Spectre & Meltdown
Paul Koning
paulkoning at comcast.net
Sat Jan 13 12:36:41 CST 2018
> On Jan 13, 2018, at 1:22 PM, Dave Wade via cctalk <cctalk at classiccmp.org> wrote:
>
> ...
> It delayed telling the world to allow time for OS providers to apply fixes. This is now standard and the delays are defined...
>
> http://abcnews.go.com/Technology/wireStory/intel-fixing-security-vulnerability-chips-52122993
>
> but it looks like in this case it leaked early. Similar bugs affect ARM, AMD and PowerPC but nothing from them either. IBM won't tell the world (it will tell customers, but I am not a customer) if and how it affects Z.
There are two bugs that are largely unrelated other than the fact they both start from speculative execution. One is "Meltdown" which is specific to Intel as far as is known. The other is "Spectre" which is a pretty much unavoidable side effect of the existence of speculative execution and appears to apply to multiple architectures. There may be variations; I assume some designs have much shorter speculation pipelines than others and if so would be less affected.
Meltdown has a software workaround (it could also be fixed in future chips by changing how speculative loads work, to match what other companies did). Spectre needs software fixes, possibly along with microcode changes (for machines that have such a thing). You're likely to hear more when the fixes are available; it would not make sense to have much discussion before then for the reason you mentioned at the top.
paul
More information about the cctalk
mailing list