[Cryptography] Speculation considered harmful?
Benjamin Kreuter
brk7bx at virginia.edu
Tue Jan 9 07:56:02 EST 2018
On Sat, 2018-01-06 at 18:41 -0500, Jerry Leichter wrote:
> > Eh. In the context of Spectre, the CPU knows which cachelines it
> > loaded in a speculative fetch. It should simply mark them invalid
> > when unrolling the speculation.
>
> John Levine already pointed out the root of the problem - and the
> right solution: Speculated code must run *in exactly the same way as
> non-speculated code*. In particular, a speculated path needs to stop
> immediately if it attempts a forbidden memory access. There's
> absolutely no point in continuing down this path, as it can't
> possibly be committed in any case: It will terminate at this point
> with a memory access exception.
AFAIUI that does not deal with all variants of the attack i.e. it
solves the Meltdown problem but not the Spectre problems. Meltdown is
much easier to exploit and needs immediate attention, but the long-term
solutions should deal with Spectre as well.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180109/ce22f3bb/attachment.sig>
More information about the cryptography
mailing list