On Thu, Jan 04, 2018 at 04:58:30PM -0500, Mouse wrote: > > As I understand it, on intel cpus and possibly more, we'll need to > > unmap the kernel on userret, or else userland can read arbitrary > > kernel memory. > > "Possibly more"? Anything that does speculative execution needs a good > hard look, and that's damn near everything these days.
I wonder about just "these days". The potential for this kind of problem goes all the way back to STRETCH or the 6600, doesn't it? If they had memory permissions, which I frankly don't know. And even in microprocessors it's got to go back to... the end of the 1980s (R6000?) certainly the 1990s. Though of course "fail early" is an obvious principle to security types, given the cost of aborting work in progress I can easily see the opposite being true for CPU designers (I'm not one, so I don't really know). Which idiom (check permissions, then speculate / speculate, then check permissions) is more common? Thor