Hector Martin

What I mean is the problem isn't the TLB itself, it's what you do with the data when the TLB hits but you don't pass the privilege check. They should be eagerly dropping/poisoning it instead of steamrolling forward on privileged data.

That’s true. But how much was that timing impact when the design was first done? It’s pretty rude to call the CPU designers idiots for a reasonable decision taken by many different teams. Especially when you don’t understand the trade-offs involved 1/N

@jonmasters made a good point that the lack of communication between SW and HW is a cause of the security problem. Understanding why the decision was made is probably a good idea, rather than assuming incompetence or idiocy. 2/N

Are DRAM designers morons for allowing rowhammer? That hasn’t been solved, whereas Meltdown has. The only solution I’ve heard for rowhammer is “let’s make DRAM way more expensive”. The future isn’t SW or HW, it’s systems architecture spanning both and less tribalism! N/N

Rowhammer is Intel's fault too: they're largely the reason why desktop systems do not use ECC memory (because they market it as premium). It is utter insanity that at current DRAM densities we pretend memory is flawless. Every other storage tech has used ECC for decades.

(I know ECC as it exists today for DRAM does not completely mitigate rowhammer, but it certainly helps a lot)

Rowhammer has been solved, BTW. There are algorithms that can be used to proactively refresh vulnerable rows. Combined with faster refresh intervals, it's an effective mitigation.

if you mean TRR, then, that is trivial to bypass (we did early this year) we even bypassed it while running with doubled refresh rate... so, maybe it is solved, but not the way you describe here ;)