Improve defense against branch predictor target injection (Spectre "variant 2")
attacks. OpenBSD/armv7 is already in pretty good shape as we have always
been flushing the branch predictor cache on context switches. This diff adds
additional flushes to page faults in kernel address space. The impact on
performance should be minimal as these page faults should only happen when
userland (deliberately or accidentally) tries to access kernel addres space
which would lead to a fatal signal (SIGSEGV or SIGBUS).
Loosely based on changes made by Marc Zyngier in Linux and based on
information in Arm Trusted Firmware Security Advisory TFV 6.
Note that for Cortex-A15 (and Cortex-A72) you will need firmware that sets
the ACTRL[0] bit for this diff to be effective. Also note that with this
diff Cortex-A57 is still vulnerable.
ok jsg@
projects / openbsd / commit