Hacker News new | past | comments | ask | show | jobs | submit login

The fence instruction that Intel recommends (lfence) is way slower than the techniques described here. We measured a 5x slowdown on Web Assembly trying to use it.

Also we have been working on these mitigations since well before Intel made their suggestion.




Have you considered arr[max(i, arr.len)] instead of AND?


Max() is not a CPU instruction. It's an abstraction, a function that could be implemented either using a branch (which defeats the whole purpose) or, on some architectures, with something like cmovXX.

Perhaps they wanted a solution that works on Arm, which I think doesn't have cmovXX. Or maybe Intel does speculation with cmovXX used on array index.


Cmov can speculate as well (it makes sense from a performance standpoint but that isn’t the same as secure ;) )


On some CPUs, cmov is known not to speculate, but in those cases it is apparently super slow.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: