DragonFlyBSD Gets Better Hardened Against CPU Speculative Execution Bugs
While the DragonFlyBSD kernel has already landed its mitigation for Spectre V1/V2 and Meltdown CPU vulnerabilities, a fresh round of CPU bug hardening work was just merged into their kernel.
This latest CPU bug hardening primarily revolves around a rumor that the contents of floating point registers owned by another process could be speculatively detected when they are present for the running process. Intel hasn't communicated clearly over this FP register speculation, so OpenBSD already decided to rework some of their code as a safeguard and now DragonFlyBSD has too.
As part of the latest DragonFly patches is now a machdep.px_fpu_heuristic setting to proactively disable FPU state loading, to enable proactive FPU state loading at all time, or to allow FPU state loading for a specified number of context switches. All the details via this patch.
There is also a second patch to address speculative execution of instructions using data from registered that still contain user-space controlled content. The fix for that patch is clearing all user registers after saving them for syscalls/exceptions/interrupts as well as zeroing out some of them.
This work is currently in the DragonFlyBSD 5.3 series ahead of the DragonFlyBSD 5.4 stable release.
This latest CPU bug hardening primarily revolves around a rumor that the contents of floating point registers owned by another process could be speculatively detected when they are present for the running process. Intel hasn't communicated clearly over this FP register speculation, so OpenBSD already decided to rework some of their code as a safeguard and now DragonFlyBSD has too.
As part of the latest DragonFly patches is now a machdep.px_fpu_heuristic setting to proactively disable FPU state loading, to enable proactive FPU state loading at all time, or to allow FPU state loading for a specified number of context switches. All the details via this patch.
There is also a second patch to address speculative execution of instructions using data from registered that still contain user-space controlled content. The fix for that patch is clearing all user registers after saving them for syscalls/exceptions/interrupts as well as zeroing out some of them.
This work is currently in the DragonFlyBSD 5.3 series ahead of the DragonFlyBSD 5.4 stable release.
1 Comment