CVSROOT: /cvs Module name: src Changes by: guent...@cvs.openbsd.org 2024/02/11 18:18:18
Modified files: sys/arch/amd64/amd64: cpu.c genassym.cf locore.S vector.S vmm_machdep.c sys/arch/amd64/include: codepatch.h cpu.h Log message: Retpolines are an anti-pattern for IBT, so we need to shift protecting userspace from cross-process BTI to the kernel. Have each CPU track the last pmap run on in userspace and the last vmm VCPU in guest-mode and use the IBPB msr to flush predictors right before running in userspace on a different pmap or entering guest-mode on a different VCPU. Codepatch-nop the userspace bits and conditionalize the vmm bits to keep working if IBPB isn't supported. ok deraadt@ kettenis@