patch out kernel retpoline (
from tedu to openbsd on 07 Aug 2023 18:44

Changes by:

On CPUs with eIBRS ("enhanced Indirect Branch Restricted Speculation") or IBT enabled the kernel, the hardware should (not have) the attacks which retpolines were created to prevent. In those cases, retpolines should be a net negative for security as they are an indirect branch gadget. They're also slower.


#openbsd #security

threaded - newest