Do modern CPUs flush branch predictor state on context switch? https://lkml.org/lkml/2018/1/4/635 … seems to indicate that they don’t. If not, why are we treating process separation as “the thing that fixes Spectre”?
-
-
To be clear: if we wanted to fix Spectre in Firefox, we could use hacks to scramble the branch predictor and BTB before executing JS in a different domain than the last one we executed. This would be more effective than Fission/Site Isolation, AFAICT.
-
I don't see how it would work. Wouldn't that be racy when multiple processes are involved? Imagine context switches between your "scramble" step and the "execute the JS" step.
- 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.