Going to bite: you don't need to be an expert on details to know an entire class of design has a gaping flaw that the experts tacitly acknowledge (by failure to fix it) and should be scrapped if it can't be fixed.
-
-
Does that mean we can have security-tagged CPU & memory architectures now?
1 reply 0 retweets 0 likes -
Not a solution. Every untaken branch is fundamentally a privilege boundary. You can't scale to that many tags.
2 replies 0 retweets 1 like -
Replying to @RichFelker @strat and
Speculation must either not happen, or happen in containment outside of which no speculative results can be seen.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @strat and
hence xfence instructions are finally put to use ?
1 reply 0 retweets 0 likes -
No, because that's imposing a new ISA constraint not satisfied by existing binaries, it's opt-in, and it pessimizes non-broken cpu implementations. The cpu needs to do the right thing itself, not only when assisted by a pessimizing compiler.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @strat and
Nothing to argue with that. This confirms my understanding fixes are not made to last as effective mitigations on current processors would require massive patching across bios, kernel, apps, libs. (right?)
1 reply 0 retweets 1 like -
Replying to @io_r_us @RichFelker and
I am convinced any cloud vm with root access is a gonner regardless of patching.
1 reply 0 retweets 1 like -
I think vm's are actually easier to make safe if the host isn't cost-cutting. Just doing full flush of entire cache hierarchy at every vm switch covers most of it.
2 replies 0 retweets 1 like -
Replying to @RichFelker @io_r_us and
It's within a vm where you have syscalls, shared memory across privilege domains, and content switches that safety gets hard.
1 reply 0 retweets 0 likes
NTM the unfixable privilege boundaries within a single application content that are enforced by software logic that Spectre v1 breaks.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.