3 Oct
2019
3 Oct
'19
8:52 a.m.
-----Original Message-----
From: cctalk <cctalk-bounces at classiccmp.org> On Behalf Of Paul Koning via
cctalk
Sent: 03 October 2019 16:28
To: Stefan Skoglund <stefan.skoglund at agj.net>
Cc: General Discussion: On-Topic and Off-Topic Posts
<cctalk at
classiccmp.org>
Subject: Re: VAX + Spectre
Whilst , of course, nothing has been done for VAX VSI have checked to see
if OpenVMS in Alpha, Itanium or AMD64 are susceptible...
http://vmssoftware.com/pdfs/news/Customer_Letter_2018_Meltdown_Spectre.pdf
Dave
On Oct 3, 2019, at 10:55 AM, Stefan Skoglund
<stefan.skoglund at agj.net>
wrote:
tor 2019-10-03 klockan 09:45 -0400 skrev Paul Koning via cctalk:
Can the speculative pre-fetch of instruction trigger cache fills ?
I don't know, but that isn't relevant to the Spectre issue. That one need
speculative data loads, visible via a timing channel to user mode code.
paul On Oct 3,
2019, at 8:25 AM, Maciej W. Rozycki <macro at linux-mips.org
> wrote:
On Thu, 3 Oct 2019, Maciej W. Rozycki wrote:
>> You need an extremely high resolution timer to detect slight
>> differences in execution time of speculatively-executed threads.
>> The VAX
>> 11/780 certainly did
>> not do speculative execution, and my guess is that all VAXen did
>> not, either.
>
> The NVAX and NVAX+ implementations include a branch predictor in
> their microarchitecture[1], so obviously they do execute
> speculatively.
For the record: in NVAX prediction does not extend beyond the
instruction fetch unit (I-box in VAX-speak), so there's actually no
speculative execution, but only speculative prefetch.
That's a key point. These vulnerabilities are quite complex and
details matter. They depend on speculation that goes far enough to
make data references that produce cache fills, and that those fills
persist after the speculative references have been voided.
Branch prediction is only the first step, and as you point out, that
alone is nowhere near enough. For example, if a particular design
did speculative execution but not speculative memory references on
adresses that miss in the cache, you'd still have no issue.