OpenBSD Gets Mitigated For Meltdown CPU Vulnerability

A few days back FreeBSD 11 stable was mitigated for Meltdown (and Spectre vulnerabilities), which came more than one month after these nasty CPU vulnerabilities were disclosed while DragonFlyBSD was quickly mitigated and the first of the BSDs to do so. While OpenBSD is known for its security features and focus, only today did it land its initial Meltdown mitigation.

Hitting the OpenBSD tree today by developer Philip Guenther is user and kernel page table separation for mitigating the Meltdown vulnerability. From the commit message:

When a syscall, trap, or interrupt takes a CPU from userspace to kernel the trampoline code switches page tables, switches stacks to the thread's real kernel stack, then copies over the necessary bits from the trampoline stack. On return to userspace the opposite occurs: recreate the iretq frame on the trampoline stack, switch stack, switch page tables, and return to userspace.

mlarkin@ implemented the pmap bits and did 90% of the debugging, diagnosing issues on MP in particular, and drove the final push to completion. Many rounds of testing by naddy@, sthen@, and others Thanks to Alex Wilson from Joyent for early discussions about trampolines and their data requirements. Per-CPU page layout mostly inspired by DragonFlyBSD.

In part why it's taken considerable amount of time for Meltdown and Spectre fixes to land for the BSDs is that most (all?) of them were not under the embargoed information about these CPU vulnerabilities so while Linux kernel developers were working on them since last year, the BSD work only got started in January.