have mitigated=0, but the mitigation is not needed.
For now the feature is system-wide. Perhaps we will want a more
fine-grained, per-process approach in the future.