13 Jan
2018
13 Jan
'18
10:36 a.m.
On Jan 13, 2018, at 1:22 PM, Dave Wade via cctalk
<cctalk at classiccmp.org> wrote:
...
It delayed telling the world to allow time for OS providers to apply fixes. This is now
standard and the delays are defined...
http://abcnews.go.com/Technology/wireStory/intel-fixing-security-vulnerabil…
but it looks like in this case it leaked early. Similar bugs affect ARM, AMD and PowerPC
but nothing from them either. IBM won't tell the world (it will tell customers, but I
am not a customer) if and how it affects Z.
There are two bugs that are largely unrelated other than the fact they both start from
speculative execution. One is "Meltdown" which is specific to Intel as far as
is known. The other is "Spectre" which is a pretty much unavoidable side effect
of the existence of speculative execution and appears to apply to multiple architectures.
There may be variations; I assume some designs have much shorter speculation pipelines
than others and if so would be less affected.
Meltdown has a software workaround (it could also be fixed in future chips by changing how
speculative loads work, to match what other companies did). Spectre needs software fixes,
possibly along with microcode changes (for machines that have such a thing). You're
likely to hear more when the fixes are available; it would not make sense to have much
discussion before then for the reason you mentioned at the top.
paul