Hello,

It has recently become clear that IvyBridge isn't getting microcode to
address this issue.

This has caused me to start taking remediation actions for Xen.  It
occurs to me that the same will work for Linux.

For the virt case, hiding the RDRAND CPUID bit will work around the
problem, by not allowing unwitting software to use RDRAND when it might
be snooped upon.

IvyBridge CPUs also support CPUID Faulting (tracked by
X86_FEATURE_CPUID_FAULT), which means the same technique could be
applied to native userspace software.  There is already a PRCTL
(ARCH_SET_CPUID) to do this, which could be extended.

~Andrew