| From: David Collier-Brown via talk <talk@gtalug.org> | There's also a race condition: the 6130 and DPS8m processors checked the | permissions of the fetch before they fetched to the (then small) cache. [These are Honeywell mainframe computers.] Spectre V2 is about subverting branch target prediction. Something quite different. BUT this subversion only matters because speculation of memory fetches leaves a trace. So what you mention is relevant, indirectly. Checking permissions can be quite expensive: going through multi-level page tables can involve several memory fetches (which you'd like to speculate past). Obvious cure: keep permissions in each cache line. The trouble is that permissions can be bulky, forcing a reduction in the effective size of the cache. AMD may have done more of this than Intel <https://www.amd.com/en/corporate/speculative-execution> GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors. We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required. Intel seems to have added PCID to each cache line. It is too small to encode a process number but you could assign a PCID number to each active process/thread and when you run out, do hard work. It would be kind of analogous to the way we allocate page frames (real memory) to pages of processes (virtual memory). Linux did not use PCID but it seems that Spectre and Meltdown are stimulating interest in it. | Simulating the same thing in the Multics emulator took some extra work but | it was implemented well before the spectre attacks showed up. I assume that we're not talking about a cycle-accurate emulator nor an emulator done in hardware. How would it be extra work in an emulator? An emulator doesn't normally do speculative execution. For normal path execution, of course you must emulate the permissions model of the hardware.