1. 10

  2. 5

    “Intel CPUs allow you to read memory from other processes while in a transient instruction”

    Nope nope nope. They allow you to read any memory that is mapped in to the current address space, which has traditionally included memory belonging to the kernel, but not generally memory belonging to other processes (unless it is also in the kernel’s memory space).

    I’ve heard so much about these problems that is, if not blatantly false, at least slightly wrong. I wish people would stick to hard, correct, facts. It’s important, especially for this kind of problem.

    Edit: So, generally all of physical memory is mapped into kernel space in modern 64-bit systems. Since you’ve got so much address space to play with, I guess there’s no good reason not to do so - well, other than Meltdown, of course… still wish the article had been more explicit, but I know that’s a bit weak.

    1. 4

      All of physical memory, which includes other processes, generally is in the kernel address space.

      1. 3

        Feeling like I’m about to have to eat my hat, but: If the kernel runs a thread which maps all physical memory into its address space, then aye. But processes do not generally run with an address mapping which includes all of physical memory, surely? They have the kernel mapped in, certainly, but are you saying that this includes a mapping of all of physical memory? Does this include Linux as well as OpenBSD? Is this mapping above the process’ own regular address space or below it, which would (presumably) preclude access by Meltdown anyway? (edit: I assume last q doesn’t make sense, if it is indeed mapped in then it must be in the regular “high” part of memory that the kernel occupies).

        1. 5
          1. 3

            Thanks. However:

            Linux limits the direct physical mapping to ~896M

            A long way from “all of physical memory”, no? I may still be missing something.

            edit: Yeah, I was. 64 bits vs 32.

            Of course even this much is probably enough to make it possible for one process to access at least some memory belonging to other processes, so I guess my original statement is not correct, regardless.

            I guess my kernel-design thinking is stuck firmly in the 32-bits era. :(

    2. 5

      Why discourage others from reading the paper?

      Everyone: Read this paper! It’s well written and very accessible if you know the basics of how CPUs work.

      1. 2

        Yeah the paper isn’t that difficult to understand.

        1. 1

          The irony of your username is pretty great here :p