On 01/04/2018 12:03, Eric McCorkle wrote: > You could block meltdown, I suppose, by making the entire > kernel address space absolutely forbidden under penalty of an > uncatchable signal.
Actually, scratch that; it doesn't work. The caches are still affected, and could be measured by another core. I suppose you could attempt to flush them upon killing a process in this way, but you still have a window, so it's only a probabilistic defense. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
