On Sat, 6 Jan 2018, Alexei Starovoitov wrote: > which clearly states that bpf_tail_call() was used in the attack. > Yet none of the intel nor arm patches address speculation in > this bpf helper! > It means that: > - gpz didn't share neither exploit nor the detailed description > of the POC with cpu vendors until now > - coverity rules used to find all these places in the kernel > failed to find bpf_tail_call > - cpu vendors were speculating what variant 1 can actually do You forgot to mention that there might be other attacks than the public POC which are not covered by a simple AND .... Thanks, tglx
