CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	kib <kib@FreeBSD.org>
	Tue, 6 Aug 2019 16:53:25 +0000 (16:53 +0000)
committer	kib <kib@FreeBSD.org>
	Tue, 6 Aug 2019 16:53:25 +0000 (16:53 +0000)
commit	f4038696064b8626020cb176ebd564395b833795
tree	839dc975736e13d35e95ff06bab914c722516200	tree \| snapshot
parent	cf89d38fdf42786f36a0c23ef3e625581b0dde5c	commit \| diff

amd64: prevents speculations over swapgs reload of %gs base.

Such speculations could use user-controlled %gs base, esp. since
FreeBSD supports WRGSBASE instructions.

Place LFENCEs on entry for each basic block after the test for
previous kernel/user mode on the kernel entry, which prevents the
speculation. Code accesses %gs-based PCPU before any serialization
instructions are executed, like %cr3 reload for KPTI.

With pti disabled, on haswell i7-4770S machine, "syscall_timings getppid"
shows when no lfence is added to syscall path:
test loop time iterations periteration
getppid 0 1.040918865 4643611 0.000000224
getppid 1 1.004985962 4481816 0.000000224
getppid 2 1.005196483 4482363 0.000000224
with lfence:
getppid 0 1.043701091 4554779 0.000000229
getppid 1 1.016930328 4438094 0.000000229
getppid 2 1.023223117 4466640 0.000000229
and ministat reports 'No difference proven at 95.0% confidence.'

Security: CVE-2019-1125
Sponsored by: The FreeBSD Foundation
MFC after: 1 week

sys/amd64/amd64/exception.S		diff \| blob \| history
sys/amd64/include/asmacros.h		diff \| blob \| history