Re: Another security vulnerability

EricP wrote:

MitchAlsup1 wrote:

I am resurrecting this thread to talk about a different cache that may or may not be vulnerable to Spectré like attacks.
 Consider an attack strategy that measures whether a disk sector/block
is in (or not in) the OS disk cache. {Very similar to attacks that
figure out if a cache line is in the Data Cache (or not).}
 Any ideas ??

It won't be vulnerable to a direct speculation attack because
the cpu does not trigger page faults on mispredicted paths.

Effectively, the CPU puts the PAGEFAULT into the execution pipeline
and only takes the exception if it reaches the retire point without
getting flushed by a mispredict repair.

So you can't use the presence in a file cache to probe code paths
or data values to leak secrets.

Also the 4kB resolution would be problematic to correlate back to
particular branches taken and infer secret values.

That just slows down the rate of (BW) of the inference, and does
nothing
about closing any existing hole.