Conversation

Notices

1. clacke (clacke@social.heldscal.la)'s status on Wednesday, 03-Jan-2018 22:00:00 EST clacke
   Heres some speculation on what that Intel and possibly also ARM flaw might be: MMU stuff not checked properly during speculative execution.
   
   > Now combine these two things - when the Intel processors do speculative execution they don’t properly check the permissions so you can look at kernel memory by doing ‘if x then y else naughty_thing’ and check the page fault side effects.
   
   http://gizmodo.com/1821729263
   1. Vertigo (vertigo@mastodon.social)'s status on Wednesday, 03-Jan-2018 22:03:15 EST Vertigo

      in reply to

      @clacke A hardware-level fix for this would double the burden on the MMU, which would slow the instruction execution rate appreciably. This is the problem with super-long pipelines, and why you should never have a CPU with a pipeline longer than, say, 10 stages. And that's being generous; I *actually* can't see any reason for anything longer than 6.

      1. clacke (clacke@social.heldscal.la)'s status on Wednesday, 03-Jan-2018 22:19:36 EST clacke

         in reply to
         @vertigo I've never even considered what a speculative branch should do on a page fault. It's not reasonable to go out and run an interrupt to page in memory for something that might not even happen (or even to just ask the MMU about access rights), so I guess it just needs to stall at that point. And maybe that's what they got wrong somehow. Maybe they just go "or if we assume we do have access, what would happen then" and then ask the MMU later ... and something can be observed from that.
         1. clacke (clacke@social.heldscal.la)'s status on Wednesday, 03-Jan-2018 22:21:43 EST clacke

            in reply to
            @vertigo I guess #riscv, being RISC, doesn't have much of a pipeline and probably didnt have to do this kind of optimization.
            
            Lets just drop legacy and all move over to the future.