Re: Spectre

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: Spectre
From: maya%netbsd.org@localhost
Date: Thu, 18 Jan 2018 03:40:08 +0000

It's a lot less obvious from a CPU designer perspective. One will make
the speculative bits, declare 'all the actions I do are rolled back, so
this is perfectly safe!' and someone else making the cache doesn't
realize that the reads were speculative and their effects should have
been rolled back.

People were talking about timing attacks for a while, but somehow it
hadn't clicked that:
  array[*malicious_address & 1]

Actually leaks (via timing) the content of the first bit of
malicious_address.

Or maybe it's just hadn't for me.

References:
- Spectre
  - From: coypu
- Re: Spectre
  - From: Mouse
- Re: Spectre
  - From: Paul.Koning
- Re: Spectre
  - From: Mouse

Prev by Date: Re: Spectre
Next by Date: Re: /dev/ksyms permissions
Previous by Thread: Re: Spectre
Next by Thread: Re: Spectre
Indexes:

Home | Main Index | Thread Index | Old Index