Re: Spectre

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> <insert caveat about possibly me misunderstanding things>

I'd suggest reading the papers describing spectre and meltdown.  They
are fairly readable - I would expect anyone working on the NetBSD
kernel to be competent to understand them - and they describe the
vulnerabilities, and how the authors exploited them, in reasonable
detail.

Unfortunately, they appear to be exported only on the Web, and even
then only over HTTPS.  I can send copies privately to anyone for whom
those are obstacles (probably not very many, but they were for me).
https://spectreattack.com/ and https://meltdownattack.com/ are the URLs
I've found, though (as implied above) I haven't actually verified them
myself.

> Spectre is also a vulnerability.

> - Even speculative execution obeys access restrictions,

In some respects.  Meltdown is possible because Intel spec ex does not
obey access restrictions in one particular respect; I don't know what
aspects may not be obeyed by what CPUs except for that.

> - Variant 1 seems possible to avoid with low cost. It will likely
>   result in an error somewhere along the line, which is detectable.

Sometimes.

Doing the operation inside a transaction apparently will suppress the
memory fault in at least some cases.

Executing the whole thing under spec ex of a mispredicted branch
definitely will annul the trap, but, from reading the papers, it
appears they haven't tested it, so it's speculation (hah), albeit
reasonable speculation, that it would be exploitable that way.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B