artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 339eb9d) | patch
Enable Indirect Branch Tracking (IBT) for the kernel
authorjsg <jsg@openbsd.org>
Mon, 17 Apr 2023 00:42:04 +0000 (00:42 +0000)
committerjsg <jsg@openbsd.org>
Mon, 17 Apr 2023 00:42:04 +0000 (00:42 +0000)
commit00473b026a1759e3b02b74517c7503a47947ae15
tree6c49c3cebe5130dc4a544fd4c0dec530fa9acd6etree | snapshot
parent339eb9d2beb7531aa8f4faaff8e0cf2f21c7f7f7commit | diff
Enable Indirect Branch Tracking (IBT) for the kernel

endbr64 (f3 0f 1e fa) is placed at valid targets of an indirect jmp or
call.  A nop on older machines.  When IBT is enabled, an indirect jmp or
call with no endbr will trigger a control protection trap.

IBT is present on Intel Tiger Lake (Core gen 11) and later.

with and ok deraadt@
sys/arch/amd64/amd64/cpu.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim