Because that's a fundamental change to the ISA tgat renders existing software unsupported. A new ISA could require it, of course, but that seems dangerous & error-prone.
-
-
Replying to @RichFelker @siddhesh_p and
Why is that "dangerous and error-prone"? Lots of CPUs only have one trust boundary. Why do we need to make fix only hardware?
1 reply 0 retweets 0 likes -
Replying to @WatsonLadd @siddhesh_p and
Because people sometimes write asm by hand & are likely to get it wrong. But nobody's making a new ISA right now anyway. RV is already spec'd & in use.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @siddhesh_p and
You can add speculation barriers where they are needed.
1 reply 0 retweets 0 likes -
Replying to @WatsonLadd @siddhesh_p and
Again, adding them to an existing ISA is pointless because you're not fixing the bug - that you broke the original ISA contract.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @siddhesh_p and
We've got an actual security issue: it doesn't matter whether we change the ISA contact+modify software to fix. What matters is it gets fixed. And lots of machines won't have this issue.
1 reply 0 retweets 0 likes -
Replying to @WatsonLadd @siddhesh_p and
Yes it does matter. You really have no idea what you're talking about.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @WatsonLadd and
Here "changing the ISA" means "declaring all existing binaries AND TOOLING for the old ISA deprecated and unusable".
2 replies 0 retweets 0 likes -
Replying to @RichFelker @siddhesh_p and
Could you be specific about what breaks? For most machines in the world only the browser's JIT engine needs a change. For virtualized servers the hypervisor.
1 reply 0 retweets 0 likes -
Replying to @WatsonLadd @siddhesh_p and
That's really naive. An interpreter/JIT running hostile code is the most obvious way to exploit Spectre but there's no guarantee it's the only one.
1 reply 0 retweets 0 likes
I strongly suspect there will be ways to exploit via specially crafted files thought of as "pure data".
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.