That would simply promote intentional ignorance. Even then Meltdown is part of a known class of attacks namely race conditions, Intel simply messed up.
Like DannyBee said, side-channel attacks were well known and security researchers had warned against them since at lest 1995. In fact both MacOS's kernel and the Linux kernel had some basic protections from side-channel attacks for years now, which unfortunately don't work if an attacker can dump the entire contents of all physical RAM.
Intel has has a long time to mitigate the issue. They didn't because it made their processors faster, and they chose profits over security.
Literally since 1995. There's no way Intel hasn't read this report from the NSA detailing how insecure the x86 platform is where they literally call out this exact feature as a security risk. This feature that was not accidental, but intentionally designed.
Why exactly are you blindly defending Intel, especially with such easily disprovable arguments?
It isn't the cache side channel that is the important part of meltdown. Flush-reload is just out the information is retrived and ask acceptable problem.
The problem is data hitting the cache when it comes from an unreadable page. Meltdown looks like a bug in the cache hit logic because the page information is already in the tlb, and the fix is probably fairly trivial.
If the unreadabld page doesnt hit cache or is never mapped there in the first place, spectre can only read its own process.
Well buckle your seatbelt, because 32 plaintiffs and counting will be using discovery and god knows what else to prove just that. Intel had better be utterly innocent, or have excellent coverup skills.
Well, actually, the cache sidechannel timing attacks were fairly well known for quite a while.
It's just nobody put two and two together.
This is actually mostly due to lack of public information in the processor manuals.
Otherwise it's quite likely it would have been discovered 5-6 years ago at least.
The fact that modern processors speculatively load memory has been known for a long time (and it's not like the fact that permission checking only occurs during retirement is documented...the reason no one considered it a problem was that it was thought of as an implementation detail and literally something you wouldn't document because in the future you might arbitrarily change it). This isn't exactly novel information...and putting two and two together only seemed obvious after the fact.
Well you know, I always thought accurate rollback was one of the hardest things about speculative execution. But just like other hazards, OF COURSE the CPU vendors have a deep understanding of them and a bag of tricks I have never heard of to avoid them. I am still incredulous about that screwup. It is such an obvious problem.
Hey, maybe memory traffic sidebands for speculative execution are next. You can undo cache data changes, you cannot undo the slowing down of simultaneous other memory traffic. And who knows, maybe everyone was like "we cannot prevent all measurable side effects, so screw it #YOLO". And nobody can admit that due to liability issues. That seems quite likely to me because it doesn't involve hundreds of very smart experts missing an obvious problem.
I love how all of a sudden the problem is obvious - so obvious it's existed for a decade with no known exploit, while speeding up processors considerably.
Intel should have hired all these really smart people on Reddit and HN. Imagine how much safer and faster our processors would be!
It's a screw up in the most complicated devices humanity has ever designed. It's borderline magic that they even exist, let alone the political stability required for 50 years of constant gains in processing power per dollar.
But nevermind that, they're a bunch of "LOL #YOLO" about security types, we should sue them because your data center power went up and now our dumbass 'world changing app' to look at random kittens as a subscription service is no longer profitable!
I think humanity doesn't deserve scientists and engineers.
You don't have to rollback for meltdown. The read can be masked to zero. There is already logic to do things like cancel page walks, so this isn't a very big fix.
I think specter should be fixed in software with some assistance from hardware, but overall with ooo, a process shouldn't expect privacy against itself.
AFAIU the Spectre software "fixes" are either extremely expensive, or still exploitable, or both. I think you're correct about OOO, and there goes the security of all current HTML/JS engines.