
ARM Whitepaper: Cache Speculation Side-Channels - twotwotwo
https://developer.arm.com/support/security-update/download-the-whitepaper
======
twotwotwo
It looks like they're saying, for the bounds check stuff, it is normally
enough to add a conditional move or register-selection instruction in the
right place, that even their out-of-order chips won't speculate past it. And
they defined a new barrier instruction, CSDB, that very narrowly promises
_just_ that a speculatively read value can't influence what data is cached
later. It's unclear to me if that's supposed to be coming only in future
designs, in microcode updates for existing designs, or what.

(They don't seem to explicitly promise data couldn't be leaked from the
speculative execution other ways--in branch predictor state or something--
though you have to imagine the idea is to avoid any leak.)

