CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/23 05:45:54
Modified files:
sys/arch/arm64/arm64: autoconf.c cpu.c cpufunc_asm.S locore.S
locore0.S
sys/arch/arm64/conf: files.arm64 kern.ldscript
Added files:
sys/arch/arm64/arm64: codepatch.c
sys/arch/arm64/include: codepatch.h
Log message:
Address CVE-2025-10263. This requires doing the TLB invalidation twice.
However, this has a considerable cost on some CPU cores (such as Apple's
M1/M2 and Qualcomm Snapdragon X) that aren't vulnerable. So bring over
the code patching infrastructure from amd64 and use it to NOP out the
additional TLB invalidation on CPUs that aren't vulnerable.
This also addresses errata on some older ARM CPU cores (that are
classified as unlikely to happen) on some cores that aren't vulnerable to
this particular CVE.
ok jca@, deraadt@
