Open zhangkanqi opened 2 weeks ago
jerryz123
commented
2 weeks ago Yes, it is true that the L1 caches experience contention through the arbiter for the outer memory system. It would be interesting to see an attack that exploits this behavior.
ccelio
commented
2 weeks ago There are published attacks using cache coherence probes causing contention in the uncore, so problems like these are challenging to solve without limiting/blocking speculative uncore traffic. :/
zhangkanqi
commented
2 weeks ago Yes, it is true that the L1 caches experience contention through the arbiter for the outer memory system. It would be interesting to see an attack that exploits this behavior.
Thank you for your confirmation!
Btw, could you please provide the code of "the arbiter for the outer memory system"? Actually, I was unsuccessful in locating the root cause of the side channel in Boom. But I want to understand this side channel more exactly.
zhangkanqi
commented
4 days ago I discovered that it was ultimately a contention on the tilelink d Channel in the L2 Cache. This seems to have nothing to do with Boom's design and implementation.
Hi! I found a novel contention-based side channel in Boom, which related to tilelink, described as follows:
In Boom, L1 icache miss or L1 dcache miss will request data from L2 cache through the tilelink bus, making requests to tilelink A channel, and receiving grant data from tilelink D channel.
If L1 icache miss is from a younger instruction, L1 dcache miss is from an older instruction, and L1 icache sends requests earlier than L1 dcache. In accordance with the FIFO principle, tilelink D channel will return the grant data required by the L1 icache before L1 dcache.
This will cause the older instruction corresponding to the L1 dcache miss to be delayed, exposing a difference in time that can be observed compared to if this contention does not occur.