181539 – Reserve a fast TLS key for GC TLC

Bug 181539 - Reserve a fast TLS key for GC TLC

Summary: Reserve a fast TLS key for GC TLC

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Template Framework (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-01-11 09:37 PST by Filip Pizlo
Modified:	2018-01-11 10:00 PST (History)
CC List:	6 users (show)

See Also:

Attachments
the patch (1.74 KB, patch) 2018-01-11 09:48 PST, Filip Pizlo	ap: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2018-01-11 09:37:39 PST

Who knew that thread-local caches would be an essential mitigation for timing attacks.  But here's how it works: if we have TLCs then we can "context switch" them when we "context switch" origins.  This allows us to put some minimal distance between objects from different origins, which gives us the ability to allow small overflows when doing certain bounds checks without creating a useful Spectre information leak.

Comment 1 Filip Pizlo 2018-01-11 09:48:31 PST

Created attachment 331061 [details]
the patch

Comment 2 Filip Pizlo 2018-01-11 09:59:26 PST

Landed in http://trac.webkit.org/changeset/226784/webkit

Comment 3 Radar WebKit Bug Importer 2018-01-11 10:00:18 PST

<rdar://problem/36441606>