CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/02/11 18:18:18
Modified files:
sys/arch/amd64/amd64: cpu.c genassym.cf locore.S vector.S
vmm_machdep.c
sys/arch/amd64/include: codepatch.h cpu.h
Log message:
Retpolines are an anti-pattern for IBT, so we need to shift protecting
userspace from cross-process BTI to the kernel. Have each CPU track
the last pmap run on in userspace and the last vmm VCPU in guest-mode
and use the IBPB msr to flush predictors right before running in
userspace on a different pmap or entering guest-mode on a different
VCPU. Codepatch-nop the userspace bits and conditionalize the vmm
bits to keep working if IBPB isn't supported.
ok deraadt@ kettenis@
