
Bingo #kpti #intelbug - ryanlol
https://twitter.com/brainsmoke/status/948561799875502080
======
testplzignore
I'm trying to understand the timeline of everything that is going on.

[https://cyber.wtf/2017/07/28/negative-result-reading-
kernel-...](https://cyber.wtf/2017/07/28/negative-result-reading-kernel-
memory-from-user-mode/) was published on 2017-07-28.

The pythonsweetness.tumblr.com post talks about patches being first posted in
October (anyone have a link to the first public patch?).

[https://lwn.net/Articles/738975/](https://lwn.net/Articles/738975/) was
published on 2017-11-15.

[https://lwn.net/SubscriberLink/741878/5c019c71457e0da6/](https://lwn.net/SubscriberLink/741878/5c019c71457e0da6/)
was published on 2017-12-20.

[https://lkml.org/lkml/2017/12/27/2](https://lkml.org/lkml/2017/12/27/2) was
published on 2017-12-27.

[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf)
shows that Linus merged the patches on 2017-12-30.

[https://lwn.net/Articles/742404/](https://lwn.net/Articles/742404/) was
published on 2017-12-30.

[http://pythonsweetness.tumblr.com/post/169166980422/the-
myst...](http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-
case-of-the-linux-page-table), which was the post that grabbed everyone's
attention, was published on 2018-01-01.

Was the blog post on 2017-07-28 talking about the same vulnerability that has
the world on fire today, or are there multiple issues going on?

~~~
testplzignore
[https://twitter.com/lavados/status/948700783259811847](https://twitter.com/lavados/status/948700783259811847)
gives credit to the cyber.wtf blog post for the "start of all this", though
the replies to that tweet note that Jann Horn reported the vulnerabilities on
2017-06-01. So first private disclosure was on 2017-06-01, and first public
disclosure was on 2017-07-28 as far as I can see.

I'd love to someday see a book written about the history of this, starting
from when the idea of speculative execution was first conceived decades ago.

------
userbinator
What this seems to be showing is that reads to cached addresses are faster.
While this is an almost obvious result, it's supposedly the basis of a bug
that allows reading kernel memory from userspace.

~~~
lathiat
This is the best explanation I have found so far:
[https://plus.google.com/+KristianK%C3%B6hntopp/posts/Ep26AoA...](https://plus.google.com/+KristianK%C3%B6hntopp/posts/Ep26AoAZxxd)

