Speculative attacks are still an active threat today that, even if initially focused on the x86 platform, reach across all modern hardware architectures. RISC-V is a newly proposed open instruction set architecture that has seen traction from both the industry and academia in recent years. In this paper we focus on the RISC-V cores where speculation is enabled and, as we show, where Spectre attacks are as effective as on x86. Even though RISC-V hardware mitigations were proposed in the past, they have not yet passed the prototype phase. Instead, we propose low-overhead software mitigations for Spectre-BTI, inspired from those used on the x86 architecture, and for Spectre-RSB, to our knowledge the first such mitigation to be proposed. We show that these mitigations work in practice and that they can be integrated in the LLVM toolchain. For transparency and reproducibility, all our programs and data are made publicly available online.
翻译:投机性攻击仍然是当今一种积极的威胁,即使最初侧重于x86平台,但波及所有现代硬件结构。RISC-V是一个新提议的开放指令集结构,近年来从行业和学术界都可以看到牵引力。本文我们侧重于RISC-V核心,其中投机活动得以启动,而且正如我们所显示的那样,光谱攻击与x86一样有效。即使过去曾提出过RISC-V硬件减缓措施,但它们尚未通过原型阶段。相反,我们建议从X86结构中所使用的软件和Spectre-RSB中为SB提供低管理软件缓解措施,以使我们了解第一个此类缓解措施。我们表明,这些缓解措施在实际中有效,并且可以纳入LLLVM工具链中。为了透明度和可复制性,我们的所有方案和数据都在网上公布。