From 817d1adc7a194082259bcd86f757f7ce48b9ad75 Mon Sep 17 00:00:00 2001 From: Ian Moffett Date: Fri, 20 Dec 2024 04:04:04 -0500 Subject: kernel/amd64: proc: Protect SWAPGS with LFENCE Ensure all loads preceding SWAPGS are serialized using LFENCE. This mitigates the possibility of SWAPGS being speculatively bypassed which would lead to security issues. Signed-off-by: Ian Moffett --- sys/arch/amd64/amd64/proc_machdep.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/arch/amd64/amd64/proc_machdep.c b/sys/arch/amd64/amd64/proc_machdep.c index cb337fb..596f661 100644 --- a/sys/arch/amd64/amd64/proc_machdep.c +++ b/sys/arch/amd64/amd64/proc_machdep.c @@ -134,6 +134,7 @@ md_td_kick(struct proc *td) "pushf\n" "push %2\n" "push %3\n" + "lfence\n" "swapgs\n" "iretq" : -- cgit v1.2.3