tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: meltdown



Hello,

On Fri, 5 Jan 2018 20:55:19 -0500
Thor Lancelot Simon <tls%panix.com@localhost> wrote:

> On Thu, Jan 04, 2018 at 04:58:30PM -0500, Mouse wrote:
> > > As I understand it, on intel cpus and possibly more, we'll need to
> > > unmap the kernel on userret, or else userland can read arbitrary
> > > kernel memory.  
> > 
> > "Possibly more"?  Anything that does speculative execution needs a good
> > hard look, and that's damn near everything these days.  
> 
> I wonder about just "these days".  The potential for this kind of problem
> goes all the way back to STRETCH or the 6600, doesn't it?  If they had
> memory permissions, which I frankly don't know.  And even in microprocessors
> it's got to go back to... the end of the 1980s (R6000?) certainly the 1990s.

R10k had all sorts of weirdo speculative execution related problems
( see hardware workarounds in the O2 ), and I doubt it's the first to
implement it.

> Though of course "fail early" is an obvious principle to security types,
> given the cost of aborting work in progress I can easily see the
> opposite being true for CPU designers (I'm not one, so I don't really
> know).  Which idiom (check permissions, then speculate / speculate, then
> check permissions) is more common?

No idea, one would think that failing early in order to avoid
unnecessary resource usage would be useful. Then again, the problem
seems to be that not everything from the speculative path gets
canceled / annulled, not so much that the speculation took place.

have fun
Michael


Home | Main Index | Thread Index | Old Index