On Thu, 4 Jan 2018 09:23:58 +0800 Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > I don't know about that. Going to https://meltdownattack.com/ it > reads.... > > Which systems are affected by Meltdown? > Desktop, Laptop, and Cloud computers may be affected by Meltdown. > More technically, every Intel processor which implements out-of-order > execution is potentially affected, which is effectively every > processor since 1995 (except Intel Itanium and Intel Atom before > 2013). We successfully tested Meltdown on Intel processor generations > released as early as 2011. Currently, we have only verified MeltdownC > on Intel processors. At the moment, it is unclear whether ARM and AMD > processors are also affected by Meltdown. > > Notice the last sentence. > > And how about > https://www.windowscentral.com/all-modern-processors-impacted-new-meltdown-and-spectre-exploits ; > ? > > Unless there is a significant performance hit isn't it better to just > be safe and make it for all? The hit is significant. I've seen numbers from 17% to 30%. And, I saw a patch submitted by AMD for the kernel that bypassed the fix for AMD CPUs, as well as the statement. I'll take AMD's word over that of the above site. I can't speak to ARM; I've seen nothing about the effect on them, which leads me to believe that there isn't one. But the site above could be right about ARM. The exploit appears to be related to speculative execution that Intel CPUs do to improve throughput. i.e. they run all likely paths, so the one actually chosen is already completed or in process. During that execution, the security level can be escalated to that of the kernel from that of the user process, allowing the exploit. AMD doesn't do that speculative execution, so they aren't vulnerable to the security level escalation. There is speculation online that Intel is pushing for other x86 CPUs to be subject to the fix so they aren't the only one affected by the performance degradation. There's probably a reason the CEO of Intel sold all that stock in December. :-) But the actual exploit is supposed to be formally announced soon, which should end all the confusion. _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
