Fix for L1TF issue in Intel CPUs committed

Theo de Raadt (deraadt@) hascommitteda diff to mitigate the"Intel L1TF screwup" for the amd64 platform we reported on earlier:

From: Theo de Raadt (elided)Date: Tue, 21 Aug 2018 13:04:41 -0600 (MDT)To: source-changes@openbsd.orgSubject: CVS: cvs.openbsd.org: srcCVSROOT: /cvsModule name: srcChanges by: deraadt@cvs.openbsd.org 2018/08/21 13:04:41Modified files: sys/arch/amd64/amd64: identcpu.c vmm.c vmm_support.S sys/arch/amd64/include: cpu.h specialreg.h vmmvar.h Log message:Perform mitigations for Intel L1TF screwup. There are three options:(1) Future cpus which don't have the bug, (2) cpu's with microcodecontaining a L1D flush operation, (3) stuffing the L1D cache with freshdata and expiring old content. This stuffing loop is complicated andinteresting, no details on the mitigation have been released by Intel soMike and I studied other systems for inspiration. Replacement algorithmfor the L1D is described in the tlbleed paper. We use a 64K PA-linearregion filled with trapsleds (in case there is L1D->L1I data movement).The TLBs covering the region are loaded first, because TLB loadingapparently flows through the D cache. Before performing vmlaunch orvmresume, the cachelines covering the guest registers are also flushed.with mlarkin, additional testing by pd, handy comments from thekettenis and guenther peanuts

Now we wait for further discoveries"