Martin Packer wrote: >Surely the term "fetch-protected" says it all: In principle you'd fetch >protect what you didn't want fetched. :-) Now, I don't know if there is any >overhead to fetch protection that might cause you not to fetch protect what >should be.
This is the problem just there. 'fetch protection' schemes are bypassed at all despite whatever actions the operating systems on a device [PCs, laptops, cloud servers, cell phones, virtual machines, etc.] can do. All those [ hardware / microcode ] algorithms implemented by CPU manufacturers were nice to have, since it speeds up loading and execution of instructions + memory areas before the actual execution and usage of those memory areas. Now, those algorithms are exploited. Basically, you load a 'fetch protected' address and then use/mis-use 'out of order execution' and 'speculative execution' while messing around with the contents of CPU caches. Long story, but in short, before you are interrupted because of fetch protection, you can dump protected areas to somewhere else. See these [somewhat technical] papers: https://meltdownattack.com/meltdown.pdf https://spectreattack.com/spectre.pdf Only way to be 100% safe (?), update your systems including Linux systems and do a hardware CPU [any device with a CPU] upgrade/replacing... Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
