[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-cvs
Subject: CVS: cvs.openbsd.org: src
From: Philip Guenther <guenther () cvs ! openbsd ! org>
Date: 2023-07-31 3:59:48
Message-ID: 0808c6599cfbcaee () cvs ! openbsd ! org
[Download RAW message or body]
CVSROOT: /cvs
Module name: src
Changes by: guenther@cvs.openbsd.org 2023/07/30 22:01:07
Modified files:
sys/arch/amd64/amd64: cpu.c locore.S vector.S
sys/arch/amd64/conf: Makefile.amd64
sys/arch/amd64/include: codepatch.h
Log message:
On CPUs with eIBRS ("enhanced Indirect Branch Restricted Speculation")
or IBT enabled the kernel, the hardware should the attacks which
retpolines were created to prevent. In those cases, retpolines
should be a net negative for security as they are an indirect branch
gadget. They're also slower.
* use -mretpoline-external-thunk to give us control of the code
used for indirect branches
* default to using a retpoline as before, but marks it and the
other ASM kernel retpolines for code patching
* if the CPU has eIBRS, then enable it
* if the CPU has eIBRS *or* IBT, then codepatch the three different
retpolines to just indirect jumps
make clean && make config required after this
ok kettenis@
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic