> On 4 Jan, 2018, at 10:28 pm, dpr...@deepplum.com wrote: > > The really core issue with Meltdown at the highest level is that the kernel > is addressable from userspace, except for the "privilege level" in the page > table entries. That's a couple of bits between userspace and data that > userspace isn't supposed to ever see. And those bits are ignored during > specutlative execution's memory accesses.
...on Intel CPUs since Nehalem and Silvermont, and on a very small number of ARM's highest-performance cores (which you're unlikely to find in CPE). But not on most ARM cores, nor on AMD CPUs. These all do their security checks more promptly, so the rogue data never reaches either a shadow register nor an execution unit, even under speculative execution. The conceptually simplest mitigation turns out to be switching off branch prediction. - Jonathan Morton _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel
