Spectre is essentially the failure by cpu designers to realize that an untaken branch is fundamentally a privilege boundary.
-
-
Replying to @RichFelker @hammercog
Could
#Spectre /#Meltdown have been prevented by reserving a physical core and physical RAM to perform privileged tasks only?2 replies 0 retweets 0 likes -
Replying to @csolisr @hammercog
Meltdown maybe but it's just a stupid Intel-specific MMU bug. Spectre, no; it does not even have to cross cpu privilege domains.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @csolisr
I interpreted
@csolisr's question as implying physically segregated access, not the equivalent of "airgapped" but essentially enforcing a crude physical segregation right down the middle of the hardware. Please explain how my interpretation makes no sense. I'm out of my depth.1 reply 0 retweets 0 likes -
Replying to @hammercog @csolisr
Spectre (P0's "variant 1") can attacks privilege boundaries that are purely logical/software, which the cpu is not even aware of. There are far more such boundaries than physical cores.
1 reply 0 retweets 0 likes -
Yes you could probably protect the kernel by additional physical isolation, but many valuable attack vectors would remain.
2 replies 0 retweets 0 likes -
And fixed assignment of a whole core to one purpose is a big waste of resources and a big performance bottleneck if you only allow kernel to run on one core.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @csolisr
I agree that it would be a very unpleasant trade-off to take the approach described above, pretty much entirely impractical for all but the most specialized edge-cases (or maybe not even marginally practical then).
1 reply 0 retweets 0 likes -
Then again, I wonder if it might becomes somewhat more practical to assign a whole core solely to the kernel for some common use-cases if you end up running a 128-core CPU.
2 replies 0 retweets 1 like
It's not at all. You just make that 1 core the bottleneck for the whole system.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.