<cole-h>
Sounds interesting. Are the implications just security ones, or are there other uses for Spectrum?
<qyliss>
I don't think there's any real new functionality described there, except for security?
<cole-h>
Just making sure my post-work brain was in the right place :P
<qyliss>
but the security benefits sound great, and really useful to us and feasible to implement
<qyliss>
SECRETMEM_UNCACHED is something you'd want to use more on an application level, but it's also quite exciting
<qyliss>
stop your password being side-channeled by cache by just never storing it in cache!
<cole-h>
:P
cole-h has quit [Ping timeout: 264 seconds]
<IdleBot_6d92ac96>
A bit annoying that now you are back to needing to make decision what to do if memory allocation fails! You could have zero locked quota, for example…
<qyliss>
you never didn't need to make a decision about memory allocation failing
<qyliss>
you could just get away with it a bit more often
<IdleBot_6d92ac96>
If a Linux system does not have carefully chosen OOM adjustments, one can panic! on failed malloc (I know I am mixing my metaphors here) with few realistic drawbacks…