> On Jan 13, 2018, at 1:22 PM, Dave Wade via cctalk <[email protected]>
> wrote:
>
> ...
> It delayed telling the world to allow time for OS providers to apply fixes.
> This is now standard and the delays are defined...
>
> http://abcnews.go.com/Technology/wireStory/intel-fixing-security-vulnerability-chips-52122993
>
> but it looks like in this case it leaked early. Similar bugs affect ARM, AMD
> and PowerPC but nothing from them either. IBM won't tell the world (it will
> tell customers, but I am not a customer) if and how it affects Z.
There are two bugs that are largely unrelated other than the fact they both
start from speculative execution. One is "Meltdown" which is specific to Intel
as far as is known. The other is "Spectre" which is a pretty much unavoidable
side effect of the existence of speculative execution and appears to apply to
multiple architectures. There may be variations; I assume some designs have
much shorter speculation pipelines than others and if so would be less affected.
Meltdown has a software workaround (it could also be fixed in future chips by
changing how speculative loads work, to match what other companies did).
Spectre needs software fixes, possibly along with microcode changes (for
machines that have such a thing). You're likely to hear more when the fixes
are available; it would not make sense to have much discussion before then for
the reason you mentioned at the top.
paul
