[Info-vax] Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
DaveFroble
davef at tsoft-inc.com
Fri Jan 5 16:00:57 EST 2018
Alan Browne wrote:
> On 2018-01-05 09:15, DaveFroble wrote:
>> Jan-Erik Soderholm wrote:
>
>>> Becuse the designers, for performance reasons, has mapped kernel memory
>>> into the user process address space and relies on the OS to check
>>> protection before any kernel memory (or code) is accessed.
>>>
>>> The issue with the current issues is that the hardware (the CPU) does
>>> these accesses in hardware "under the hood" without control by the OS.
>>>
>>> If you map your kernel memory in another way that uses the hardware
>>> protection facilities, you are (as I understand) safe, at the cost
>>> of worse performance to switch between user and kernel mode.
>>>
>>>
>>
>> As I wrote, someone dropped the ball on this one.
>>
>> Speculative execution is part of the HW, not software. It appears the
>> HW doesn't follow it's own rules. Or, perhaps I don't actually
>> understand the problem?
>
> At least as well as I do. These are very complex mechanisms and
> complexity is usually where you're most likely to get problems.
>
> In this case the h/w implementation didn't reflect the design goal.
>
> This means intel had very poor design review and abysmal testing of
> security features.
>
There seems a whole bunch of us "speculating" about things we probably don't
know enough about.
:-)
It seems to me that before memory is fetched into cache, the CPU should be
determining whether it should indeed be fetching that memory. Yeah, sounds
simple, but I'm betting it isn't.
--
David Froble Tel: 724-529-0450
Dave Froble Enterprises, Inc. E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA 15486
More information about the Info-vax
mailing list