Processors
Intel® Processors, Tools, and Utilities
14530 Discussions

Idea(s) on how to fix Meltdown at the Silicon Level

RAlde3
Beginner
‎01-06-2018 03:28 PM
1,260 Views

Hi,

I read the research paper on Meltdown, co-authored by a whole lot of very clever hardware engineers (Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg).

I'm not an expert on processor design, really I only know some basics, but I thought I'd throw in my 10 cents worth. Hopefully it will help to stimulate constructive discussion on how to prevent such exploits from being possible in future processor architectures.

The way I see things, Meltdown only succeeds because there are impressions left in the cache (covert channel), by transient Instructions (speculative instructions executed out of order but never committed), that are able to access protected memory, prior to checking if the memory is indeed protected. Various means of examining the cache such as Flush+Reload are then used to extract the protected data from the cache.

My suggestion, for what its worth, would be to add another bit to every byte (or whatever unit is used to hold data in the cache). This bit which I will call the Cache Commit Flag, could be used to indicate if the cache unit has been committed. The Cache Commit Flag would only be set once the out of order instruction that accessed the cache was committed. Any other instruction attempting to access the same memory location would be forced to reload the data into cache from main memory. An alternative approach would be put the instruction in a wait state to simulate the delay that would be incurred by accessing main memory.

Basically the cache location would only be accessible once the instruction that caused it to load was committed.

The Cache Commit Flag would obviously take up more silicon, and slow down cache access until committed. I also think it would probably need to propagate to higher level caches. Since Meltdown relies on covert side channels (a cache exploit) this could potentially stop it in its tracks. I'm not sure if this would stop Spectre as I haven't had time to read the research paper but I suspect it would.

So my question is this. Would this work? if not why not? or perhaps you have a better idea?

Thanks,

Robin, AKA GANGSTA

0 Kudos

Link Copied

1 Reply
idata
Employee
‎01-08-2018 02:56 PM
381 Views

Hi GANGSTA: Thank you very much for contacting the Intel® Processors communities. Thank you as well for providing that information.

 

 

Just to let you know, Intel really appreciates all the feedback and suggestions provided by the peers in our communities and we are sure those details will be very useful. Please keep checking the link below for possible updates on this matter:

 

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

 

 

Any further questions, please let me know.

 

 

Regards,

 

Alberto R

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.