You have to read it with the Redneck attitude. The report describes how the thieves can exploit a conditional branch to read the memory space of some other application.
I read is as an instruction manual for designing the pipeline kernel context. Making sure all protocols conditionally brnch insidethe contiguous code, and exit of one protocol directly goes to the next protocol without branch. Then, the fix, all 4000 cycles of it, we don;t care, because pipeline control will take up more kernel space as needed, we are a closed, known code.
Indirect control [ of pipeline] is accomplished via software constructs that limit or constrain speculation.Your are kidding me? This is a software feature in a spectre compatible compiler that create instruction cache protocols that are notary checked. I pay money for this bug fix, it opens the world to the singularity.
As discussed earlier, the branch target injection (Spectre variant 2) exploit relies on influencing the speculated targets of indirect branches. Indirect JMP and CALL instructions consult the indirect branch predictor to direct speculative execution to the most likely target of the branch.
Thank you very much, we figured this out almost instantly. Our compiler feature proves there are no indirect jumps, all of them can be immediate, relative. We can work with jmp 4, relative or jmp N relative, N proven to be bound in the compiler. Our kernel calls are jmp abs, to some small address near zero. The more restrictive the bug fix, the safer our protocols, it is opposite day for us because the bug fixes are finding the shortest paths through the assembly code.
Our compiler feature can guarantee us finite and bound memory access to within the protocol space. We got thi nailed, it simply becomes the pipeline control context, a special kernel context.
Intel can run the branch predictor as is, don't bother us. If Intel fixes anything in the microcode, give us a kernel only accessible key. It is only available for use within the pipeline context so the software can guarantee is is not observed. Also, a hardware, high priority, pipeline control, kernel mode, all to ourselves?
It is a bug because the good code cannot outrun the bad code. It is a feature to us because the notaries can insure no protocol branch outruns the notary. Then the notaries agree that each pipeline be a standard custodial wallet, under escrow control. I could spend a few weeks and set up pipeline control context using c preprocessor. I won't, the high school already done it.
Look, all our identities are already available to the dark pools and fiat tumbling is the order of the day. Buy Intel, they know what they do. . So, I see no secrets revealed by this 'bug', just a description of the future.
No comments:
Post a Comment