Comment by amoss
2 years ago
No. Architectural leakage via a side-channel is far from simple. It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
If anything, these are canonical examples of non-simple bugs.
> It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
For exploitation, or for patching, maybe. But characterizing these bugs is still clear and simple IMO. I mean, rowhammer is about as basic as a bug can get - the value of this bit in memory changed even though it was never written to.
Rowhammer isn't a speculative execution bug. Without getting into how complex Rowhammer is or isn't, speculative execution is an inherently complex and software-involved pattern of vulnerability.
You're letting yourself get dragged into some weird rhetorical places trying to defend this part of Raymond's essay.
> Rowhammer isn't a speculative execution bug. Without getting into how complex Rowhammer is or isn't, speculative execution is an inherently complex and software-involved pattern of vulnerability.
Rowhammer was one of the examples the person I was replying to listed. But the same applies for spectre/meltdown/etc.. They're all issues that can be understood - perhaps not exploited, certainly not fixed, but understood that a bug is there - without any deep architectural knowledge.
> You're letting yourself get dragged into some weird rhetorical places trying to defend this part of Raymond's essay.
If anyone other than you talked like this they'd be quite rightly downvoted to oblivion.
4 replies →