[Cryptography] Speculation considered harmful?
Howard Chu
hyc at symas.com
Sat Jan 6 10:51:30 EST 2018
Will Yager wrote:
>
>
> On Sat, Jan 6, 2018 at 12:49 AM, Howard Chu <hyc at symas.com
> <mailto:hyc at symas.com>> wrote:
>> Eh. In the context of Spectre, the CPU knows which cachelines it loaded in
>> a speculative fetch. It should simply mark them invalid
> I do not believe this solves the issue. You aren’t actually reading the
> contents of the the cache that was loaded during speculative execution; you
> are using cache behavior as an oracle into whatever happened during
> speculative execution. A cache line getting marked as invalid is entirely
> sufficient to leak information from the speculative phase.
No. For the Spectre attack to work the cache has to already be in a known
state beforehand. The attack code always does a clflush on the target address
to initialize it, which leaves it invalid. Explicitly marking the cacheline as
invalid after the cancelled speculative fetch would just restore it to its
initial state and the attacker will get no information, every reference will
always cause a memory fetch.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list