As Meltdown exploits out-of-order execution, a trivial
countermeasure would be to completely disable outof-order
execution. However, the performance impacts
would be devastating, as the parallelism of modern CPUs
could not be leveraged anymore. Thus, this is not a viable
solution.
Although KAISER provides basic protection against
Meltdown, it still has some limitations. Due to the design
of the x86 architecture, several privileged memory locations
are required to be mapped in user space. This
leaves a residual attack surface for Meltdown, i.e., these
memory locations can still be read from user space. Even
though these memory locations do not contain any secrets,
such as credentials, they might still contain pointers.
Leaking one pointer can be enough to again break
KASLR, as the randomization can be calculated from the
pointer value.