Linus Torvalds writes: (Summary) wrote:
That sounds like it could cause mispredicts, but it doesn't sound _exploitable_. That sounds like it could cause mispredicts, but it doesn't sound _exploitable_. And so apparently SMM clears the return stack too.
apparently SMM clears the return stack too.
... but again, none of them sound even remotely _exploitable_. but again, none of them sound even remotely _exploitable_. And I think patch authors should keep that difference in mind.
that difference in mind.
For example, flushing the BTB at kernel entry doesn't mean that later in-kernel indirect branches don't get predicted, and doesn't even mean that they don't get mis-predicted.
[...]
from get empty, you end up vulnerable.That sounds like it could cause mispredicts, but it doesn't sound _exploitable_. That sounds like it could cause mispredicts, but it doesn't sound _exploitable_. And so apparently SMM clears the return stack too.
apparently SMM clears the return stack too.
... but again, none of them sound even remotely _exploitable_. but again, none of them sound even remotely _exploitable_. And I think patch authors should keep that difference in mind.
that difference in mind.
For example, flushing the BTB at kernel entry doesn't mean that later in-kernel indirect branches don't get predicted, and doesn't even mean that they don't get mis-predicted.
