[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] HT Vulnerability CAN-2005-0109

> > But the bandwidth for L2 cache channel using this technique will also be
> > lower than for the L1....
> This isn't immediately obvious. It depends on how effectively the
> transmitter can achieve "line resident in L2 but not in L1".

OK, I should have qualified that statement :-)  It's a fair cop...

The L2 bandwidth for this channel is lower on current Intel CPUs because you 
have the added complication of TLB misses whilst trying to exploit the covert 
channel.  This is a significant issue because the TLB on the P4 apparently 
can only map half of the address space the cache can hold...

On current P4s the associativity of the L2 is 8 way, rather than 4 way, which 
also reduces the efficiency of the miss-generating technique.

My original statement implicitly assumes that these factors will continue to 
be present as the chips evolve.  If Intel change the TLB size relative to the 
L2 cache, or the associativity of the L1 / L2 caches, then this situation 
could still change.

It's not entirely clear to me how much code for exploiting this channel was 
produced by Colin Percival vs. how much of his data is based on calculated 
estimates.  Does anyone know of a proof-of-concept exploit?


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.