Module Name: src
Committed By: maxv
Date: Thu Aug 31 10:30:58 UTC 2017
Modified Files:
src/sys/arch/amd64/amd64: amd64_trap.S locore.S
Log Message:
Add a layer of mitigation against the intel sysret vuln: restore %gs when
sysretq faults. Right now we try to make sure that %rip is canonical by
performing sanity checks in several places, but I've already found missing
checks two times already, and there may be others.
By performing an additional swapgs here, we are turning ring0 exploits to
simple DoSes - which are still security bugs, but of a lower impact.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/amd64/amd64/amd64_trap.S
cvs rdiff -u -r1.127 -r1.128 src/sys/arch/amd64/amd64/locore.S
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
