On Jan 5, 2018, at 8:52 AM, <paul.kon...@dell.com> <paul.kon...@dell.com> wrote: > so the illegal read is also speculative, and is voided (exception > and all) when the wrong branch prediction is sorted out. But it > looks like the paper is saying that refinement has not been > demonstrated, though such branch prediction hacks have been shown > in other exploits. Still, if that can be done, a test for > "SEGV too often" is no help.
Actually, the javascript exploit works exactly in this way. Sigh.
