推測執行(亦作預測執行、投機性執行,英語:Speculative execution)是最佳化技術的一類,採用這個技術的電腦系統會根據現有資訊,利用空轉時間提前執行一些將來可能用得上,也可能用不上的指令。
For ex., 假設某程式的結構如下:
- 從網路上下載一個資料A(耗時30秒)。
- 如果下載A成功,則直接給出A的答案。
- 如果下載A失敗,則計算算數B(耗時30秒),並給出這個答案。
Speculative Processor Vulnerability
There are four main variants of the exploits, as detailed by Google in their blogpost, that explain in detail the mechanisms:- Variant 1 bounds check bypass store (CVE-2017-5753) and bounds check bypass store (CVE-2018-3693)
- Variant 2 branch target injection (CVE-2017-5715)
- Variant 3 using speculative reads of inaccessible data (CVE-2017-5754)
- Subvariant 3a using speculative reads of inaccessible data (CVE-2018-3640)
- Variant 4 speculative bypassing of stores by younger loads despite the presence of a dependency (CVE-2018-3639)
Spectre Variant 4 (Speculative Store Bypass) aka CVE-2018-3639
The mitigating solution is to disable the "Memory Disambiguation" feature in the processor, either system-wide or selectively for single processes.Spectre and Meltdown explained: A comprehensive guide for professionals
Spectre and Meltdown individually represent classes of hardware vulnerabilities, each with a number of variants dependent on specific silicon-level functionality.While these are fundamentally hardware design flaws, attempts to remediate on a software level have seen some success.
What are Spectre and Meltdown?
- Spectre is a vulnerability allowing for arbitrary locations in the allocated memory of a program to be read.
- Meltdown is a vulnerability allowing a process to read all memory in a given system.
- speculative execution
- instruction pipelining
- out-of-order execution
What risks are associated with Spectre and Meltdown?
Spectre and Meltdown enable attackers to extract encryption keys and passwords from compromised systems.How do Spectre and Meltdown work?
A quick primer on modern processor design
The microarchitecture of modern processors designed in performance improvement focus largely on parallelism.Two independent optimization techniques of modern processors, used in conjunction, are key to understanding how Spectre and Meltdown are hardware-level vulnerabilities.