Re: Meltdown and spectre

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Fri, 5 Jan 2018 16:51:19 -0700
Message-ID: <c557fd49-a40f-751c-d484-5d76e91512c6_at_gmail.com>

On 2018-01-05 2:33 PM, Reen, Elizabeth (Redacted sender elizabeth.reen for DMARC) wrote:
> I have a background in system engineering. I don’t get how a chip can
> be exploited. What code can be hacked there?

For speculative execution, a command is executed that MIGHT be required. That command might ask to move stuff into some portion of memory, or need a specific page moved in. If that command is then rolled back, what happens to the memory that it just filled? (Hint: it's still filled in, perhaps with a password.) Back in the day (early 90s) when this stuff was dreamt up, the idea of flushing that memory on command rollback would not have been a concern - hacking was for fun, not profit, in those days. It's not actually the code being hacked, as much as a side effect that is not properly handled.

It wasn't just the hardware guys, either. We s/w devs were pretty sloppy about things like end-of-arrays and random pointers in our code, and few people worried about (or even understood) what happened at the chip level. (Remember why Java came into being?)

/Hans

--
http://www.freelists.org/webpage/oracle-l

Received on Sat Jan 06 2018 - 00:51:19 CET

This message: [ Message body ]
Next message: Tony: "Re: OMS tz"
Previous message: Tim Hall: "Re: Meltdown and spectre"
In reply to: Reen, Elizabeth : "RE: Meltdown and spectre"
In reply to Reen, Elizabeth : "RE: Meltdown and spectre"
Next in thread: Tim Hall: "Re: Meltdown and spectre"
Reply: Tim Hall: "Re: Meltdown and spectre"
Reply: Reen, Elizabeth : "RE: Meltdown and spectre"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message