Do modern CPUs flush branch predictor state on context switch? https://lkml.org/lkml/2018/1/4/635 … seems to indicate that they don’t. If not, why are we treating process separation as “the thing that fixes Spectre”?
-
-
Absent an instruction, I can think of awful brute-force ways to scramble the branch predictor and BTB given sufficient knowledge of how the processor works, but I don’t see why userland couldn’t do that just as well as the kernel can.
-
X86 has microcode so they released an update to expose IBPB. On ARM it's a real tragedy. There is an instruction but only in 32-bit mode so you have to go through TZ/HYP to invoke it. Unless your CPU does not support 32-bit mode in which case you do lots of jumps to clear it
End of conversation
New conversation -
-
-
Flushing the whole cache hierarchy probably does it..?
-
I was corrected: there actually is a flush BTB instruction now.https://software.intel.com/security-software-guidance/insights/deep-dive-indirect-branch-predictor-barrier …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.