VAX + Spectre
Stefan Skoglund
stefan.skoglund at agj.net
Thu Oct 3 09:55:52 CDT 2019
tor 2019-10-03 klockan 09:45 -0400 skrev Paul Koning via cctalk:
> > On Oct 3, 2019, at 8:25 AM, Maciej W. Rozycki <macro at linux-mips.org
> > > wrote:
> >
> > On Thu, 3 Oct 2019, Maciej W. Rozycki wrote:
> >
> > > > You need an extremely high resolution timer to detect slight
> > > > differences in
> > > > execution time of speculatively-executed threads. The VAX
> > > > 11/780 certainly did
> > > > not do speculative execution, and my guess is that all VAXen
> > > > did not, either.
> > >
> > > The NVAX and NVAX+ implementations include a branch predictor in
> > > their
> > > microarchitecture[1], so obviously they do execute speculatively.
> >
> > For the record: in NVAX prediction does not extend beyond the
> > instruction
> > fetch unit (I-box in VAX-speak), so there's actually no
> > speculative
> > execution, but only speculative prefetch.
>
> That's a key point. These vulnerabilities are quite complex and
> details matter. They depend on speculation that goes far enough to
> make data references that produce cache fills, and that those fills
> persist after the speculative references have been voided.
>
> Branch prediction is only the first step, and as you point out, that
> alone is nowhere near enough. For example, if a particular design
> did speculative execution but not speculative memory references on
> adresses that miss in the cache, you'd still have no issue.
>
Can the speculative pre-fetch of instruction trigger cache fills ?
More information about the cctalk
mailing list