svn commit: r328625 - in head/sys: amd64/amd64 amd64/ia32 amd64/include dev/cpuctl i386/i386 x86/include x86/x86
Shawn Webb
shawn.webb at hardenedbsd.org
Wed Jan 31 15:08:47 UTC 2018
On Wed, Jan 31, 2018 at 02:36:27PM +0000, Konstantin Belousov wrote:
> Author: kib
> Date: Wed Jan 31 14:36:27 2018
> New Revision: 328625
> URL: https://svnweb.freebsd.org/changeset/base/328625
>
> Log:
> IBRS support, AKA Spectre hardware mitigation.
>
> It is coded according to the Intel document 336996-001, reading of the
> patches posted on lkml, and some additional consultations with Intel.
>
> For existing processors, you need a microcode update which adds IBRS
> CPU features, and to manually enable it by setting the tunable/sysctl
> hw.ibrs_disable to 0. Current status can be checked in sysctl
> hw.ibrs_active. The mitigation might be inactive if the CPU feature
> is not patched in, or if CPU reports that IBRS use is not required, by
> IA32_ARCH_CAP_IBRS_ALL bit.
>
> Sponsored by: The FreeBSD Foundation
> MFC after: 1 week
> Differential revision: https://reviews.freebsd.org/D14029
Hey Kostik,
Thank you very much for your work on this. I'm curious why you disable
IBPB for userland.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20180131/4c221c2d/attachment.sig>
More information about the svn-src-all
mailing list