spectre

问题 When using WDK in VS2019, I get this build error: Error MSB8040: Spectre-mitigated libraries are required for this project There are a lot of items in VS2019 setup that contains "spectre". This https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk#wdk-for-windows-10-version-1903 says: For each architecture you intend to build drivers for, install the Spectre mitigated libraries thru Individual Components -> Compilers, build tools, and runtimes -> MSVC v142 - VS 2019 C+

问题 From the naming and this article I feel the answer is no, but I don't understand why. The bottleneck is how fast you can fetch data from memory. Whether you can fetch instruction at the same time doesn't seem to matter. Don't you still have to wait until the data arrive? Suppose fetching data takes 100 cpu cycles and executing instruction takes 1, the ability of doing that 1 cycle in advance doesn't seem to be a huge improvement. What am I missing here? Context: I came across this article

问题 I want to see how the spectre mitigation flag solved a problem to convince my team that we need to add this flag to our large code base for upcoming projects. I am searching for sample projects that have a spectre vulnerability and is resolved by adding a spectre mitigation flag introduced last week in Visual Studio 2017. Can some one please help me in putting across a POC to demo to my larger team as to how the recently added support from Microsoft in Visual Studio overcomes the problem?

问题 I am trying to understand when branch predictor entries are invalidated. Here are the experiments I have done: Code1: start_measure_branch_mispred() while(X times): if(something something): do_useless() endif endwhile end_measurement() store_difference() So, I am running this code a number of times. I can see that after the first run, the misprediction rates go lower. The branch predictor learns how to predict correctly. But, if I run this experiment again and again (i.e. by writing .

问题 I am trying to understand when branch predictor entries are invalidated. Here are the experiments I have done: Code1: start_measure_branch_mispred() while(X times): if(something something): do_useless() endif endwhile end_measurement() store_difference() So, I am running this code a number of times. I can see that after the first run, the misprediction rates go lower. The branch predictor learns how to predict correctly. But, if I run this experiment again and again (i.e. by writing .

问题 I am trying to understand when branch predictor entries are invalidated. Here are the experiments I have done: Code1: start_measure_branch_mispred() while(X times): if(something something): do_useless() endif endwhile end_measurement() store_difference() So, I am running this code a number of times. I can see that after the first run, the misprediction rates go lower. The branch predictor learns how to predict correctly. But, if I run this experiment again and again (i.e. by writing .

问题 I understand the part of the paper where they trick the CPU to speculatively load the part of the victim memory into the CPU cache. Part I do not understand is how they retrieve it from cache. 回答1: They don't retrieve it directly (out of bounds read bytes are not "retired" by the CPU and cannot be seen by the attacker in the attack). A vector of attack is to do the "retrieval" a bit at a time. After the CPU cache has been prepared (flushing the cache where it has to be), and has been "taught"

问题 Why did Meltdown and Spectre bugs go undiscovered for so long? Nearly 20 years these bugs have been present in the CPU's why wasn't this discovered sooner given the serious implications for all computers using these processors? 回答1: The answer is quite simple: modern CPUs have few billions transistors. For example, the latest Intel Skylake architecture has ~2 billion. Each transistor might have a state which influence the state of other transistors (i.e. those transistors are connected

问题 I have done some reading about Spectre v2 and obviously you get the non technical explanations. Peter Cordes has a more in-depth explanation but it doesn't fully address a few details. Note: I have never performed a Spectre v2 attack so I do not have hands on experience. I have only read up about about the theory. My understanding of Spectre v2 is that you make an indirect branch mispredict for instance if (input < data.size) . If the Indirect Target Array (which I'm not too sure of the

问题 I have done some reading about Spectre v2 and obviously you get the non technical explanations. Peter Cordes has a more in-depth explanation but it doesn't fully address a few details. Note: I have never performed a Spectre v2 attack so I do not have hands on experience. I have only read up about about the theory. My understanding of Spectre v2 is that you make an indirect branch mispredict for instance if (input < data.size) . If the Indirect Target Array (which I'm not too sure of the