Deep Dive: CPUID Enumeration and Architectural MSRs
https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs
Deep Dive: Indirect Branch Restricted Speculation
https://software.intel.com/security-software-guidance/insights/deep-dive-indirect-branch-restricted-speculation
Deep Dive: Single Thread Indirect Branch Predictors
https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors
Deep Dive: Indirect Branch Predictor Barrier
https://software.intel.com/security-software-guidance/insights/deep-dive-indirect-branch-predictor-barrier
Deep Dive: Analyzing Potential Bounds Check Bypass Vulnerabilities
https://software.intel.com/security-software-guidance/insights/deep-dive-analyzing-potential-bounds-check-bypass-vulnerabilities
Spectre mitigations in MSVC | C++ Team Blog
https://devblogs.microsoft.com/cppblog/spectre-mitigations-in-msvc/
Mitigating Spectre variant 2 with Retpoline on Windows - Microsoft Tech Community - 295618
https://techcommunity.microsoft.com/t5/windows-kernel-internals/mitigating-spectre-variant-2-with-retpoline-on-windows/ba-p/295618
Deep Dive: Retpoline: A Branch Target Injection Mitigation
https://software.intel.com/security-software-guidance/insights/deep-dive-retpoline-branch-target-injection-mitigation
Meltdown (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
Kernel page-table isolation - Wikipedia
https://en.wikipedia.org/wiki/Kernel_page-table_isolation
KVA Shadow: Mitigating Meltdown on Windows - Microsoft Security Response Center
https://msrc-blog.microsoft.com/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/
Rogue System Register Read
https://software.intel.com/security-software-guidance/software-guidance/rogue-system-register-read
Speculative Store Bypass
https://software.intel.com/security-software-guidance/software-guidance/speculative-store-bypass
Analysis and mitigation of speculative store bypass (CVE-2018-3639) - Microsoft Security Response Center
https://msrc-blog.microsoft.com/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
Foreshadow (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Foreshadow_(security_vulnerability)
Deep Dive: Intel Analysis of L1 Terminal Fault | 01.org API
https://software.intel.com/security-software-guidance/api-app/insights/deep-dive-intel-analysis-l1-terminal-fault
Microarchitectural Data Sampling - Wikipedia
https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling
Deep Dive: Intel Analysis of Microarchitectural Data Sampling
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling
Deep Dive: Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
Deep Dive: Intel Analysis of Speculative Behavior of SWAPGS and Segment Registers
https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-speculative-behavior-swapgs-and-segment-registers
Spoiler (security vulnerability) - Wikipedia
https://en.wikipedia.org/wiki/Spoiler_(security_vulnerability)
More Information on Spoiler
https://software.intel.com/security-software-guidance/insights/more-information-spoiler
CPUの新たな脆弱性 SPOILERの論文を読む - FPGA開発日記
https://msyksphinz.hatenablog.com/entry/2019/03/11/040000
INTEL-SA-00145
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
Lazy FPU Save/Restore (CVE-2018-3665) - Red Hat Customer Portal
https://access.redhat.com/ja/solutions/3489521
NetBSD 8.0がSpectre V2/V4、Meltdown、Lazy FPUの軽減などを提供
https://www.infoq.com/jp/news/2018/07/netbsd-8-released/
まさみさん⋈語りたいさんはTwitterを使っています:
「Linuxは3.7以降ならeagerfpu=onのブートパラメタで回避可能だし、
4.6以降はデフォルトでeagerfpu有効。
lazyfpuは殆どパフォーマンス的に意味がなかったらしい。
https://t.co/6BqBFDPYrt
コミット。 https://t.co/amgTkvEo9d」
/ Twitter https://twitter.com/mhiramat/status/1007528520208211970
Cyberus Technology - Intel LazyFP vulnerability: Exploiting lazy FPU state switching
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html
x86/fpu: Hard-disable lazy FPU mode · torvalds/linux@ca6938a
https://github.com/torvalds/linux/commit/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7#diff-6a01d6e7c8d7d23cfa48026e616275e8
うー@技術書典8Day1う31さんはTwitterを使っています:
「逆アセンブルして覗いてみると、AVXレジスタを用いた
mov命令なんて知らなかったなー、みたいな気持ちになる。」
/ Twitter https://twitter.com/uchan_nos/status/1158192868080513024
とみながたけひろさんはTwitterを使っています:
「@uchan_nos このせいで最近はFPU lazy context switchとかが
全然メリットにならないというかむしろ遅くなったりするんですよねえ」
/ Twitter https://twitter.com/takehiro_t/status/1158335098564956160
CacheOut
https://cacheoutattack.com/
L1D Eviction Sampling
https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
Processors Affected: L1D Eviction Sampling
https://software.intel.com/security-software-guidance/insights/processors-affected-l1d-eviction-sampling
Vector Register Sampling
https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
Processors Affected: Vector Register Sampling
https://software.intel.com/security-software-guidance/insights/processors-affected-vector-register-sampling
LVI: Hijacking Transient Execution with Load Value Injection
https://lviattack.eu/
An Optimized Mitigation Approach for Load Value Injection
https://software.intel.com/security-software-guidance/insights/optimized-mitigation-approach-load-value-injection
Deep Dive: Load Value Injection
https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection
Processors Affected: Load Value Injection
https://software.intel.com/security-software-guidance/insights/processors-affected-load-value-injection