CVSROOT: /cvs Module name: src Changes by: kette...@cvs.openbsd.org 2018/01/17 03:22:25
Modified files: sys/arch/arm64/arm64: cpu.c pmap.c trap.c sys/arch/arm64/include: cpu.h Log message: Defend agains branch predictor target injection (Spectre "variant 2") attacks by flushing the branch predictor cache (BTB) on context switches and page faults in kkernel address space. Note that this relies on the presence of firmware (such as Arm Trusted Firmware) that provides PSCI services that flush the BTB on entry as described in Arm Trusted Firmware Security Advisory TFV 6. ok patrick@, visa@