Displaying 3 results from an estimated 3 matches for "someothercode".
2018 Jan 26
1
RFC: Using link-time optimization to eliminate retpolines
...lative) win.
Hand-Wavy Example:
struct Base {
virtual int f(long) = 0;
};
struct A : Base {
int f(long x) override {
return 0;
};
};
struct B : Base {
int f(long x) override {
return 1;
};
};
static int aCompletelyUnrelatedFunction() {
someOtherCode();
Gadget:
int z = array2[array1[somethingInTheSameRegisterAsX] * 256];
return z;
}
Here the attacker could train the predictor to continue execution at
"Gadget".
To quote from [1]
"To mistrain the BTB, the attacker finds the virtual ad-
dress of the gadget in the vict...
2018 Jan 26
0
RFC: Using link-time optimization to eliminate retpolines
Wouldn't a branch funnel open the door to a type 1 attack?
E.g. if the code looks like this, then a branch funnel basically turns into
a standard type 1 pattern AFAICT:
struct Base {
virtual int f(long) = 0;
};
struct A : Base {
int f(long x) override {
return 0;
};
};
struct B : Base {
int f(long x) override {
// As in listing 1 in
2018 Jan 24
3
RFC: Using link-time optimization to eliminate retpolines
The proposed mitigation for variant 2 of CVE-2017-5715, “branch target
injection”, is to send all indirect branches through an instruction
sequence known as a retpoline. Because the purpose of a retpoline is to
prevent attacker-controlled speculation, we also end up losing the benefits
of benign speculation, which can lead to a measurable loss of performance.
We can regain some of those benefits