Do modern CPUs flush branch predictor state on context switch? https://lkml.org/lkml/2018/1/4/635 … seems to indicate that they don’t. If not, why are we treating process separation as “the thing that fixes Spectre”?
-
-
Replying to @pcwalton
Because "timesharing was a mistake" is a hard lesson?
2 replies 0 retweets 6 likes -
Replying to @samth
The cynical answer is “because it’s convenient for the Chrome team to think that process separation solves everything”…
3 replies 0 retweets 2 likes -
*cough* *cough* Firefox Fission
1 reply 0 retweets 1 like -
Replying to @MikeHommey @samth
To be clear, I think we *should* do Fission, but we should be honest with ourselves about what the benefits are relative to the work…
1 reply 0 retweets 2 likes -
Well, Fission was clearly announced as an answer to Spectre and alike.
1 reply 0 retweets 0 likes -
Replying to @MikeHommey @samth
So was Site Isolation in Chrome. Site Isolation has obvious benefits as a way to mitigate memory safety vulnerabilities between untrusted domains. Its use as a Spectre solution is much less clear to me.
1 reply 0 retweets 4 likes -
To be clear: if we wanted to fix Spectre in Firefox, we could use hacks to scramble the branch predictor and BTB before executing JS in a different domain than the last one we executed. This would be more effective than Fission/Site Isolation, AFAICT.
1 reply 0 retweets 1 like -
I don't see how it would work. Wouldn't that be racy when multiple processes are involved? Imagine context switches between your "scramble" step and the "execute the JS" step.
2 replies 0 retweets 2 likes
Yeah, you’re right, it doesn’t work.
-
-
Replying to @pcwalton @BRIAN_____ and
Though if you had IBPB, then you could implement that operation by switching over to a new Gecko thread/process that shares all the memory and can’t ptrace. Yeah, it’s a hack, but it’d be a lot less work than Site Isolation.
0 replies 0 retweets 0 likes - 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.