> So I was really hoping that in places like context switching etc, we'd > be able to instead effectively kill off any exploits by clearing > registers. > > That should make it pretty damn hard to then find a matching "gadget" > that actually does anything interesting/powerful. > > Together with Spectre already being pretty hard to take advantage of, > and the eBPF people making those user-proivided gadgets inaccessible, > it really should be a pretty powerful fix. > > Hmm?
Essentially the RSB are hidden registers, and the only way to clear them is the FILL_RETURN_BUFFER sequence. I don't see how clearing anything else would help? -Andi
