Well you know, I always thought accurate rollback was one of the hardest things about speculative execution. But just like other hazards, OF COURSE the CPU vendors have a deep understanding of them and a bag of tricks I have never heard of to avoid them. I am still incredulous about that screwup. It is such an obvious problem.
Hey, maybe memory traffic sidebands for speculative execution are next. You can undo cache data changes, you cannot undo the slowing down of simultaneous other memory traffic. And who knows, maybe everyone was like "we cannot prevent all measurable side effects, so screw it #YOLO". And nobody can admit that due to liability issues. That seems quite likely to me because it doesn't involve hundreds of very smart experts missing an obvious problem.
I love how all of a sudden the problem is obvious - so obvious it's existed for a decade with no known exploit, while speeding up processors considerably.
Intel should have hired all these really smart people on Reddit and HN. Imagine how much safer and faster our processors would be!
It's a screw up in the most complicated devices humanity has ever designed. It's borderline magic that they even exist, let alone the political stability required for 50 years of constant gains in processing power per dollar.
But nevermind that, they're a bunch of "LOL #YOLO" about security types, we should sue them because your data center power went up and now our dumbass 'world changing app' to look at random kittens as a subscription service is no longer profitable!
I think humanity doesn't deserve scientists and engineers.
You don't have to rollback for meltdown. The read can be masked to zero. There is already logic to do things like cancel page walks, so this isn't a very big fix.
I think specter should be fixed in software with some assistance from hardware, but overall with ooo, a process shouldn't expect privacy against itself.
AFAIU the Spectre software "fixes" are either extremely expensive, or still exploitable, or both. I think you're correct about OOO, and there goes the security of all current HTML/JS engines.
> Spectre software "fixes" are either extremely expensive
They don't have to be done everywhere though. Just on js array accesses and the masking options seem better than the fencing option. It doesn't have to be done on every array access, and i many cases it probably isn't practically exploitable. We still don't have a working, real world exploit in js without assistance.
The speculation windows are in practice pretty small (10 instructions maybe), plus you have to find the memory you want to read, mistrain the branch predictor and flush the cpu cache between every read, etc... And do all this before that piece of memory you found moves or is overwritten.
> there goes the security of all current HTML/JS engines.
Pretty much. In places devs forget to protect against spectre there can be a possible exploit. Ooo causes similarly difficult to find issues with threading where the dev needs to think long and hard about how instructions hit the cpu, but we manage.
Hey, maybe memory traffic sidebands for speculative execution are next. You can undo cache data changes, you cannot undo the slowing down of simultaneous other memory traffic. And who knows, maybe everyone was like "we cannot prevent all measurable side effects, so screw it #YOLO". And nobody can admit that due to liability issues. That seems quite likely to me because it doesn't involve hundreds of very smart experts missing an obvious problem.