d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys
History
Konstantin Belousov 90e35b0a98 amd64: prevents speculations over swapgs reload of %gs base. 
Such speculations could use user-controlled %gs base, esp. since
FreeBSD supports WRGSBASE instructions.

Place LFENCEs on entry for each basic block after the test for
previous kernel/user mode on the kernel entry, which prevents the
speculation.  Code accesses %gs-based PCPU before any serialization
instructions are executed, like %cr3 reload for KPTI.

With pti disabled, on haswell i7-4770S machine, "syscall_timings getppid"
shows when no lfence is added to syscall path:
test	loop	time	iterations	periteration
getppid	0	1.040918865	4643611	0.000000224
getppid	1	1.004985962	4481816	0.000000224
getppid	2	1.005196483	4482363	0.000000224
with lfence:
getppid	0	1.043701091	4554779	0.000000229
getppid	1	1.016930328	4438094	0.000000229
getppid	2	1.023223117	4466640	0.000000229
and ministat reports 'No difference proven at 95.0% confidence.'

Security:	CVE-2019-1125
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2019-08-06 16:53:25 +00:00
..
amd64
amd64: prevents speculations over swapgs reload of %gs base.
2019-08-06 16:53:25 +00:00
arm
Remove gzip'ed a.out support.
2019-07-30 05:13:16 +00:00
arm64
Enable superpage promotion within the kernel pmap.
2019-08-05 02:44:04 +00:00
bsm
cam
cddl
Allow Kernel to link in both legacy libkern/zlib and new sys/contrib/zlib,
2019-08-01 06:35:33 +00:00
compat
Fix 32-bit build again, post r350570.
2019-08-04 20:00:39 +00:00
conf
Add a driver for Texas Instruments ADS101x/ADS111x i2c ADC chips.
2019-08-05 15:56:44 +00:00
contrib
Resolve ipfilter kld unload issues related to VNET jails.
2019-08-04 12:47:38 +00:00
crypto
ddb
dev
oce(4): potential out of bounds access before vector validation
2019-08-06 13:09:20 +00:00
dts
fs
Try to decrease the number of bugs in unionfs after the VV_TEXT flag removal.
2019-08-01 14:40:37 +00:00
gdb
geom
gnop: style nits
2019-07-31 17:51:06 +00:00
gnu
i386
Don't reset memory attributes when mapping physical addresses for ACPI.
2019-08-03 01:36:05 +00:00
isa
kern
Since r350426 this KASSERT doesn't serve any useful purpose.
2019-08-06 16:11:00 +00:00
kgssapi
libkern
Allow Kernel to link in both legacy libkern/zlib and new sys/contrib/zlib,
2019-08-01 06:35:33 +00:00
mips
modules
Add a driver for Texas Instruments ADS101x/ADS111x i2c ADC chips.
2019-08-05 15:56:44 +00:00
net
Properly validte arguments for route deletion
2019-08-03 14:42:07 +00:00
net80211
netgraph
netinet
Fix a locking issue in sctp_accept.
2019-08-06 10:29:19 +00:00
netinet6
Improve consistency. No functional change.
2019-08-05 13:22:15 +00:00
netipsec
netpfil
pf: zero (another) output buffer in pfioctl
2019-07-31 16:58:09 +00:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed
opencrypto
Allow Kernel to link in both legacy libkern/zlib and new sys/contrib/zlib,
2019-08-01 06:35:33 +00:00
powerpc
Fix build from r350622
2019-08-06 03:49:40 +00:00
riscv
rpc
security
sparc64
sys
proc: introduce the proc_add_orphan function
2019-08-05 20:11:57 +00:00
teken
tests
tools
ufs
When updating the user or group disk quotas for the return of inodes or
2019-07-31 22:44:58 +00:00
vm
Centralize the logic in vfs_vmio_unwire() and sendfile_free_page().
2019-07-29 22:01:28 +00:00
x86
xdr
xen
Makefile