[LAU] Meltdown – Spectre

[David Kastrup]

Ralf Mardorf <ralf.mardorf-ZCLZIpdjs0kJGwgDXS7ZQA at public.gmane.org>
writes:

> On Sat, 13 Jan 2018 15:29:27 +0000, Pablo Fernandez wrote:
>>El sáb., 13 ene. 2018 13:58, Thomas Pfundt escribió:
>>> However, this site doesn't list your Celeron G as vulnerable:
>>> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
>>> Do you even need to concern with the patch and performance at this
>>> point?
>
> That is interesting news. I'll forward this, since actually it's
> claimed that all x86 CPUs since the Pentium Pro from 1995 suffer from
> this issue.
>
> Does anybody know how to value this information from Intel?

The vulnerability is speculative execution in connection with memory
fetch.  Basically, you make a conditional indirect branch via the
location you want to read out with the condition being later figured out
as false.  The execution is abandoned at that time, but the indirect
branch has invalidated previous contents of the cache depending on the
abandoned target.  Now you use timing registers in connection with
accesses in order to figure out just where the cache is no longer valid.

Since kernel and user processes generally share the same virtual address
space for efficiency reasons (though obviously not the same
permissions)...

Basically, I'd be surprised about exceptions.

-- 
David Kastrup