Spectre is essentially the failure by cpu designers to realize that an untaken branch is fundamentally a privilege boundary.
Spectre (P0's "variant 1") can attacks privilege boundaries that are purely logical/software, which the cpu is not even aware of. There are far more such boundaries than physical cores.
-
-
Yes you could probably protect the kernel by additional physical isolation, but many valuable attack vectors would remain.
-
And fixed assignment of a whole core to one purpose is a big waste of resources and a big performance bottleneck if you only allow kernel to run on one core.
-
I agree that it would be a very unpleasant trade-off to take the approach described above, pretty much entirely impractical for all but the most specialized edge-cases (or maybe not even marginally practical then).
-
Then again, I wonder if it might becomes somewhat more practical to assign a whole core solely to the kernel for some common use-cases if you end up running a 128-core CPU.
-
It's not at all. You just make that 1 core the bottleneck for the whole system.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.