Solar Designer

> No, I've used Gentoo's `gcc-14.2.1_p20241221` for the most recent test. I couldn't reproduce this issue with Arch's `gcc 14.2.1+r753+g1cd744a6828f-1` (and LKRG slightly hacked so that it wouldn't bump into...

I prepared a workaround for this issue in #380, please feel free to test and let us all know if it helps - it really should, but ideally we'd figure...

The workaround PR is now merged, so please just test the latest `main`.

@ajakk @poisonflood Please try on top of latest from `main` branch here: ```diff +++ b/src/modules/integrity_timer/verify_kprobes/p_verify_kprobes.c @@ -20,7 +20,7 @@ static struct lkrg_probe p_lkrg_dummy_probe; #ifdef __clang__ -__attribute__((optnone)) +__attribute__ ((noduplicate)) __attribute__((optnone)) #else...

@ajakk @poisonflood Any chance you'd try the addition of `__attribute__ ((noduplicate))` today? Thanks!

I guess you mean the subset of CPU microarch side-channel attacks (mostly info leaks) that are only (or easier) exploitable with simultaneous multi-threading (SMT) aka hyperthreading (HT). LKRG currently does...

> 3\. Provide APIs for programs / threads / critical sections to opt-in to such protection, although (especially) this item is more fitting for upstream kernel than a downstream kernel...

This may have been a good idea (or not), but it became moot with 6.13/6.14+ dropping hook-able `override/revert_creds`, so we may want to find a whole different approach now, but...

Closing as per the previous comment (can't do this for 6.13/6.14+ anyway).

Per #418, maybe this idea or something like it still has merit for kernels 6.10 to 6.12.y inclusive. @kerneltoast