> <insert caveat about possibly me misunderstanding things> I'd suggest reading the papers describing spectre and meltdown. They are fairly readable - I would expect anyone working on the NetBSD kernel to be competent to understand them - and they describe the vulnerabilities, and how the authors exploited them, in reasonable detail.
Unfortunately, they appear to be exported only on the Web, and even then only over HTTPS. I can send copies privately to anyone for whom those are obstacles (probably not very many, but they were for me). https://spectreattack.com/ and https://meltdownattack.com/ are the URLs I've found, though (as implied above) I haven't actually verified them myself. > Spectre is also a vulnerability. > - Even speculative execution obeys access restrictions, In some respects. Meltdown is possible because Intel spec ex does not obey access restrictions in one particular respect; I don't know what aspects may not be obeyed by what CPUs except for that. > - Variant 1 seems possible to avoid with low cost. It will likely > result in an error somewhere along the line, which is detectable. Sometimes. Doing the operation inside a transaction apparently will suppress the memory fault in at least some cases. Executing the whole thing under spec ex of a mispredicted branch definitely will annul the trap, but, from reading the papers, it appears they haven't tested it, so it's speculation (hah), albeit reasonable speculation, that it would be exploitable that way. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
