On 5/01/2018 5:10 PM, Cannaerts, Jan wrote:
If a similar attack works, as long as it's addressable, you can read it.
I do not exactly know where the DAT tables live, and if they, or the real
address
they reside at are in fetch-protected common storage, you could get a hold of
them.
But regardless, I do not believe you can read using real addresses without
executing privileged instructions at some point.
We'll most likely never find out whether or not this flaw exists on z/Arch, as
IBM is going to patch this. I'd try it out but I have neither the time nor
the hardware.
Example code is already out there
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6. I
built this on my PC and it worked! Is there a zArch instruction to flush
a cache line like the _mm_clflush() built-in for x86? If so it would be
easy to compile and run spectre.c on z/OS and see what happens.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
