On 9/30/20 7:01 AM, Jarkko Sakkinen wrote: > The user handler, which can be optionally used to handle enclave > exceptions, is always the same global handler provided by the SGX > runtime, who wants to use such a handler instead returning on exception. > > Thus, there is no any non-deterministic branch prediction happening. > The code path is always the same and never change. Obviously, you could > change it all the time purposely but for any sane real-world use that > would not make any sense. The fundamental problem mitigated by retpolines is that indirect branch instructions themselves are non-deterministic (speculatively). This: > + call *%rax is an indirect branch instruction. That leaves me a bit confused since the changelog doesn't really match the code. Do we care about mitigating Spectre-v2-style attacks for the VDSO's indirect calls?
