X86 dispatch contention vulnerability
jim bell
jdb10987 at yahoo.com
Wed Nov 14 09:38:52 PST 2018
Sounds like a valid issue!
Jim Bell
On Wednesday, November 14, 2018, 9:36:06 AM PST, Ryan Carboni <ryacko at gmail.com> wrote:
While many x86 implementation vulnerabilities in the past involve either electromagnetic emissions or cache timing attacks, I have not read anything about instruction dispatch contention. According to anger fog’s research, Intel’s implementation of the x86 instruction set does not dispatch more than three of a single instruction, and it has been so for a long time. Irregardless of their design decisions for instruction dispatch, this provides a side channel in which two cooperating processes operating on the same core can conduct half-duplex communication at the rate of 2 bits per cycle by one process attempting to compete with another process for the same capacity for dispatches over a single instruction (0, 1, 2, 3). While I do not have the resources to know how x86 processors handles dispatch contention issues, if it is handled in a regular and non-random manner, it would reach that theoretical level of severity.
This violates certain access controls assumed to be imposed by the kernel.
I suppose I can’t collect my quarter million dollar prize if I publish this to the world?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2026 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20181114/823a3388/attachment.txt>
More information about the cypherpunks
mailing list