CVSROOT: /cvs
Module name: src
Changes by: kette...@cvs.openbsd.org 2018/01/17 03:22:25
Modified files:
sys/arch/arm64/arm64: cpu.c pmap.c trap.c
sys/arch/arm64/include: cpu.h
Log message:
Defend agains branch predictor target injection (Spectre "variant 2")
attacks by flushing the branch predictor cache (BTB) on context switches
and page faults in kkernel address space. Note that this relies on the
presence of firmware (such as Arm Trusted Firmware) that provides PSCI
services that flush the BTB on entry as described in Arm Trusted Firmware
Security Advisory TFV 6.
ok patrick@, visa@
