It's really bad when your unit of performance loss is "nines"...
-
-
Replying to @RichFelker @volatile_void
lol. "This spectre fix only has five nines of high unavailability."
1 reply 0 retweets 3 likes -
Replying to @sortiecat @volatile_void
With µc that adds the "flush btb" insn, a timer interrupt that's just "ibpb;iret" might not be in the "nines" level of horribleness, but I doubt ibpb is sufficient to clobber all branch prediction, just indirect.
1 reply 0 retweets 1 like -
Oh wait. If the cpu has HT, can you just steal a whole HT thread to constantly clobber BTBs?
2 replies 0 retweets 0 likes -
ugh. How about just putting *secret* data into the uncached/device memory? And not care about the non-secret?
1 reply 0 retweets 0 likes -
It doesn't scale. Requires hacks in every application that might have secrets. It's like foregoing MMU: instead of a general-purpose safety mechanism you have to manually ensure every check is right.
1 reply 0 retweets 0 likes -
If you unmap userspace memory upon kernel entry (aka Meltdown) fix and remove physmap from kernel, you shall be able to mitigate cross-app leakage. Am I right?
1 reply 0 retweets 0 likes -
No. The idea of Spectre v1 is that you trick a process to leak parts of its own memory via cache side channels. Malicious code in JIT is the obvious/easy way but far from the only one.
2 replies 0 retweets 0 likes -
Ok, but why would you want to flush the branch predictor cache all the time and not upon exiting from the exception?
1 reply 0 retweets 0 likes -
So that one code path in the victim process can't be coerced into leaking unrelated parts of the process's own memory. That's what Spectre v1 is.
1 reply 0 retweets 0 likes
The only mitigation without new Si is to turn off speculative execution across branches, and cpu vendors won't give us an MSR for that (because perf hit looks bad on them), so forcibly prevent branch prediction instead using HT.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.