Hi again Linus, Alexei, On Tue, Jan 09, 2018 at 10:21:29AM +0000, Will Deacon wrote: > On Mon, Jan 08, 2018 at 10:49:01AM -0800, Linus Torvalds wrote: > > In this particular case, we should be very much aware of future CPU's > > being more _constrained_, because CPU vendors had better start taking > > this thing into account. > > > > So the masking approach is FUNDAMENTALLY SAFER than the "let's try to > > limit control speculation". > > > > If somebody can point to a CPU that actually speculates across an > > address masking operation, I will be very surprised. And unless you > > can point to that, then stop trying to dismiss the masking approach. > > Whilst I agree with your comments about future CPUs, this stuff is further > out of academia than you might think. We're definitely erring on the > belt-and-braces side of things at the moment, so let me go check what's > *actually* been built and I suspect we'll be able to make the masking work. > > Stay tuned...
I can happily confirm that there aren't any (ARM architecture) CPUs where the masking approach is not sufficient, so there's no need to worry about value speculation breaking this. Will
