[Cryptography] Spectre -- would an L0 for speculation-only help?

[Nico Williams]

Suppose speculative execution never evicted cache lines in any cache,
except a special, _small_ (say, 8 cache lines) cache only used during
speculation.  Call this cache L0.

When a speculated thread is committed then all the cache lines in L0
loaded during speculation are moved to L1, resulting in evictions only
at commit time.

That is, speculative execution would have an L0 in its cache hierarchy,
while non-speculative execution would not.

L0/L1 would not be inclusive; L0 would never be loaded from L1.

L2/L3 misses might have to stop speculative execution if the cache
hierarchy is inclusive, but not otherwise.  I suspect that in order to
perform well L1 misses would have to not stop speculation in any case.

L0 would have to be teeny tiny -- it cannot cost too much die area.  But
it wouldn't have to be very large at all to have the desired effect of
allowing performant speculative execution with no side-effects on L1 for
abandoned speculation.

Is this crazy?  Workable?  If so, would there still be timing side-
channel attacks on speculative execution left unadressed?  Perhaps there
might be timing leaks via cache coherency effects?

Nico
--