artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d108608) | patch
Use VERW to mitigate the RFDS (Register File Data Sampling) vulnerability
authorguenther <guenther@openbsd.org>
Sun, 17 Mar 2024 05:49:41 +0000 (05:49 +0000)
committerguenther <guenther@openbsd.org>
Sun, 17 Mar 2024 05:49:41 +0000 (05:49 +0000)
commit6651c3e51fb0bb3de19705bcb5b10d37f0e68f5d
tree1811839143782ca1c9e02665677254b85566cd41tree | snapshot
parentd108608d837eebccc694d7bcf8565aa4c7afe8d1commit | diff
Use VERW to mitigate the RFDS (Register File Data Sampling) vulnerability
present in Intel Atom CPUs, reordering some ASM in return-to-userspace and
start/resume-vmx-guest to reduce the number of kernel values still live in
registers when VERW is used.  This mitigation requires updated firmware which
has affected CPUs report RFDS_CLEAR in dmesg.

Firmware packaging by jsg@ and sthen@
Logic for interpreting intel's flags by jsg@ after lots of discussion
   between him, deraadt@, and I
ok deraadt@
sys/arch/amd64/amd64/cpu.c diff | blob | history
sys/arch/amd64/amd64/identcpu.c diff | blob | history
sys/arch/amd64/amd64/locore.S diff | blob | history
sys/arch/amd64/amd64/vmm_support.S diff | blob | history
sys/arch/amd64/include/specialreg.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim