Hector Martin

Allow me to summarize x86 side channel attacks: Spectre v1: speculation is insecure by design Spectre v2: secure branch prediction matters Meltdown: Intel are dumbasses L1TF: Intel are monumental, inexcusable dumbasses PortSmash: hyperthreading is insecure by design

You realize that Apple, IBM, and probably a few others also had Meltdown vulnerabilities, right? It’s not like Intels engineers were unique in their TLB design.

Meltdown is not about the TLB, it's about their CPUs speculating on data that has not passed privilege checks. ARM also managed to screw it up but only on one core. Yes Apple and IBM also messed up. They're all dumbasses, but then Intel went "hold my beer" and L1TF happened.

It’s 100% about when you check privileges in the TLB access pipeline. If you check eagerly you are fine, lazily —> Meltdown.

What I mean is the problem isn't the TLB itself, it's what you do with the data when the TLB hits but you don't pass the privilege check. They should be eagerly dropping/poisoning it instead of steamrolling forward on privileged data.

That’s true. But how much was that timing impact when the design was first done? It’s pretty rude to call the CPU designers idiots for a reasonable decision taken by many different teams. Especially when you don’t understand the trade-offs involved 1/N

@jonmasters made a good point that the lack of communication between SW and HW is a cause of the security problem. Understanding why the decision was made is probably a good idea, rather than assuming incompetence or idiocy. 2/N

Are DRAM designers morons for allowing rowhammer? That hasn’t been solved, whereas Meltdown has. The only solution I’ve heard for rowhammer is “let’s make DRAM way more expensive”. The future isn’t SW or HW, it’s systems architecture spanning both and less tribalism! N/N