> On Jan 17, 2018, at 8:08 PM, Mouse <mo...@rodents-montreal.org> wrote:
>
> ...
>> - Even speculative execution obeys access restrictions,
>
> In some respects. Meltdown is possible because Intel spec ex does not
> obey access restrictions in one particular respect; I don't know what
> aspects may not be obeyed by what CPUs except for that.
Indeed. I was surprised, but apparently that "obeys..." is wrong in
the case of Intel, though it is correct, as you might expect, for AMD
and ARM and probably most other architectures.
More precisely, speculative execution obeys access restrictions in
the sense that no architecturally visible (i.e., register/memory)
changes occur that are prohibited by the access controls. But Intel
does launch a speculative load without checking access; apparently
the access check is done in parallel and will complete a while later,
by which time the speculatively loaded data is in the cache and some
other operations may be done based on it.
Obviously, if speculative loads check permissions prior to launching
the load, the issue goes away. If so, Meltdown is completely
prevented.
Spectre is unrelated and does not depend on a mistake of this kind,
since there you're dealing with speculative loads that ARE permitted
as far as access control goes; they just aren't wanted because they
are preceded by range checks or the like.
paul
