Hi! > This is a fix for Variant 2 in > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > Any speculative indirect calls in the kernel can be tricked > to execute any kernel code, which may allow side channel > attacks that can leak arbitrary kernel data.
Ok.
> So we want to avoid speculative indirect calls in the kernel.
>
> There's a special code sequence called a retpoline that can
> do indirect calls without speculation. We use a new compiler
> option -mindirect-branch=thunk-extern (gcc patch will be released
> separately) to recompile the kernel with this new sequence.
So... this "retpoline" code is quite tricky; I guess it does the right
on recent Intel CPUs. Does it also do the right thing on all the AMD,
Cyrix, ... variants?
Is it neccessary on all the CPUs? I guess 486 does not need this?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
