You can read the results from L3 cache of speculation
Think case where cpu predicts call to function taking ptr but you're really calling function with integer arg under attacker control.
-
-
Disappointing but my guess is that you just have to disable all speculative fetch. At least all future cpus should give an MSR to do that for users who need strong guarantee or don't care about perf loss under heavy L1 misses.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Hmm, so if all speculative execution was done in a hidden cache (not in the regular cache hierarchy) then that wouldn't matter since the side effects wouldn't be visible. Sorry, I just can't get the speculative cache idea out of my head since it seems to fit, just needs tweaking
-
It would double the production cost as far as cache design is concerned since you're splitting each level into a visible and invisible part. But then that should achieve the needed isolation since you can no longer see what's going on during speculation.
-
How do you make the speculated reads visible to the ordinary cache? And you might not have speculated across one jump: might speculate both ways across multiple jumps, as well as over traps
-
With the disclaimer that this is an imaginary design that has no physical reality associated with it, you have an extra few cycles of latency when you swap in lines from the speculative cache to visible cache when the speculated branch is taken.
-
The actually speculation mechanism should not change with this, only the fact that cache population and invalidation for the speculative execution ought to happen in the invisible cache, not the visible cache. Changes committed to visible cache when branch is taken.
-
Is this similar to TSO maintenance logic? I have no idea. And I still haven't figured out mmmix enough to test perf impacts.
-
I don't know tso or mmix to make a comparison. This is just something I've been thinking idly over while waiting for my builds to finish.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.