Ronald F. Guilmette wrote this message on Fri, Jan 05, 2018 at 12:17 -0800:
> If the meltdown or spectre (or both) attacks are based on careful analysis
> of timing information, following a memory fault, then why just just introduce
> a very tiny delay, of randomized duration, in the relevant kernel fault
> handler,
> following each such fault?
Randomization only makes it harder, not impossible to detect the timing
impact. You just need to collect more samples to average out the noise.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
