sephe's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e5aace1) | patch
Kernel - Additional cpu bug hardening part 2/2
authorMatthew Dillon <dillon@apollo.backplane.com>
Mon, 11 Jun 2018 21:30:40 +0000 (14:30 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Mon, 11 Jun 2018 21:37:29 +0000 (14:37 -0700)
commit9474cbef7fcb61cd268019694d94db6a75af7dbe
treee9e08aa0ed105f7cae06f1befc3841658f69e5c8tree | snapshot
parente5aace14a443f92cdfe7f6d36df9f7dc6f86b76bcommit | diff
Kernel - Additional cpu bug hardening part 2/2

* Due to speculative instruction execution, the kernel may
  speculatively execute instructions using data from registers that
  still contain userland-controlled content.

  Reduce the chance of this situation arising by proactively clearing
  all user registers after saving them for syscalls, exceptions, and
  interrupts.  In addition, for system calls, zero-out any
  unrestored registers on-return to avoid leaking kernel data back to
  userland.

* This was discussed over the last few months in various
  OS groups and I've decided to implement it.  After the FP
  debacle, it is prudent to also give general registers similar
  protections.
sys/cpu/x86_64/include/asmacros.h diff | blob | blame | history
sys/platform/pc64/x86_64/exception.S diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.