Alexander Nasonov wrote: > Thinking a bit more about this, I don't think my patch will prevent > data leakage from the kernel because /dev/mem and /dev/kmem are > readable at all securelevels.
There is an important distrinction, though. Code in sys/dev/mm.c can be changed to scramble sensitive pages (e.g. cgd(4) keys) while meltdown is a wild beast and it's nearly impossible to control. -- Alex
