Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

From: David Woodhouse
Date: Fri Jan 26 2018 - 13:28:10 EST


On Fri, 2018-01-26 at 10:12 -0800, Arjan van de Ven wrote:
> On 1/26/2018 10:11 AM, David Woodhouse wrote:
>
> > I am *actively* ignoring Skylake right now. This is about per-SKL
> > userspace even with SMEP, because we think Intel's document lies to us.
>
> if you think we lie to you then I think we're done with the conversation?
>
> Please tell us then what you deploy in AWS for your customers ?
>
> or show us research that shows we lied to you?

As you know well, I mean "we think Intel's document is not correct".Â

The evidence which made us suspect that is fairly clear in the last few
emails in this thread â it's about the BTB/RSB only having the low bits
of the target, which would mean that userspace *can* put malicious
targets into the RSB, regardless of SMEP.

Attachment: smime.p7s
Description: S/MIME cryptographic signature