Contributed by rueda on from the cheap, fast, reliable: pick any tw^H^H - oh, crap! dept.
There have been more developments in the continuing work mitigating against (Intel®, and potentially other) CPU vulnerabilities…
Philip Guenther (guenther@) committed the following:
CVSROOT: /cvs Module name: src Changes by: guenther@cvs.openbsd.org 2018/06/14 13:57:29 Modified files: sys/arch/amd64/include: frameasm.h sys/arch/amd64/amd64: locore.S vector.S Log message: Clear the GPRs when entering the kernel from userspace so that user-controlled values can't take part in speculative execution in the kernel down paths that end up "not taken" but that may cause user-visible effects (cache, etc). prodded by dragonflybsd commit 9474cbef7fcb61cd268019694d94db6a75af7dbe ok deraadt@ kettenis@
(DragonFly BSD
gained FPU protection,
and enabled NX for PROT_READ
by default, too.)
A message to tech@ from Theo de Raadt (deraadt@) included:
ps. Disable Intel Hyper-Threading where not needed, until we all know more.
(Comments are closed)