| created | 2024-02-06T22:12:51Z |
|---|---|
| begin | 2024-02-03T10:37:26Z |
| end | 2024-02-03T16:21:22Z |
| path | src/sys |
| commits | 1 |
| date | 2024-02-03T16:21:22Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/amd64/amd64/cpu.c | log | diff | annotate |
| src/sys/arch/amd64/amd64/machdep.c | log | diff | annotate | |
| src/sys/arch/amd64/include/cpu.h | log | diff | annotate | |
| message |
Add new amd64-only sysctl machdep.retpoline which says whether the cpu requires retpoline. If 0, we should do everything in our power to avoid pure retpoline (replacing it with a simple thunk where possible), because by it's nature retpoline converts an indirect-branch into a direct branch (push to stack & ret), and therefore it is an IBT (endbr64) bypass method. This sysctl leverages guenther's decision-making logic in the kernel, which already uses codepatch to fix the kernel retpoline thunk. In my opinion, the retpoline-using logic really should be flipped; ROP execution bypassing IBT to re-enter regular control flow is more dangerous than spectre. ok kettenis |
|||