On Mon, Oct 19, 2020 at 05:31:06PM -0400, Arvind Sankar wrote: > Is it possible to take advantage of this to make the check independent > of the original page tables? i.e. switch to the new pagetables, then > write into .data or .bss the opcodes for a function that does > movabs $imm64, %rax > jmp *%rdi // avoid using stack for the return > filling in the imm64 with the RDRAND value, and then try to execute it. > If the C-bit value is wrong, this will probably crash, and at any rate > shouldn't return with the correct value in %rax.
That could work, but is not reliable. When the C bit is wrong the CPU would essentially execute random data, which could also be a valid instruction stream. A crash is not guaranteed. Regards, Joerg