question: handling arbitrary %rax values

[ddiss]

One question I have after reading your very interesting atc23_slides_yasukata.pdf slide deck: do you have any safeguards in place / planned for detecting syscall() invocations with invalid (arbitrarily large) system call numbers in %rax? If I understand correctly a zpoline-patched program could call into any arbitrary 64-bit address, where (prior to patching) syscall() would have simply returned an error.

[yasukata]

Thank you for your message.

Currently, we do not have the safeguard to detect the cases where %rax has an invalid number, and we do not have a solution to this for the moment.

When we come up with a mitigation, we will update the implementation.