Allow a small number of false positives in `timing_array_test`

google / safeside

Understand and mitigate software-observable side-channels

BSD 3-Clause "New" or "Revised" License

494 stars 54 forks source link

Allow a small number of false positives in `timing_array_test` #121

Closed mmdriley closed 4 years ago

mmdriley commented 4 years ago

We are seeing very occasional false positives in CI. My best explanation is that there is still a prefetcher operating that does not respect page boundaries. Of course, it's also very possible there's a bug I'm missing.

For now, the error rate is still low enough for our channel to be useful. Update timing_array_test to make sure it stays that way.

mmdriley commented 4 years ago

Example on PowerPC: https://travis-ci.org/google/safeside/jobs/656442810#L266

mmdriley commented 4 years ago

and on Windows: https://travis-ci.org/google/safeside/jobs/655609560#L179

mmdriley commented 4 years ago

I tested this on an n2d-standard-2 (AMD Rome) instance in GCE running Windows and saw anywhere between 0-6 false positives per 10,000 attempts.