On Tue, Oct 25, 2022 at 12:38:45PM -0700, Pawan Gupta wrote: > > I think the focus should be on finding the source sites, not protecting > > the target sites. Where can an attacker control the register content and > > have an indirect jump/call. > > That is an interesting approach. I am wondering what mitigation can > be applied at source? Limiting the value ranges for example. Or straight up killing the values if they go unused -- like how we clear the registers in entry. > LFENCE before an indirect branch can greatly > reduce the speculation window, but will not completely eliminate it. Depends on the part; there's a whole bunch of parts where LFENCE is sufficient.
