Erich Dollansky <freebsd.ed.lists at sumeritec.com> writes:> Intel used segments to separate things everybody hated.Everybody hated segment-level memory protection, but the i386 also introduced page-level memory protection, which was widely used and has since been expanded to provide features that were never available at the segment level.> Intel introduced later the rings, everybody ignored.Not at all. They just don't use all four. Unless you start looking at hardware virtualization extensions, which introduce additional protection levels.> Instead of keeping the things separated - as suggested by Intel's > design - people used shortcuts whenever possible.This is irrelevant. We are talking about timing-based side-channel attacks. The attacker is not able to access protected memory directly, but is able to deduce its contents by repeatedly performing illegal memory accesses and then checking how they affect the cache. DES -- Dag-Erling Sm?rgrav - des at des.no
At 08:01 AM 1/4/2018, Dag-Erling Sm??rgrav wrote:>This is irrelevant. We are talking about timing-based side-channel >attacks. The attacker is not able to access protected memory directly, >but is able to deduce its contents by repeatedly performing illegal >memory accesses and then checking how they affect the cache.This is something I do not yet fully understand; perhaps someone here on the list can help explain it to me. The "Spectre" attack is claimed to work by altering the contents of the cache via a speculatively executed instruction. But the contents of that memory are not revealed directly to the program. So, how does it deduce the contents of physical memory merely from the fact that there's a cache miss on its address? --Brett Glass
Hi, On Thu, 04 Jan 2018 16:01:51 +0100 Dag-Erling Sm?rgrav <des at des.no> wrote:> Erich Dollansky <freebsd.ed.lists at sumeritec.com> writes: > > Intel used segments to separate things everybody hated. > > Everybody hated segment-level memory protection, but the i386 alsogood that hate is meanwhile illegal.> introduced page-level memory protection, which was widely used and has > since been expanded to provide features that were never available at > the segment level.Yes, but instead of combining both, the segment registers were set to point to the same memory locations disabling the additional protection given by the segments.> > > Intel introduced later the rings, everybody ignored. > > Not at all. They just don't use all four. Unless you start looking > at hardware virtualization extensions, which introduce additional > protection levels.It was just abusing them to replace the supervisor flag other processors have or have had.> > > Instead of keeping the things separated - as suggested by Intel's > > design - people used shortcuts whenever possible. > > This is irrelevant. We are talking about timing-based side-channel > attacks. The attacker is not able to access protected memory > directly, but is able to deduce its contents by repeatedly performing > illegal memory accesses and then checking how they affect the cache.Directly yes, not if the kernel memory would be always in a different segment. It would land then in cache only when memory near segment bounds are accessed. Which could be easily avoided. Anyway, we cannot turn the clock back now. I just wanted to mention that Intel has had different thoughts those days. I am not even sure if Intel engineers remember this. Erich