Spectre; Meltdown
Early Popular Disclosure
Official Reports:
Project Zero from Google
Two Acedemic Papers:
Spectre Attacks: Exploiting Speculative Execution (Graz);
Meltdown (Evanston) Intel specific
Intel Analysis of Speculative
Execution Side Channels
I find Intel’s exploit descriptions easiest to understand.
Peter Bright’s descriptions are first class.
Paul Kocher’s talk too
My Meltdown notes;
Another nexus (Good FAQ)
Proposed fixes
Google: Retpoline: a software construct for preventing branch-target-injection8j09kk7l
My Narrow Spectre Fix
Another more general?
Miscellaneous Pointers
(Things I had to look up to understand the exploits)
BPF JIT ⬅︎
WP
eBPF JIT
KVM
SMAP, SMEP
TSX
Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory ⬅︎ Flush+Reload
Notes from the Intelpocalypse
Regarding “prefetcher” I quote from Intel® 64 and IA-32 Architectures Optimization Reference Manual
- Data cache unit (DCU) prefetcher. This prefetcher, also known as the streaming prefetcher, is triggered by an ascending access to very recently loaded data.
The processor assumes that this access is part of a streaming algorithm and automatically fetches the next line.
- Instruction pointer (IP)-based stride prefetcher. This prefetcher keeps track of individual load instructions.
If a load instruction is detected to have a regular stride, then a prefetch is sent to the next address which is the sum of the current address and the stride.
This prefetcher can prefetch forward or backward and can detect strides of up to 2K bytes.
Ameliorations
xkcd
Turmoil
Do we still know how to write code?
My summary
Obituary for Moore’s Law
Late January Intel Announcement