-
-
-
Meltdown maybe but it's just a stupid Intel-specific MMU bug. Spectre, no; it does not even have to cross cpu privilege domains.
-
I interpreted
@csolisr's question as implying physically segregated access, not the equivalent of "airgapped" but essentially enforcing a crude physical segregation right down the middle of the hardware. Please explain how my interpretation makes no sense. I'm out of my depth. -
Spectre (P0's "variant 1") can attacks privilege boundaries that are purely logical/software, which the cpu is not even aware of. There are far more such boundaries than physical cores.
-
Yes you could probably protect the kernel by additional physical isolation, but many valuable attack vectors would remain.
-
And fixed assignment of a whole core to one purpose is a big waste of resources and a big performance bottleneck if you only allow kernel to run on one core.
-
I agree that it would be a very unpleasant trade-off to take the approach described above, pretty much entirely impractical for all but the most specialized edge-cases (or maybe not even marginally practical then).
-
Then again, I wonder if it might becomes somewhat more practical to assign a whole core solely to the kernel for some common use-cases if you end up running a 128-core CPU.
- 1 more reply
New conversation -
-
-
I guess one could prevent speculation of loads and stores past branches but still speculate on ALU ops. i.e. not completely destroy speculative execution. A lot of code speculated after branches can be ops on registers.
-
Absolutely. You can perhaps even do loads whose addresses were knowable before the branch, but NOT loads whose addresses are derived from speculative loads.
-
The Branch Target Buffer also needs to not co-mingle address bits from different protection domains which is another interesting side channel. Essentially attacking the branch predictor hashing algorithm as a side channel.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.