Re: [BUG] x86 : i486 reporting to be vulnerable to Meltdown/Spectre_V1/Spectre_V2

[Arnd Bergmann]

On Thu, Feb 8, 2018 at 6:27 PM, tedheadster <tedheadster@xxxxxxxxx> wrote:
> On Thu, Feb 8, 2018 at 12:02 PM, David Laight <David.Laight@xxxxxxxxxx> wrote:
>> From: Arnd Bergmann
>>> Sent: 08 February 2018 15:23
>> ...
>>> The Winchip is what eventually turned into the VIA Nano, which does
>>> have speculative execution, but I don't think the earlier C3 and C7 did,
>>> they are much closer to the original Winchip design.
>>
>> We had terrible trouble getting (IIRC) the C7 to execute functions
>> that were called in 16bit mode and returned in 32bit mode and v.v.
>> (for boot code bios calls).
>> The problems seemed to imply that it was caching return addresses
>> and the translation (to uops) of the instructions that followed.
>> So it would effectively decode the first few bytes in the wrong mode.
>> So there might be scope for one of these attacks.
>>
>> OTOH these devices were so slow that I doubt any are used for anything
>> serious - and certainly won't get a kernel update even if they are.
>>
>> Also worth nothing that the difference between the cpu and memory
>> speeds is much lower - so far fewer instructions could be speculatively
>> executed while waiting a cache miss.
>
> You might think this absolutely crazy, but I would be willing to test
> such systems if I can get my hands on the needed hardware that I lack.
> I am already doing sanity testing on Intel
> i486/i586/i586-MMX/i686-PentiumPro systems, I just don't have the
> clone cpus (Cyrix, etc).

VIA machines are available for pocket change in many countries,
this one is what I'd get if I wanted to test over here:

http://www.ebay.de/itm/IGEL-UD2-D200-VIA-C7-M-500MHz-1GB-1GB-Flash-Memory-Thin-Client-ohne-Netzteil/301860030372

Similarly, the 6x86 (Cyrix, ST or IBM branded are identical) is really
easy to get by itself and should fit in many Socket 7 mainboards, which
you apparently already have.

      Arnd