# Meltdown

* [PoC from IAIK](https://github.com/IAIK/meltdown.git)
![Overview](https://gcdn.pbrd.co/images/IitOpaf.png?raw=true "Meltdown")

* Each page table entries has the following flag values
    * SUP (user or kernel mode)
    * READ
    * WRITE

* Flags are checked by the MMU

* Pipelined steps of an instruction are the following
    * Fetch
    * Decode
    * Execute
    * Memory access
    * Register write back

* A pipeline can execute one of each steps concurrently every clock cycle.
* The MMU may jump between instruction queued in the pipeline to make use of time while the current instruction stalls.
* __Speculative execution__ is the reordering of instructions to speed up execution inside the pipeline.
    * If a condition is executed speculatively, kernel memory may be executed. No error is thrown, because the is no assurance if the condition will actually be executed in the end.

* [Kernel Page Table Isolation](http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html) can be used to mitigate meltdown.