CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2021/09/04 16:15:33
Modified files: sys/arch/amd64/amd64: acpi_wakecode.S aes_intel.S copy.S locore.S mds.S spl.S vector.S vmm_support.S sys/arch/amd64/include: asm.h profile.h Log message: To mitigate against spectre attacks, AMD processors without the IBRS feature need an lfence instruction after every near ret. Place them after all functions in the kernel which are implemented in assembler. Change the retguard macro so that the end of the lfence instruction is 16-byte aligned now. This prevents that the ret instruction is at the end of a 32-byte boundary. The latter would cause a performance impact on certain Intel processors which have a microcode update to mitigate the jump conditional code erratum. See software techniques for managing speculation on AMD processors revision 9.17.20 mitigation G-5. See Intel mitigations for jump conditional code erratum revision 1.0 november 2019 2.4 software guidance and optimization methods. OK deraadt@ mortimer@