The "Retbleed" speculative execution vulnerabilities
The "Retbleed" speculative execution vulnerabilities
Posted Jul 13, 2022 22:47 UTC (Wed) by JoeBuck (subscriber, #2330)In reply to: The "Retbleed" speculative execution vulnerabilities by wtarreau
Parent article: The "Retbleed" speculative execution vulnerabilities
Alternatively, perhaps for an extra fee cloud providers could sell customers a flow that guarantees that they won't share a physical processor with anyone else, so any processes that could observe cache behavior or other side channels would belong to the same customer (and perhaps they even want those kinds of observations for performance monitoring). Then mitigations wouldn't be needed and processors could speculate freely. It would be up the customer not to run untrusted code in this mode.
Posted Jul 14, 2022 9:29 UTC (Thu)
by roc (subscriber, #30627)
[Link]
It's also pretty easy to see which AWS instances guarantee you an entire socket --- it's the ones where AWS lets you use the PMU. They don't want you using the PMU to sniff other customers on the same socket via side channels. However, I don't think AWS *guarantees* that no-one else is on the socket.
The "Retbleed" speculative execution vulnerabilities
You can rent bare-metal boxes in AWS and elsewhere.