CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/02/03 09:21:22
Modified files:
distrib/special/sysctl: sysctl.c
sys/arch/amd64/amd64: cpu.c machdep.c
sys/arch/amd64/include: cpu.h
Log message:
Add new amd64-only sysctl machdep.retpoline which says whether the cpu
requires retpoline. If 0, we should do everything in our power to avoid
pure retpoline (replacing it with a simple thunk where possible), because
by it's nature retpoline converts an indirect-branch into a direct branch
(push to stack & ret), and therefore it is an IBT (endbr64) bypass method.
This sysctl leverages guenther's decision-making logic in the kernel, which
already uses codepatch to fix the kernel retpoline thunk.
In my opinion, the retpoline-using logic really should be flipped; ROP
execution bypassing IBT to re-enter regular control flow is more dangerous
than spectre.
ok kettenis
