VAX + Spectre
Paul Koning
paulkoning at comcast.net
Thu Oct 3 10:28:09 CDT 2019
> On Oct 3, 2019, at 10:55 AM, Stefan Skoglund <stefan.skoglund at agj.net> wrote:
>
> tor 2019-10-03 klockan 09:45 -0400 skrev Paul Koning via cctalk:
>>> On Oct 3, 2019, at 8:25 AM, Maciej W. Rozycki <macro at linux-mips.org
>>>> wrote:
>>>
>>> On Thu, 3 Oct 2019, Maciej W. Rozycki wrote:
>>>
>>>>> You need an extremely high resolution timer to detect slight
>>>>> differences in
>>>>> execution time of speculatively-executed threads. The VAX
>>>>> 11/780 certainly did
>>>>> not do speculative execution, and my guess is that all VAXen
>>>>> did not, either.
>>>>
>>>> The NVAX and NVAX+ implementations include a branch predictor in
>>>> their
>>>> microarchitecture[1], so obviously they do execute speculatively.
>>>
>>> For the record: in NVAX prediction does not extend beyond the
>>> instruction
>>> fetch unit (I-box in VAX-speak), so there's actually no
>>> speculative
>>> execution, but only speculative prefetch.
>>
>> That's a key point. These vulnerabilities are quite complex and
>> details matter. They depend on speculation that goes far enough to
>> make data references that produce cache fills, and that those fills
>> persist after the speculative references have been voided.
>>
>> Branch prediction is only the first step, and as you point out, that
>> alone is nowhere near enough. For example, if a particular design
>> did speculative execution but not speculative memory references on
>> adresses that miss in the cache, you'd still have no issue.
>>
>
> Can the speculative pre-fetch of instruction trigger cache fills ?
I don't know, but that isn't relevant to the Spectre issue. That one need speculative data loads, visible via a timing channel to user mode code.
paul
More information about the cctalk
mailing list