git: DragonFly_RELEASE_5_2 Kernel - Additional cpu bug hardening part 2/2

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Jun 13 21:09:06 PDT 2018


commit 0e020d144065f655fad85c2916071045f43d1653
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Mon Jun 11 14:30:40 2018 -0700

    Kernel - Additional cpu bug hardening part 2/2
    
    * Due to speculative instruction execution, the kernel may
      speculatively execute instructions using data from registers that
      still contain userland-controlled content.
    
      Reduce the chance of this situation arising by proactively clearing
      all user registers after saving them for syscalls, exceptions, and
      interrupts.  In addition, for system calls, zero-out any
      unrestored registers on-return to avoid leaking kernel data back to
      userland.
    
    * This was discussed over the last few months in various
      OS groups and I've decided to implement it.  After the FP
      debacle, it is prudent to also give general registers similar
      protections.

Summary of changes:
 sys/cpu/x86_64/include/asmacros.h    | 19 ++++++++++++++++++-
 sys/platform/pc64/x86_64/exception.S | 32 +++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 2 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/0e020d144065f655fad85c2916071045f43d1653


-- 
DragonFly BSD source repository



More information about the Commits mailing list