On 05/02/18 11:50 AM, D. Hugh Redelmeier via talk wrote:
| From: David Collier-Brown via talk <[email protected]>
| There's also a race condition: the 6130 and DPS8m processors checked the
| permissions of the fetch before they fetched to the (then small) cache.
[These are Honeywell mainframe computers.]
Spectre V2 is about subverting branch target prediction. Something
quite different.
BUT this subversion only matters because speculation of memory fetches
leaves a trace. So what you mention is relevant, indirectly.
Checking permissions can be quite expensive: going through multi-level
page tables can involve several memory fetches (which you'd like to
speculate past).
Obvious cure: keep permissions in each cache line. The trouble is
that permissions can be bulky, forcing a reduction in the effective
size of the cache. AMD may have done more of this than Intel
<https://www.amd.com/en/corporate/speculative-execution>
That was the reason I earlier mentioned the (vague!) Oracle/Fujitsu
SPARC scheme for marking cache lines in different colors. It was
suspiciously correlated with the covert channel that the Spectre attacks
were using.
GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not
applicable to AMD processors.
We believe AMD processors are not susceptible due to our
use of privilege level protections within paging architecture
and no mitigation is required.
Intel seems to have added PCID to each cache line. It is too small to
encode a process number but you could assign a PCID number to each
active process/thread and when you run out, do hard work. It would be
kind of analogous to the way we allocate page frames (real memory) to
pages of processes (virtual memory).
Linux did not use PCID but it seems that Spectre and Meltdown are
stimulating interest in it.
| Simulating the same thing in the Multics emulator took some extra work but
| it was implemented well before the spectre attacks showed up.
I assume that we're not talking about a cycle-accurate emulator nor an
emulator done in hardware.
How would it be extra work in an emulator? An emulator doesn't
normally do speculative execution. For normal path execution, of
course you must emulate the permissions model of the hardware.
Yes. The emulator authors noted that emulating the permissions on a
fetch were surprisingly complex, in part because the hardware they were
emulating was designed in the middle of the period when covert channels
were a major concern and had the mandatory-access-control people
scratching their heads over ways to avoid them.
--dave
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
[email protected] | -- Mark Twain
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk
