Separate privileges, separate caches

Posted Jan 4, 2018 11:28 UTC (Thu) by excors (subscriber, #95769)
In reply to: Separate privileges, separate caches by epa
Parent article: Notes from the Intelpocalypse

These attacks are using the cache as a side channel to leak data from the speculatively-executed instructions to the non-speculative world, but I don't think that's the only possible side channel. E.g. maybe you could use a variable-speed instruction like division ("1 / (v & 1)" etc) and use another hyperthread to measure how long the execution unit is busy for. Or maybe you could use a constant-speed expensive SIMD instruction where certain input values cause lots of transistors to flip between 0s and 1s repeatedly, generating more heat, so you run it in a loop then measure the temperature of the CPU core. (Maybe that one is less plausible). The cache is completely irrelevant in those cases, so you can't fix it by changing the cache design.

Separate privileges, separate caches

Posted Jan 4, 2018 16:06 UTC (Thu) by epa (subscriber, #39769) [Link] (1 responses)

Wasn't there already a known information leak with hyperthreading, leading the OpenBSD developers to recommend that you disable it?

Perhaps the cache is not the only thing that lets you snoop but it is certainly a major one.

Separate privileges, separate caches

Posted Jan 4, 2018 21:45 UTC (Thu) by emaste (guest, #121005) [Link]

You may be thinking of the hyperthreading cache side-channel reported by Colin Percival, with a mitigation first in FreeBSD back in 2005. Those details are at http://www.daemonology.net/hyperthreading-considered-harm..., and the paper is at http://www.daemonology.net/papers/htt.pdf.