Throughout 2018 several computer vulnerabilities got into the spotlight, possessing all the ingredients needed to attract attention: the core issue was unusually located in the processor rather than the software; almost all personal computers, servers and portable devices were affected to some extent; and some of the bugs also had fancy nicknames such as “Meltdown” and “Spectre”. Even though the practical implications are probably much less frightening than originally reported, a closer look at Meltdown and Spectre is instructive. This talk will present the basic ideas behind modern processor architectures, including out-of-order execution, branch prediction and caching, and how they can be combined to create a side-channel attack. I will then look at software’s role in mitigating the issue, and what a longer term fix will look like.

Paolo Bonzini, Red Hat