Module Name: src
Committed By: maxv
Date: Sun Feb 4 17:03:21 UTC 2018
Modified Files:
src/sys/arch/amd64/amd64: machdep.c
Log Message:
Add a TODO list for SVS.
To generate a diff of this commit:
cvs rdiff -u -r1.296 -r1.297 src/sys/arch/amd64/amd64/machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.296 src/sys/arch/amd64/amd64/machdep.c:1.297
--- src/sys/arch/amd64/amd64/machdep.c:1.296 Fri Jan 26 14:38:46 2018
+++ src/sys/arch/amd64/amd64/machdep.c Sun Feb 4 17:03:21 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: machdep.c,v 1.296 2018/01/26 14:38:46 maxv Exp $ */
+/* $NetBSD: machdep.c,v 1.297 2018/02/04 17:03:21 maxv Exp $ */
/*
* Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -110,7 +110,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.296 2018/01/26 14:38:46 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.297 2018/02/04 17:03:21 maxv Exp $");
/* #define XENDEBUG_LOW */
@@ -2267,6 +2267,23 @@ mm_md_direct_mapped_phys(paddr_t paddr,
* Remote PCPU Areas [OK]
* Kernel Heap [OK]
* Kernel Image [OK]
+ *
+ * TODO:
+ *
+ * (a) The NMI stack is not double-entered. Therefore if we ever receive
+ * an NMI and leave it, the content of the stack will be visible to
+ * userland (via Meltdown). Normally we never leave NMIs, unless a
+ * privileged user launched PMCs. That's unlikely to happen, our PMC
+ * support is pretty minimal.
+ *
+ * (b) Enable SVS depending on the CPU model, and add a sysctl to disable
+ * it dynamically.
+ *
+ * (c) Narrow down the entry points: hide the 'jmp handler' instructions.
+ * This makes sense on GENERIC_KASLR kernels.
+ *
+ * (d) Right now there is only one global LDT, and that's not compatible
+ * with USER_LDT.
*/
struct svs_utls {
