Hi all,
I read the ARM “Spectre BHB: Speculative Target Reuse Attacks” white paper and I wanted to ask for clarification on how CSV2 works.From my understanding, CSV2 adds process identifiers to each entry so that a different context without the same ID cannot use an entry that does not match. So on prediction, the IDs must match for the entry to be used; otherwise, the branch is treated as not taken. However, on update, the ID check does not apply, and a new entry can overwrite an existing one even if the IDs differ.Is this understanding correct? Any additional clarification would be appreciated.Thanks
ANGE said:So on prediction, the IDs must match for the entry to be used; otherwise, the branch is treated as not taken.
It's not using the entry from the other context to make the decision in this context. Where there's no (suitable) entry, a design might always predict not-taken. Or always taken. Or some other scheme. The point is that the other context isn't influencing the decision.
ANGE said:However, on update, the ID check does not apply, and a new entry can overwrite an existing one even if the IDs differ.
This is the same as with other caches. An access from Non-secure state cannot hit on a cache line that contains a Secure physical address - but it could cause it to be evicted to make way for something that Non-secure state needs.