Summary: | Spectre bound check mitigation efficiency | ||
---|---|---|---|
Product: | WebKit | Reporter: | dougc <dtc-llvm> |
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED WONTFIX | ||
Severity: | Normal | CC: | fpizlo |
Priority: | P2 | ||
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
dougc
2018-01-09 15:12:34 PST
This doesn’t completely fix Spectre since the CPU will sometimes verify the branch after the leaking load. There is nothing in your code snippet that prevents this. So, although this probably performs great, it’s too risky since it still leaves Spectre as a theoretical possibility. > This doesn’t completely fix Spectre since the CPU will sometimes verify the branch after the leaking load. There is nothing in your code snippet that prevents this.
Yes that is a possibility, but to me an unknown. Did you get some confirmation from Intel etc on this, or is it just that this in an unknown?
If it has to be masking, or other data flow strategies to limit the index, then so be it, but just wanted to be sure.
|