Displaying 4 results from an estimated 4 matches for "spectreattack".
2018 Jan 26
1
RFC: Using link-time optimization to eliminate retpolines
...ress space, and it does not
matter what resides at the gadget address in the attacker’s
address space; all that is required is that the branch used
for training branches to use the same destination virtual
address."
[1] Kocher et.al.: Spectre Attacks: Exploiting Speculative Execution
https://spectreattack.com/spectre.pdf
Best Regards,
Paul
> E.g. if the code looks like this, then a branch funnel basically turns
> into a standard type 1 pattern AFAICT:
>
> struct Base {
> virtual int f(long) = 0;
> };
>
> struct A : Base {
> int f(long x) override {
> ...
2018 Jan 26
0
RFC: Using link-time optimization to eliminate retpolines
...oks like this, then a branch funnel basically turns into
a standard type 1 pattern AFAICT:
struct Base {
virtual int f(long) = 0;
};
struct A : Base {
int f(long x) override {
return 0;
};
};
struct B : Base {
int f(long x) override {
// As in listing 1 in https://spectreattack.com/spectre.pdf
return array2[array1[x] * 256];
}
};
-- Sean Silva
On Tue, Jan 23, 2018 at 4:44 PM, Peter Collingbourne via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
> The proposed mitigation for variant 2 of CVE-2017-5715, “branch target
> injection”, is to send all...
2018 Jan 24
3
RFC: Using link-time optimization to eliminate retpolines
The proposed mitigation for variant 2 of CVE-2017-5715, “branch target
injection”, is to send all indirect branches through an instruction
sequence known as a retpoline. Because the purpose of a retpoline is to
prevent attacker-controlled speculation, we also end up losing the benefits
of benign speculation, which can lead to a measurable loss of performance.
We can regain some of those benefits
2018 Mar 23
5
RFC: Speculative Load Hardening (a Spectre variant #1 mitigation)
...(a.k.a. Spectre Variant #2): Branch target injection
* GPZ Variant #3 (a.k.a. Meltdown): Rogue data cache load
For more details, see the Google Project Zero blog post and the Spectre
research
paper:
*
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
* https://spectreattack.com/spectre.pdf
The core problem of GPZ Variant #1 is that speculative execution uses branch
prediction to select the path of instructions speculatively executed. This
path
is speculatively executed with the available data, and may load from memory
and
leak the loaded values through various side c...