Spectre is essentially the failure by cpu designers to realize that an untaken branch is fundamentally a privilege boundary.
Yes you could probably protect the kernel by additional physical isolation, but many valuable attack vectors would remain.
-
-
And fixed assignment of a whole core to one purpose is a big waste of resources and a big performance bottleneck if you only allow kernel to run on one core.
-
I agree that it would be a very unpleasant trade-off to take the approach described above, pretty much entirely impractical for all but the most specialized edge-cases (or maybe not even marginally practical then).
-
Then again, I wonder if it might becomes somewhat more practical to assign a whole core solely to the kernel for some common use-cases if you end up running a 128-core CPU.
-
It's not at all. You just make that 1 core the bottleneck for the whole system.
End of conversation
New conversation -
-
-
Yeah, I have no illusions about the possibility of eliminating all such potential opportunities for exploitation. I was thinking largely of the simple notion of solving the present problem.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.