3 Oct
2019
3 Oct
'19
7:55 a.m.
tor 2019-10-03 klockan 09:45 -0400 skrev Paul Koning via cctalk:
Can the speculative pre-fetch of instruction trigger cache fills ?
On Oct 3,
2019, at 8:25 AM, Maciej W. Rozycki <macro at linux-mips.org
For the record: in NVAX prediction does not extend beyond the
instruction
fetch unit (I-box in VAX-speak), so there's actually no
speculative
execution, but only speculative prefetch.
That's a key point. These vulnerabilities are quite complex and
details matter. They depend on speculation that goes far enough to
make data references that produce cache fills, and that those fills
persist after the speculative references have been voided.
Branch prediction is only the first step, and as you point out, that
alone is nowhere near enough. For example, if a particular design
did speculative execution but not speculative memory references on
adresses that miss in the cache, you'd still have no issue.
wrote:
On Thu, 3 Oct 2019, Maciej W. Rozycki wrote:
You need
an extremely high resolution timer to detect slight
differences in
execution time of speculatively-executed threads. The VAX
11/780 certainly did
not do speculative execution, and my guess is that all VAXen
did not, either.
The NVAX and NVAX+ implementations include a branch predictor in
their
microarchitecture[1], so obviously they do execute speculatively.