* Andi Kleen <[email protected]> wrote:
> > - There's various conditional pieces of entry code that run before any
> > RBP-clobbering C function is called. While none of them has an
> > exploitable
> > Spectre 'gadget' at the moment, we'd have to consider this for every
> > future
> > change.
>
> The Frame Pointer is always set up in assembler too, just in another macro.
As I replied to Andy, that's not universally true: there are code paths where
RBP
is not set before calling C code or going into the more complex parts of the
kernel entry code.
This RBP value leak in fact demonstrates the validity of my robustness argument:
> > I.e. we cannot universally rely on RBP being sanitized. In _practice_ it
> > will be sanitized, but we don't know for sure without expending quite
> > some
> > effort to think through all the cases.
Thanks,
Ingo
