CVSROOT: /cvs Module name: src Changes by: [email protected] 2023/04/16 18:42:04
Modified files:
sys/arch/amd64/amd64: cpu.c
Log message:
Enable Indirect Branch Tracking (IBT) for the kernel
endbr64 (f3 0f 1e fa) is placed at valid targets of an indirect jmp or
call. A nop on older machines. When IBT is enabled, an indirect jmp or
call with no endbr will trigger a control protection trap.
IBT is present on Intel Tiger Lake (Core gen 11) and later.
with and ok deraadt@
