[Cryptography] Speculation re Intel HW cockup; reqs. OS rewrites & slow execution
jamesd at echeque.com
jamesd at echeque.com
Thu Jan 4 16:32:22 EST 2018
On 1/5/2018 4:17 AM, Benjamin Kreuter wrote:
> It is going to be a while
> before new architectural patterns are developed that properly separate
> speculative instructions, and it will almost certainly come at a cost.
The problem is speculative instructions leaking memory between privilege
levels. There is no intrinsic hardware or efficiency reason why this
has to happen.
There is an efficiency reason why we need speculative execution - there
is no efficiency reason why we cannot do a satisfactory job of unwinding
the speculation when it turns out to be in error.
It is a bug in speculative execution. The fix is not to abandon
speculative execution, but to do it right, and chances are that doing it
right is going to be faster and more efficient, not slower and less
efficient.
Not using speculative execution, because it is broken, is a huge
efficiency hit, slows things down a lot.
Not breaking speculative execution is unlikely to slow stuff down, and
is likely to speed stuff up.
More information about the cryptography
mailing list