On Fri, Dec 08, 2023 at 10:18:47AM -0800, Kees Cook wrote: > Even if we look at the prerequisites for mounting an attack here, we've > already got things in place to help mitigate arbitrary code execution > (KCFI, BTI, etc). Nothing is perfect, but speculation gadgets are > pretty far down on the list of concerns, IMO. We have no real x86 ROP > defense right now in the kernel, so that's a much lower hanging fruit > for attackers. Supervisor shadow stacks, as they exist today, just can't work on Linux. Should get fixed with FRED, but yeah, this is all somewhat unfortunate. > As another comparison, on x86 there are so many direct execution gadgets > present in middle-of-instruction code patterns that worrying about a > speculation gadget seems silly to me. FineIBT (or even IBT) limits the middle of function gadgets significantly.
