Apple's M1 unpatchable flaw


Don’t tell me that Apple, not learning from Intel’s horror experience, provides no means of disabling speculative execution temporarily?

Lets be fair here. This is very different and they definitely learned from spectre. That is what PAC (pointer authentication) is for. Thisy flaw is how to bypass this safety measure. It’s not a way to bypass it itself.

Yep, I understand that. It doesn’t create any new vulnerabilities (assumption?). It just means that a catch-all defence against some unspecified existing vulnerabilities may not be effective and it doesn’t change the fact that all known existing vulnerabilities should be patched.

I stand by what I said though: there are so many speculative execution leaks in CPUs (at least in Intel CPUs) that it is crying out for a single bit in a control register somewhere that can turn off speculative execution in the early boot (before any malicious code could run) … so that when each vulnerability is announced, or otherwise, you have the choice to sacrifice some performance while waiting to get assessments of the extent and severity etc. of the vulnerability and/or apply required patches.

The alternative, at the CPU level, would be the capability to hide all externally visible state changes including microarchitectural state changes that are caused by the speculative execution of instructions until the instructions are committed. That is risky - because “all” is hard to guarantee - and would probably cost some performance anyway.