aboutsummaryrefslogtreecommitdiff
path: root/usr.sbin/efibootmgr
diff options
context:
space:
mode:
authorAndrew Turner <andrew@FreeBSD.org>2018-01-12 14:01:38 +0000
committerAndrew Turner <andrew@FreeBSD.org>2018-01-12 14:01:38 +0000
commit7023544aec63e02cbea83be19336f58202b7e21c (patch)
treee40f601e340815a758a497d5de3f62061b3db2a6 /usr.sbin/efibootmgr
parent310f24d72aeb26b224f75e1a405555a91f869486 (diff)
downloadsrc-7023544aec63e02cbea83be19336f58202b7e21c.tar.gz
src-7023544aec63e02cbea83be19336f58202b7e21c.zip
Workaround Spectre Variant 2 on arm64.
We need to handle two cases: 1. One process attacking another process. 2. A process attacking the kernel. For the first case we clear the branch predictor state on context switch between different processes. For the second we do this when taking an instruction abort on a non-userspace address. To clear the branch predictor state a per-CPU function pointer has been added. This is set by the new cpu errata code based on if the CPU is known to be affected. On Cortex-A57, A72, A73, and A75 we call into the PSCI firmware as newer versions of this will clear the branch predictor state for us. It has been reported the ThunderX is unaffected, however the ThunderX2 is vulnerable. The Qualcomm Falkor core is also affected. As FreeBSD doesn't yet run on the ThunderX2 or Falkor no workaround is included for these CPUs. MFC after: 3 days Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D13812
Notes
Notes: svn path=/head/; revision=327876
Diffstat (limited to 'usr.sbin/efibootmgr')
0 files changed, 0 insertions, 0 deletions