FedoraForum.org - Fedora Support Forums and Community
Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2004
    Location
    Maryland, US
    Posts
    7,286

    spectre and meltdown fixed in hardware by when

    Is it reasonable to think Ice Lake will be early enough in its design that Meltdown/Spectre will be mitigated in hardware? Cannon Lake seems to be a Kaby Lake shrink so I doubt any fix will be in that.

  2. #2
    Join Date
    Oct 2010
    Location
    Canberra
    Posts
    2,923

    Re: spectre and meltdown fixed in hardware by when

    It might not be too hard for Intel to modify its design to do a security check before loading instructions for speculative processing (as AMD do), so a Meltdown fix might make it into chips relatively soon.

    Not so much with Spectre. That will take years of redesign work by all the manufacturers.
    From the Spectre paper:
    A great deal of work lies ahead. Software security
    fundamentally depends on having a clear common un-
    derstanding between hardware and software developers
    as to what information CPU implementations are (and
    are not) permitted to expose from computations. As a re-
    sult, long-term solutions will require that instruction set
    architectures be updated to include clear guidance about
    the security properties of the processor, and CPU imple-
    mentations will need to be updated to conform.

    More broadly, there are trade-offs between security
    and performance. The vulnerabilities in this paper, as
    well as many others, arise from a longstanding focus in
    the technology industry on maximizing performance. As
    a result, processors, compilers, device drivers, operating
    systems, and numerous other critical components have
    evolved compounding layers of complex optimizations
    that introduce security risks. As the costs of insecurity
    rise, these design choices need to be revisited, and in
    many cases alternate implementations optimized for se-
    curity will be required

  3. #3
    Join Date
    Dec 2012
    Location
    santa barbara, CA
    Posts
    796

    Re: spectre and meltdown fixed in hardware by when

    I reckon the best solution for the CPUs is to split the cache. One for Kernel, one for Apps.
    That will most definitely mitigate the problem, and not affect performance that much. Of course the kernels will need to accomodate.
    "monsters John ... monsters from the ID..."
    "ma vule teva maar gul nol naya"

  4. #4
    Join Date
    Oct 2010
    Location
    Canberra
    Posts
    2,923

    Re: spectre and meltdown fixed in hardware by when

    Quote Originally Posted by bobx001
    I reckon the best solution for the CPUs is to split the cache. One for Kernel, one for Apps.
    That will most definitely mitigate the problem, and not affect performance that much. Of course the kernels will need to accomodate.
    From what I have read it appears the root cause is the speculative processing. The cache is then used by the attacker as a side channel that leaks the information. However, its my understanding that other side channels could be used.
    AMD's solution avoids the speculative processing that involves higher privileges. This stops the kernel stuff leaking (Meltdown) but not leaks from other user processes (Spectre).

    The basic problem is that when an instruction is processed in speculative mode and then discarded there are some bits of CPU state may not be undone. This is the source of the leaking. Hence a solution will probably involve ensuring that only things that can be undone are done in speculative mode. This will likely mean a reduction in performance as the pipeline goes empty more often.

  5. #5
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,114

    Re: spectre and meltdown fixed in hardware by when

    Anecdote.

    Speculative processing used to be called TLA (transaction Look Ahead). Back in the IBM mainframe days, some of the more expensive IBM processors did an multiple instruction look ahead. The support engineer told me that the more powerful systems did a 7 instructions ahead and if there was a branch instruction, it did the look ahead for up to 7 instructions on either side of a branch.

    In those days, all online systems were in-house, on private networks. CPU hacking was not a concern as it is today.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  6. #6
    Join Date
    Dec 2012
    Location
    santa barbara, CA
    Posts
    796

    Re: spectre and meltdown fixed in hardware by when

    Quote Originally Posted by lsatenstein
    Anecdote.

    Speculative processing used to be called TLA (transaction Look Ahead). Back in the IBM mainframe days, some of the more expensive IBM processors did an multiple instruction look ahead. The support engineer told me that the more powerful systems did a 7 instructions ahead and if there was a branch instruction, it did the look ahead for up to 7 instructions on either side of a branch.

    In those days, all online systems were in-house, on private networks. CPU hacking was not a concern as it is today.
    Anectode #2: I h4x0red into an IBM 3090 mainframe to copy files of a student to my account, so I could work from (teach him at) home, and I was effectively FBIed out of sk00l.
    (the h4x was a known bug, which dumped you into root access if you exceeded your alloted CPU time while "exiting" your shell)
    "monsters John ... monsters from the ID..."
    "ma vule teva maar gul nol naya"

Similar Threads

  1. Meltdown and Spectre
    By Greg P in forum Wibble
    Replies: 49
    Last Post: 29th March 2018, 12:00 PM
  2. Meltdown & Spectre fix turn off
    By MKas in forum Security and Privacy
    Replies: 9
    Last Post: 13th January 2018, 06:31 PM
  3. [SOLVED]
    Key not mapped on HP Spectre
    By Jakeb in forum Installation, Upgrades and Live Media
    Replies: 1
    Last Post: 1st October 2016, 04:40 PM
  4. The GNOME 3 Meltdown
    By Wayne in forum Linux Chat
    Replies: 38
    Last Post: 23rd September 2011, 08:45 PM
  5. F-14 LIVEUSB meltdown
    By perazim in forum Installation, Upgrades and Live Media
    Replies: 0
    Last Post: 5th December 2010, 02:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •