Re: [tip:x86/pti] x86/retpoline: Fill RSB on context switch for affected CPUs
From: Kees Cook
Date: Mon Jan 15 2018 - 15:03:55 EST
On Mon, Jan 15, 2018 at 6:42 AM, Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> wrote:
>>
>> This would means that userspace would see return predictions based
>> on the values the kernel 'stuffed' into the RSB to fill it.
>>
>> Potentially this leaks a kernel address to userspace.
>
>
> KASLR pretty much died in May this year to be honest with the KAISER paper
> (if not before then)
KASLR was always on shaky ground for local attacks. For pure remote
attacks, it's still useful. And for driving forward research, it
appears to be quite useful. ;)
-Kees
--
Kees Cook
Pixel Security