Date: Thu, 04 Jan 2018 08:52:23 -0700 From: Brett Glass <brett@lariat.org> To: Dag-Erling Smørgrav <des@des.no>, Erich Dollansky <freebsd.ed.lists@sumeritec.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com> Subject: Re: Intel hardware bug Message-ID: <201801041552.IAA17267@mail.lariat.net> In-Reply-To: <86vaghu0ps.fsf@desk.des.no> References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> <86vaghu0ps.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:01 AM 1/4/2018, Dag-Erling Smørgrav wrote: >This is irrelevant. We are talking about timing-based side-channel >attacks. The attacker is not able to access protected memory directly, >but is able to deduce its contents by repeatedly performing illegal >memory accesses and then checking how they affect the cache. This is something I do not yet fully understand; perhaps someone here on the list can help explain it to me. The "Spectre" attack is claimed to work by altering the contents of the cache via a speculatively executed instruction. But the contents of that memory are not revealed directly to the program. So, how does it deduce the contents of physical memory merely from the fact that there's a cache miss on its address? --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801041552.IAA17267>