Hi,
after the dust around the Meltdown and Spectre attacks has settled a bit, you may wonder how Fiasco.OC / L4Re fares with regard to these attacks.
Fiasco.OC / L4Re is vulnerable to Meltdown-like attacks because the kernel is mapped into each task. However, the kernel does not map all physical memory but only memory it requires for its own data structures + kernel-user memory required for e.g. UTCBs and vCPU state save areas. Depending on the amount of physical memory and the available page sizes, Fiasco.OC may map it little bit more than that to save TLB entries. That means there can be a slight overlap of user memory that is visible to the kernel. But it is not possible for a thread to read _all_ memory.
Because we think that no thread should read information from other threads (pagetables, capability arrays, UTCBs etc.), we plan to change Fiasco.OC to execute in its own address space on Intel CPUs.
Against Spectre we do not plan to implement anything right now. We think the attack surface of the kernel is very little (if any) and may be even further reduced with Intel's microcode updates and future compiler/tool mitigations. However, we will observe future discussions and developments and may reassess this in the future.
Thank you and regards, Matthias.