I'm no fan of Intel but I can't help but see Meltdown as at least partly the fault of OS vendors. They decided to keep kernel and user memory in the same address space for performance despite known problems with branch prediction and despite KPTI being an option.
I doubt Intel ever claimed prediction could not be detected nor forced kernel devs not to use KPTI. Usually when a vulnerability is found in a software architecture you blame the software.
It is my understanding that Meltdown is Intel only, Spectre affects AMD/ARM/Intel (though not the same impact). I don't believe either of these exploits affect POWER or SPARC. Basically Meltdown is caused by being overly aggressive in that it does not check permissions to access -- until after it has moved it to cache, AMD checks this before. Using this and the ability to get timing information (only really needed for debugging) - a clever algorithm can basically access and piece together kernel (protec
IBM is releasing firmware, AIX, and Linux updates for POWER systems to address something but they haven't clearly stated if it's for Meltdown, Spectre, or both.
I'm no fan of Intel but I can't help but see Meltdown as at least partly the fault of OS vendors. They decided to keep kernel and user memory in the same address space for performance despite known problems with branch prediction and despite KPTI being an option.
I doubt Intel ever claimed prediction could not be detected nor forced kernel devs not to use KPTI. Usually when a vulnerability is found in a software architecture you blame the software.
Intel did not introduce PCID [wikipedia.org] until recently so I can hardly fault the OS vendors about something which Intel was apparently aware of without notifying them.
I can't help but see Meltdown as at least partly the fault of OS vendors. They decided to keep kernel and user memory in the same address space for performance
Uh, they did what, now?
What modern OS doesn't keep kernel memory in its own protected address space?
"The C Programming Language -- A language which combines the flexibility of
assembly language with the power of assembly language."
Software is part of the problem (Score:2)
I'm no fan of Intel but I can't help but see Meltdown as at least partly the fault of OS vendors. They decided to keep kernel and user memory in the same address space for performance despite known problems with branch prediction and despite KPTI being an option.
I doubt Intel ever claimed prediction could not be detected nor forced kernel devs not to use KPTI. Usually when a vulnerability is found in a software architecture you blame the software.
Re: Software is part of the problem (Score:0)
This is a vulnersbiiity in the hardware.
Software can mitigate this, at a 5-30% penalty. From what I read software cannot completely stop the attacks.
If OS defect; why not all architectures affected? (Score:2)
Re: (Score:0)
IBM is releasing firmware, AIX, and Linux updates for POWER systems to address something but they haven't clearly stated if it's for Meltdown, Spectre, or both.
Re: (Score:2)
I'm no fan of Intel but I can't help but see Meltdown as at least partly the fault of OS vendors. They decided to keep kernel and user memory in the same address space for performance despite known problems with branch prediction and despite KPTI being an option.
I doubt Intel ever claimed prediction could not be detected nor forced kernel devs not to use KPTI. Usually when a vulnerability is found in a software architecture you blame the software.
Intel did not introduce PCID [wikipedia.org] until recently so I can hardly fault the OS vendors about something which Intel was apparently aware of without notifying them.
Re: (Score:0)
Uh, they did what, now?
What modern OS doesn't keep kernel memory in its own protected address space?