cpu_speculation_barrier kernel service

Purpose

Provides protection against speculative execution side-channel attacks.

Syntax

#include <sys/processor.h>

void cpu_speculation_barrier ( void )

Description

The cpu_speculation_barrier kernel service provides kernel extensions with processor-model-dependent mitigation against known speculative-execution vulnerabilities. The cpu_speculation_barrier kernel service can be used to protect against side-channel attacks within the kernel environment. Kernel extensions should be carefully vetted when the cpu_speculation_barrier kernel service is used.

Note: Kernel performance might reduce when the cpu_speculation_barrier kernel service is used.

The cpu_speculation_barrier kernel service must be called before storage is accessed by using addresses that are computed from an untrusted source. Therefore, only kernel extensions that reference user-mode data directly without using cross-privilege domain access services, such as the copyin service, can use the cpu_speculation_barrier kernel service.

Execution Environment

The cpu_speculation_barrier kernel service can be called from either the process environment or the interrupt environment.

Example

The following example shows an ioctl device driver handler that directly references user-mode data:

int
dd_ioctl(dev_t devno, int cmd, void *arg, ulong devflag, chan_t chan, int ext)
{
	int		 index;
	char		 val;
	vector_t	*uvec = NULL;
	extern int	 max_kdata_index;
	extern char	 kdata[];

	if (cmd == 0xC1C2) {
		/* Select kernel data from user input */
		uvec = (vector_t *)arg;
		index = uvec->index;

		if (index < max_kdata_index) {
			cpu_speculation_barrier();
			val = kdata[index];
			uvec->data[val]++;
		}
	}
}

Return Values

The cpu_speculation_barrier kernel service does not return any value.