MMU and Meltdown

[Peter Veentjer]

I'm currently investigating Meltdown in combination with X86.

The cause of Meltdown is that due to out of order execution, access to memory can be done in a page that doesn't have the correct permissions to be accessed. And using a side channel attack based on cache timing every byte from that page can be accessed.

This part is clear.

What isn't clear is if my understanding of the MMU is correct.

The MMU is in charge of doing virtual to physical address translation and to verify the permissions on the page.

The question is if the MMU is a black box or if the MMU is just a concept and is implemented by generating the appropriate uops including the permission validation. And since these uops can be executed out of order, it is possible to access the address before the permissions have been validated and hence we have Meltdown.

[Alex Blewitt]

It sort of doesn’t matter how the MMU works; the problem is that the permissions check for the load happens asynchronously with subsequent speculated execution. Whether that’s by additional uops being generated or the response to the load request is an implementation detail. Either way you have the same resulting effect.

Alex

Sent from my iPhone 📱

On 13 Mar 2020, at 05:26, Peter Veentjer <alarm...@gmail.com> wrote:



--
You received this message because you are subscribed to the Google Groups "mechanical-sympathy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mechanical-symp...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/mechanical-sympathy/2ebca4a5-2f62-4297-ace0-d4187a280e0d%40googlegroups.com.