Diffusion FreeBSD src repository - subversion rS361302

amd64: Add a knob to flush RSB on context switches if machine has SMEP.
rS361302
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

amd64: Add a knob to flush RSB on context switches if machine has SMEP.

The flush is needed to prevent cross-process ret2spec, which is not handled
on kernel entry if IBPB is enabled but SMEP is present.
While there, add i386 RSB flush.

Reported by: Anthony Steinhauser <asteinhauser@google.com>
Reviewed by: markj, Anthony Steinhauser
Discussed with: philip
admbugs: 961
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

Details

Provenance

kib	Authored on

Parents

rS361301: MFC r349577 (arichardson): Allow bootstrapping elftoolchain on MacOS and Linux

Branches

Unknown

Tags

Unknown

Event Timeline

kib committed rS361302: amd64: Add a knob to flush RSB on context switches if machine has SMEP..May 20 2020, 10:00 PM

Changes (7)

Path

Size

head/

share/

man/

man7/

sys/

amd64/

amd64/

i386/

i386/

x86/

include/

x86/

rS361302

head/share/man/man7/security.7

Loading...

head/sys/amd64/amd64/cpu_switch.S

Loading...

head/sys/amd64/amd64/initcpu.c

Loading...

head/sys/amd64/amd64/support.S

Loading...

head/sys/i386/i386/support.s

Loading...

head/sys/x86/include/x86_var.h

Loading...

head/sys/x86/x86/cpu_machdep.c

Loading...