Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre
From: Jon Masters
Date: Mon Jun 17 2019 - 16:36:00 EST
On 6/17/19 4:22 PM, Jon Masters wrote:
>> + For kernel code that has been identified where data pointers could
>> + potentially be influenced for Spectre attacks, new "nospec" accessor
>> + macros are used to prevent speculative loading of data.
>
> Maybe explain that nospec (speculative clamping) relies on the absence
> of value prediction in the masking (in current hardware). It may NOT
> always be a safe approach in future hardware, where Spectre-v1 attacks
> are likely to persist but hardware may speculate about the mask value.
Something like the Arm CSDB barrier would seem to be potentially useful
for $FUTURE_X86 as a fence with lighter-weight semantics than an *fence.
Jon.
--
Computer Architect | Sent with my Fedora powered laptop