One could have “speculation ways” throughout the “entire cache hierarchy” to prevent evictions so that rollbacks have no visible micro architectural side effects, but that seems like a hard problem. Would need speculative read, commit and rollback in the cache coherence protocol.
-
-
-
Easy (proposed, needs check for completeness) solution is just adding a MSR bit to disable fetch during speculation and letting users who care about security flip it.
-
Ya I thought about that. As far as I can tell the first load is fine, it’s the second speculated load using the value from the first load that leaks data. They could have a bit in the issue window that the register value is the result of a speculated load, as barrier for 2nd load
-
I think even the first is potentially dangerous. If a reg contains a (non-ptr) value that's private and you trick branch prediction to branch to somewhere it's used as an index or ptr, part of its value potentially leaks.
-
Possibly, but Spectre variant 1 uses a data dependent load to leak data i.e. two loads, the second load with a stride to cause a particular cache eviction. Still curious what the performance hit would be to disallow all speculative loads.
-
My claim (no data but strong intuition) is that the hit would be minimal on most loads people care about, where most loads (pardon the pun) are either already in l1 (no penalty) or at least in l2/l3 (minimal stall compared to going to dram).
End of conversation
New conversation -
-
-
The "twitter-summary" tells me we might also benefit from not running user defined workloads where we can & NOT patching spectre, on those systems. Even in hardware, the cost to fix might be too high.
-
"User defined workload" is not well-defined. You don't have to be an interpreter/jit to be affected by spectre v1. That's just the canonical example.
-
If you're running a bunch of webapps, there's usually no chance for the user to upload a payload that could trigger spectre. There's a lot of cases where you should have confidence about what code you are running. Maybe there's no fitting label but generally UDW wfm.
End of conversation
New conversation -
-
-
The other approach is to not speculate data dependent loads i.e loads using values that are loaded as the result of speculation. Limit speculation depth based on syntactic dependencies i.e. a specific limit on speculation for Spectre variant 1.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.