diff options
author | gordon <gordon@FreeBSD.org> | 2018-03-14 04:00:00 +0000 |
---|---|---|
committer | gordon <gordon@FreeBSD.org> | 2018-03-14 04:00:00 +0000 |
commit | 312f06f761f7362e153ed5a1a9c49e17294e52b5 (patch) | |
tree | 272e75bf0fc1b0ab9b02a0f2f034e207b04d82f3 /sys/amd64/amd64/cpu_switch.S | |
parent | c69c8ae8053b66933da68a1f410f78dda1300dd7 (diff) | |
download | FreeBSD-src-312f06f761f7362e153ed5a1a9c49e17294e52b5.zip FreeBSD-src-312f06f761f7362e153ed5a1a9c49e17294e52b5.tar.gz |
Add mitigations for two classes of speculative execution vulnerabilities
on amd64. [FreeBSD-SA-18:03.speculative_execution]
Approved by: so
Security: FreeBSD-SA-18:03.speculative_execution
Security: CVE-2017-5715
Security: CVE-2017-5754
Diffstat (limited to 'sys/amd64/amd64/cpu_switch.S')
-rw-r--r-- | sys/amd64/amd64/cpu_switch.S | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/sys/amd64/amd64/cpu_switch.S b/sys/amd64/amd64/cpu_switch.S index 64a3485..ff47afb 100644 --- a/sys/amd64/amd64/cpu_switch.S +++ b/sys/amd64/amd64/cpu_switch.S @@ -191,9 +191,11 @@ do_kthread: done_tss: movq %r8,PCPU(RSP0) movq %r8,PCPU(CURPCB) - /* Update the TSS_RSP0 pointer for the next interrupt */ + /* Update the COMMON_TSS_RSP0 pointer for the next interrupt */ + cmpb $0,pti(%rip) + jne 1f movq %r8,COMMON_TSS_RSP0(%rdx) - movq %r12,PCPU(CURTHREAD) /* into next thread */ +1: movq %r12,PCPU(CURTHREAD) /* into next thread */ /* Test if debug registers should be restored. */ testl $PCB_DBREGS,PCB_FLAGS(%r8) @@ -270,7 +272,12 @@ do_tss: movq %rdx,PCPU(TSSP) shrq $8,%rcx movl %ecx,8(%rax) movb $0x89,5(%rax) /* unset busy */ - movl $TSSSEL,%eax + cmpb $0,pti(%rip) + je 1f + movq PCPU(PRVSPACE),%rax + addq $PC_PTI_STACK+PC_PTI_STACK_SZ*8,%rax + movq %rax,COMMON_TSS_RSP0(%rdx) +1: movl $TSSSEL,%eax ltr %ax jmp done_tss |