[Cryptography] Spectre -- would an L0 for speculation-only help?
Nico Williams
nico at cryptonector.com
Fri Jan 12 13:10:05 EST 2018
On Fri, Jan 12, 2018 at 08:48:53AM -0800, Henry Baker wrote:
> At 11:20 AM 1/11/2018, Nico Williams wrote:
> > [...]
> >
> > Is this crazy?
> >
> > Workable?
>
> IMHO the major problem is that your scheme handles only *one level* of
> speculation.
It wouldn't handle a speculation tree, indeed.
More than that, someone pointed out off-list that a CPU does not commit
to a thread of speculation, but to individual branches. That's not
fatal, but it would require tagging L0 cache entries with the IP of the
instruction that first loaded them, and perhaps additional state to deal
with subsequent stores to the same line. And it would require flushing
L0 at the start of speculation (i.e., often), though I was assuming that
would be necessary anyways.
> It's essentially impossible to organize the conditionals in such a way
> to avoid exponential explosion of speculation.
Yes.
Thanks,
Nico
--
More information about the cryptography
mailing list