Re: Spectre mitigation doesn't seem to work at all?!
From: Alan Cox
Date: Mon Jun 04 2018 - 10:13:14 EST
> A malicious program most probably won't care about that. Therefore, my
> next question is: which memory regions can be exploited by a malicious
> program? The complete physical memory or only the memory provided to the
> malicious program? Should be the latter if this approach should have any
> impact.
Spectre is not about memory regions. It's about speculative execution
leaving measurable footprints. What footprints you leave depend upon what
code you are executing. Thus the question becomes 'what can the target
access'.
In order to attack something you need both a way to influence the code
concerned and a way to measure it. In addition it needs to have some
secret you want.
In practice that usually means something on the same system with its own
memory space/privilege level. The usual cases then are user<->kernel and
managed application<->runtime.
Thus it's very different to meltdown style attacks.
If you are actually worried about this you should probably also read up
on more general cache prime/probe attacks and cache profiling (things
like the ARMageddon paper are worth reading - and while it was done on
ARM much of it is generic to most modern processors), as well as timing
attacks.
Alan