kern/58130: missing data-dependent memory prefetch vulnerability mitigations

[campbell+netbsd%mumble.net@localhost]

>Number:         58130
>Category:       kern
>Synopsis:       missing data-dependent memory prefetch vulnerability mitigations
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 09 12:35:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, 8, ...
>Organization:
The NetBSData-dependent Prefetchation
>Environment:
>Description:
Some modern CPUs have data-dependent memory prefetchers (DMP), which try to be clever about traversing linked lists by prefetching at an address loaded into a register if it looks like it might be a pointer.

This can leak secrets, such as crypto keys, through cache-timing side channels.

https://gofetch.fail/

CPU microarchitectures currently known to be affected:

- Apple M2
- Apple M3
- Intel Raptor Lake (13th Generation)
>How-To-Repeat:

>Fix:
Possible mitigations:

- Set the DIT/DOIT bit (data-(operand-)independent timing): https://gnats.NetBSD.org/57230

  Note: It is NOT ENOUGH to set this just around crypto operations.  For example, the DMP will almost certainly apply to the data in copyin/copyout, affecting secret keys passed over pipes between processes.  So, like I recommended in that PR, the DIT/DOIT bit should be set in the kernel (with a sysctl to disable it globally).

- Some CPU-specific bits like this: https://social.treehouse.systems/@marcan/112238385679496096