summaryrefslogtreecommitdiff
path: root/sys/arch/amd64/amd64
diff options
context:
space:
mode:
authorIan Moffett <ian@osmora.org>2024-12-20 04:04:04 -0500
committerIan Moffett <ian@osmora.org>2024-12-20 04:09:48 -0500
commit817d1adc7a194082259bcd86f757f7ce48b9ad75 (patch)
tree47f16d6bdf9ca919f59eb010e485517b87e4a9a8 /sys/arch/amd64/amd64
parent6695df157d714567f938170c0bdcae5e4dcb1695 (diff)
kernel/amd64: proc: Protect SWAPGS with LFENCEmainexpt
Ensure all loads preceding SWAPGS are serialized using LFENCE. This mitigates the possibility of SWAPGS being speculatively bypassed which would lead to security issues. Signed-off-by: Ian Moffett <ian@osmora.org>
Diffstat (limited to 'sys/arch/amd64/amd64')
-rw-r--r--sys/arch/amd64/amd64/proc_machdep.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/arch/amd64/amd64/proc_machdep.c b/sys/arch/amd64/amd64/proc_machdep.c
index cb337fb..596f661 100644
--- a/sys/arch/amd64/amd64/proc_machdep.c
+++ b/sys/arch/amd64/amd64/proc_machdep.c
@@ -134,6 +134,7 @@ md_td_kick(struct proc *td)
"pushf\n"
"push %2\n"
"push %3\n"
+ "lfence\n"
"swapgs\n"
"iretq"
: