Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws




On Fri, Jan 5, 2018 at 12:42 PM, Marc Auslander <marcslists@xxxxxxxxx> wrote:
> Nicholas Geovanis <nickgeovanis@xxxxxxxxx> writes:
>
>>On Fri, Jan 5, 2018 at 6:55 AM,  <tomas@xxxxxxxxxx> wrote:
>>> (mainframes of that time had at least VM, possibly
>>> speculative prefetch).
>>
>>Is it correct to call branch prediction the same as speculative execution?
>>If so, then "yes" they had it, but I don't honestly know if that's correct.
>>Pipeline rewinding was necessary on prediction failure, etc, similarly.
>>
> Branch predition can serve (at leasst) two purposes.  The first is to start
> fetching the target instruction data from memory.  AFAIK this cannot be used for the
> attacks in question.

Right. It is just 2 old mainframe system admins reminiscing.....

> The second is in conjunction with spectulation. Specultation means
> starting to execute an instruction sequence which may not in fact really
> be executed.  The processor is able to roll back all the (architected)
> effects of the computation if it turns out not to be needed.

So if I remember right the S/390 had a 7-stage pipeline, meaning that
at all times at least
seven machine instructions were partially interpreted. Part of
interpretation was the
microcode predicting which path of two off of each branch statement
should be taken, and
it would sample registers and the instruction text to make that guess.
When the guess was
wrong the pipeline would usually have to be cleared and reseeded, a
performance hit. But
branch prediction was a net performance gain for applications.

Wikipedia says that "speculative execution" means "branch prediction
in pipelined processors, value prediction for exploiting
value locality, prefetching memory and files, and optimistic
concurrency control in database systems."