Spectre; Meltdown

Early Popular Disclosure

Official Reports:
Project Zero from Google
Two Acedemic Papers:

  • Spectre Attacks: Exploiting Speculative Execution (Graz);
  • Meltdown (Evanston) Intel specific

    Intel Analysis of Speculative Execution Side Channels
    I find Intel’s exploit descriptions easiest to understand.
    Peter Bright’s descriptions are first class.
    Paul Kocher’s talk too
    My Meltdown notes; Another nexus (Good FAQ)

    Proposed fixes
    Google: Retpoline: a software construct for preventing branch-target-injection8j09kk7l
    My Narrow Spectre Fix

    Miscellaneous Pointers

    (Things I had to look up to understand the exploits)
    BPF JIT ⬅︎ WP
    eBPF JIT
    KVM
    SMAP, SMEP
    TSX
    Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory ⬅︎ Flush+Reload
    Notes from the Intelpocalypse

    Regarding “prefetcher” I quote from Intel® 64 and IA-32 Architectures Optimization Reference Manual

    Ameliorations

    xkcd


    Turmoil
    Do we still know how to write code?
    My summary
    Obituary for Moore’s Law
    Late January Intel Announcement