hngopher.com

       [HN Gopher] What Adrian Did Next - Part 2 - Sun Microsystems
       ___________________________________________________________________
        
       What Adrian Did Next - Part 2 - Sun Microsystems
        
       Author : wallflower
       Score  : 40 points
       Date   : 2024-01-21 13:21 UTC (9 hours ago)
        
 (HTM) web link (adrianco.medium.com)
 (TXT) w3m dump (adrianco.medium.com)
        
       | ChrisArchitect wrote:
       | (2022)
        
       | yjftsjthsd-h wrote:
       | > One day we were chatting in a group meeting and he said he was
       | working on a TPC-C benchmark that was spending too much time in
       | the SCSI disk driver, so he wrote a 10-line awk script running
       | against kernel memory to look at the SPARC machine code execution
       | path and find which branches were being predicted wrong, then
       | wrote another awk script to flip the branch prediction bits in
       | memory and it showed a significant speedup.
       | 
       | SPARC exposed read _and write_ access to branch prediction!? That
       | 's... fascinating. Here I thought branch prediction was always a
       | completely opaque thing that the CPU did internally and _maybe_
       | if you were lucky it might let the program be able to know that
       | it was happening after the fact. Hm... I wonder if it 's easier
       | to perform Spectre type attacks if you can just ask the CPU about
       | that kind of behavior? No need to do timing attacks if the CPU
       | will just tell you
        
         | Thorrez wrote:
         | I would assume you have to be root to do this branch predictor
         | stuff. If you're root, why do you need Spectre? If you're
         | attacking some trusted execution thing, then I assume you
         | wouldn't be able to do the branch predictor stuff.
        
           | hackmiester wrote:
           | Because you might be root in one VM or container, and you are
           | trying to access another VM or container.
        
         | gumby wrote:
         | IIRC you specified the likely path in assembly code, but not
         | all SPARCs had those opcodes. They were some sort of extention.
         | By default they had simple fixed prediction (branch would not
         | be taken, backwards branch would be taken etc).
         | 
         | Some of the pentium series also had settable branch prediction
         | bias flags.
        
       ___________________________________________________________________
       (page generated 2024-01-21 23:00 UTC)