Faults and exceptions are checked and handled when the instruction is to be committed/retired. Before the commit/retire time of the faulty instruction, the following instructions will proceed as normal. These following instructions will be squashed when the previous faulty instruction is handled.
On Tue, Jan 23, 2024 at 10:41 PM reverent.green--- via gem5-users < gem5-users@gem5.org> wrote: > Hello everyone, > > I have a C PoC code with the crucial part written in inline assembly, > trying to exploit transient executions. > > The Konata pipeline viewer showed, that first my faulty instruction > (triggers pagefault because of failed permission check in tlb.cc) is > executed and moved along the pipeline. During the meantime, subsequent > instructions are put in the pipeline, but every instruction does not > proceed further than the "Dispatch" stage. The transient window should be > long enough. > As a comparison, during the spectre attack, the instructions are > transiently executed and therefore, it is possible to leak the secret via > Flush+Reload. ( > http://www.lowepower.com/jason/visualizing-spectre-with-gem5.html) > Here, the branch misspeculation causes a load of the value in an > instruction, which is later squashed. > > Why is it "executed"/loaded here and not stopped at the dispatch stage? > Are there more security checks inside gem5 which prevent it in this case? > I know, that the spectre example uses se.py and not the full system gem5 > simulation, but spectre also works using full system simulation. > > Thank you very much in advance. An answer here would be really helpful. > > Kind regards > > > _______________________________________________ > gem5-users mailing list -- gem5-users@gem5.org > To unsubscribe send an email to gem5-users-le...@gem5.org >
_______________________________________________ gem5-users mailing list -- gem5-users@gem5.org To unsubscribe send an email to gem5-users-le...@gem5.org
