SLAM: a new Spectre technique

Many processor vendors provide a mechanism to allow some bits of a pointervalue to be used to store unrelated data; these include Intel's linear address masking (LAM), AMD's upper address ignore, and Arm's top-byteignore. A set of researchers has now come up with a way (thatthey call "SLAM") to use those features to bypass many checks on pointervalidity, opening up a new set of Spectre attacks.

In response to SLAM, Intel made plans to provide software guidanceprior to the future release of Intel processors which support LAM(e.g., deploying LAM jointly with LASS). Linux engineers developedpatches to disable LAM by default until further guidance isavailable. ARM published an advisory to provide guidance on futureTBI-enabled CPUs. AMD did not implement guidance updates andpointed to existing Spectre v2 mitigations to address the SLAMexploit described in the paper.

See the fullpaper for the details.