CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2021/09/04 16:15:33
Modified files:
sys/arch/amd64/amd64: acpi_wakecode.S aes_intel.S copy.S
locore.S mds.S spl.S vector.S
vmm_support.S
sys/arch/amd64/include: asm.h profile.h
Log message:
To mitigate against spectre attacks, AMD processors without the
IBRS feature need an lfence instruction after every near ret. Place
them after all functions in the kernel which are implemented in
assembler. Change the retguard macro so that the end of the lfence
instruction is 16-byte aligned now. This prevents that the ret
instruction is at the end of a 32-byte boundary. The latter would
cause a performance impact on certain Intel processors which have
a microcode update to mitigate the jump conditional code erratum.
See software techniques for managing speculation on AMD processors
revision 9.17.20 mitigation G-5.
See Intel mitigations for jump conditional code erratum revision
1.0 november 2019 2.4 software guidance and optimization methods.
OK deraadt@ mortimer@
